linux-stable/net/sctp
Xin Long 5cb2cd68dd sctp: sctp_epaddr_lookup_transport should be protected by rcu_read_lock
Since commit 7fda702f93 ("sctp: use new rhlist interface on sctp transport
rhashtable"), sctp has changed to use rhlist_lookup to look up transport, but
rhlist_lookup doesn't call rcu_read_lock inside, unlike rhashtable_lookup_fast.

It is called in sctp_epaddr_lookup_transport and sctp_addrs_lookup_transport.
sctp_addrs_lookup_transport is always in the protection of rcu_read_lock(),
as __sctp_lookup_association is called in rx path or sctp_lookup_association
which are in the protection of rcu_read_lock() already.

But sctp_epaddr_lookup_transport is called by sctp_endpoint_lookup_assoc, it
doesn't call rcu_read_lock, which may cause "suspicious rcu_dereference_check
usage' in __rhashtable_lookup.

This patch is to fix it by adding rcu_read_lock in sctp_endpoint_lookup_assoc
before calling sctp_epaddr_lookup_transport.

Fixes: 7fda702f93 ("sctp: use new rhlist interface on sctp transport rhashtable")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-12-17 11:43:23 -05:00
..
associola.c sctp: use new rhlist interface on sctp transport rhashtable 2016-11-16 23:22:17 -05:00
auth.c sctp: use IS_ENABLED() instead of checking for built-in or module 2016-09-10 21:19:11 -07:00
bind_addr.c sctp: fix copying more bytes than expected in sctp_add_bind_addr 2016-03-08 15:04:08 -05:00
chunk.c sctp: remove the old ttl expires policy 2016-10-13 09:44:14 -04:00
debug.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
endpointola.c sctp: sctp_epaddr_lookup_transport should be protected by rcu_read_lock 2016-12-17 11:43:23 -05:00
input.c sctp: use new rhlist interface on sctp transport rhashtable 2016-11-16 23:22:17 -05:00
inqueue.c sctp: rename WORD_TRUNC/ROUND macros 2016-09-22 03:13:26 -04:00
ipv6.c sctp: hold transport instead of assoc when lookup assoc in rx path 2016-10-31 16:20:33 -04:00
Kconfig sctp: add the sctp_diag.c file 2016-04-15 17:29:36 -04:00
Makefile sctp: Add GSO support 2016-06-03 19:37:21 -04:00
objcnt.c sctp: fix checkpatch errors with (foo*)|foo * bar|foo* bar 2013-12-26 13:47:47 -05:00
offload.c sctp: fix GSO for IPv6 2016-07-16 22:02:09 -07:00
output.c sctp: clean up sctp_packet_transmit 2016-11-02 15:03:13 -04:00
outqueue.c sctp: reuse sent_count to avoid retransmitted chunks for RTT measurements 2016-10-13 09:44:13 -04:00
primitive.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
probe.c net: sctp: Convert log timestamps to be y2038 safe 2016-03-01 17:18:44 -05:00
proc.c net: Suppress the "Comparison to NULL could be written" warnings 2016-09-30 01:50:45 -04:00
protocol.c sctp: use inet_recvmsg to support sctp RFS well 2016-07-25 10:56:28 -07:00
sctp_diag.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-02 22:20:41 -04:00
sm_make_chunk.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-02 22:20:41 -04:00
sm_sideeffect.c sctp: make sctp_outq_flush/tail/uncork return void 2016-09-18 22:02:33 -04:00
sm_statefuns.c sctp: validate chunk len before actually using it 2016-10-29 12:00:10 -04:00
sm_statetable.c sctp: fix checkpatch errors with indent 2013-12-26 13:47:48 -05:00
socket.c sctp: use new rhlist interface on sctp transport rhashtable 2016-11-16 23:22:17 -05:00
ssnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
sysctl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-11 23:55:43 -05:00
transport.c sctp: rename WORD_TRUNC/ROUND macros 2016-09-22 03:13:26 -04:00
tsnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ulpevent.c sctp: rename WORD_TRUNC/ROUND macros 2016-09-22 03:13:26 -04:00
ulpqueue.c sctp: Remove some redundant code 2016-09-19 01:34:01 -04:00