629ec78ef8
The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent resize (resize_platform_label_table, under platform_mutex). This can lead to OOB accesses. This patch adds a seqcount, so that we get a consistent snapshot. Note that mpls_label_ok is also susceptible to this, so the check against RTA_DST in rtm_to_route_config, done outside platform_mutex, is not sufficient. This value gets passed to mpls_label_ok once more in both mpls_route_add and mpls_route_del, so there is no issue, but that additional check must not be removed. Reported-by: Yuan Tan <tanyuan98@outlook.com> Reported-by: Yifan Wu <yifanwucs@gmail.com> Reported-by: Juefei Pu <tomapufckgml@gmail.com> Reported-by: Xin Liu <bird@lzu.edu.cn> Fixes: |
||
|---|---|---|
| .. | ||
| bpf.h | ||
| can.h | ||
| conntrack.h | ||
| core.h | ||
| flow_table.h | ||
| generic.h | ||
| hash.h | ||
| ieee802154_6lowpan.h | ||
| ipv4.h | ||
| ipv6.h | ||
| mctp.h | ||
| mib.h | ||
| mpls.h | ||
| netfilter.h | ||
| nexthop.h | ||
| nftables.h | ||
| packet.h | ||
| sctp.h | ||
| smc.h | ||
| unix.h | ||
| vsock.h | ||
| xdp.h | ||
| xfrm.h | ||