Commit a543b4a9 authored by Eric Dumazet's avatar Eric Dumazet Committed by Zhengchao Shao
Browse files

net: fix possible store tearing in neigh_periodic_work() 

mainline inclusion
from mainline-v6.6-rc5
commit 25563b58
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I95AWK
CVE: CVE-2023-52522

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=25563b581ba3a1f263a00e8c9a97f5e7363be6fd



--------------------------------

While looking at a related syzbot report involving neigh_periodic_work(),
I found that I forgot to add an annotation when deleting an
RCU protected item from a list.

Readers use rcu_deference(*np), we need to use either
rcu_assign_pointer() or WRITE_ONCE() on writer side
to prevent store tearing.

I use rcu_assign_pointer() to have lockdep support,
this was the choice made in neigh_flush_dev().

Fixes: 767e97e1 ("neigh: RCU conversion of struct neighbour")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>

Conflicts:
	net/core/neighbour.c

Signed-off-by: default avatarZhengchao Shao <shaozhengchao@huawei.com>
parent 1acb6ad9
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment