diff options
| author | Eric Dumazet <edumazet@google.com> | 2023-12-07 20:13:22 +0000 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2023-12-08 17:16:35 -0800 |
| commit | a3c205d0560f63ff02516b6d9fc3348dc34251c8 (patch) | |
| tree | beb9833fe01f7d41e843d75cd9abdef8e9215be3 /include/net | |
| parent | bf17b36ccdd5b7b9dd482d7753bcb9aff2d21d39 (diff) | |
ipv6: do not check fib6_has_expires() in fib6_info_release()
My prior patch went a bit too far, because apparently fib6_has_expires()
could be true while f6i->gc_link is not hashed yet.
fib6_set_expires_locked() can indeed set RTF_EXPIRES
while f6i->fib6_table is NULL.
Original syzbot reports were about corruptions caused
by dangling f6i->gc_link.
Fixes: 5a08d0065a91 ("ipv6: add debug checks in fib6_info_release()")
Reported-by: syzbot+c15aa445274af8674f41@syzkaller.appspotmail.com
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Kui-Feng Lee <thinker.li@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20231207201322.549000-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/ip6_fib.h | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h index e1e7a894863a..95ed495c3a40 100644 --- a/include/net/ip6_fib.h +++ b/include/net/ip6_fib.h @@ -329,7 +329,6 @@ static inline bool fib6_info_hold_safe(struct fib6_info *f6i) static inline void fib6_info_release(struct fib6_info *f6i) { if (f6i && refcount_dec_and_test(&f6i->fib6_ref)) { - DEBUG_NET_WARN_ON_ONCE(fib6_has_expires(f6i)); DEBUG_NET_WARN_ON_ONCE(!hlist_unhashed(&f6i->gc_link)); call_rcu(&f6i->rcu, fib6_info_destroy_rcu); } |