Commit 6c0d8833 authored Feb 23, 2022 by Niels Dossche Committed by Jakub Kicinski Feb 24, 2022

ipv6: prevent a possible race condition with lifetimes

valid_lft, prefered_lft and tstamp are always accessed under the lock
"lock" in other places. Reading these without taking the lock may result
in inconsistencies regarding the calculation of the valid and preferred
variables since decisions are taken on these fields for those variables.

Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Niels Dossche <niels.dossche@ugent.be>
Link: https://lore.kernel.org/r/20220223131954.6570-1-niels.dossche@ugent.be

Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 7ff57e98

net/ipv6/addrconf.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -4998,6 +4998,7 @@ static int inet6_fill_ifaddr(struct sk_buff skb, struct inet6_ifaddr ifa,
		nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
		goto error;

		spin_lock_bh(&ifa->lock);
		if (!((ifa->flags&IFA_F_PERMANENT) &&
		(ifa->prefered_lft == INFINITY_LIFE_TIME))) {
		preferred = ifa->prefered_lft;
		@@ -5019,6 +5020,7 @@ static int inet6_fill_ifaddr(struct sk_buff skb, struct inet6_ifaddr ifa,
		preferred = INFINITY_LIFE_TIME;
		valid = INFINITY_LIFE_TIME;
		}
		spin_unlock_bh(&ifa->lock);

		if (!ipv6_addr_any(&ifa->peer_addr)) {
		if (nla_put_in6_addr(skb, IFA_LOCAL, &ifa->addr) < 0 \|\|