mirror of
https://github.com/torvalds/linux.git
synced 2026-04-18 06:44:00 -04:00
629ec78ef8
The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent resize (resize_platform_label_table, under platform_mutex). This can lead to OOB accesses. This patch adds a seqcount, so that we get a consistent snapshot. Note that mpls_label_ok is also susceptible to this, so the check against RTA_DST in rtm_to_route_config, done outside platform_mutex, is not sufficient. This value gets passed to mpls_label_ok once more in both mpls_route_add and mpls_route_del, so there is no issue, but that additional check must not be removed. Reported-by: Yuan Tan <tanyuan98@outlook.com> Reported-by: Yifan Wu <yifanwucs@gmail.com> Reported-by: Juefei Pu <tomapufckgml@gmail.com> Reported-by: Xin Liu <bird@lzu.edu.cn> Fixes:7720c01f3f("mpls: Add a sysctl to control the size of the mpls label table") Fixes:dde1b38e87("mpls: Convert mpls_dump_routes() to RCU.") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://patch.msgid.link/cd8fca15e3eb7e212b094064cd83652e20fd9d31.1774284088.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
26 lines
465 B
C
26 lines
465 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* mpls in net namespaces
|
|
*/
|
|
|
|
#ifndef __NETNS_MPLS_H__
|
|
#define __NETNS_MPLS_H__
|
|
|
|
#include <linux/types.h>
|
|
|
|
struct mpls_route;
|
|
struct ctl_table_header;
|
|
|
|
struct netns_mpls {
|
|
int ip_ttl_propagate;
|
|
int default_ttl;
|
|
size_t platform_labels;
|
|
struct mpls_route __rcu * __rcu *platform_label;
|
|
struct mutex platform_mutex;
|
|
seqcount_mutex_t platform_label_seq;
|
|
|
|
struct ctl_table_header *ctl;
|
|
};
|
|
|
|
#endif /* __NETNS_MPLS_H__ */
|