On 3/9/21 7:20 PM, Wei Wang wrote:
> Syzbot reported the suspecious RCU usage in nexthop_fib6_nh() when
> called from ipv6_route_seq_show(). The reason is ipv6_route_seq_start()
> calls rcu_read_lock_bh(), while nexthop_fib6_nh() calls
> rcu_dereference_rtnl().
> The fix proposed is to add a variant of nexthop_fib6_nh() to use
> rcu_dereference_bh_rtnl() for ipv6_route_seq_show().
>
...
>
> Fixes: f88d8ea67fbdb ("ipv6: Plumb support for nexthop object in a fib6_info")
> Reported-by: syzbot <syzkal...@googlegroups.com>
> Signed-off-by: Wei Wang <wei...@google.com>
> Cc: David Ahern <dsah...@kernel.org>
> Cc: Ido Schimmel <ido...@idosch.org>
> Cc: Petr Machata <pe...@nvidia.com>
> Cc: Eric Dumazet <eduma...@google.com>
> ---
> include/net/nexthop.h | 24 ++++++++++++++++++++++++
> net/ipv6/ip6_fib.c | 2 +-
> 2 files changed, 25 insertions(+), 1 deletion(-)
>
Reviewed-by: David Ahern <dsah...@kernel.org>
Thanks, Wei.
