Commit c0ebe1cd authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by Jakub Kicinski
Browse files

ipv4: fib: Hold rtnl_net_lock() in ip_rt_ioctl(). 



ioctl(SIOCADDRT/SIOCDELRT) calls ip_rt_ioctl() to add/remove a route in
the netns of the specified socket.

Let's hold rtnl_net_lock() there.

Note that rtentry_to_fib_config() can be called without rtnl_net_lock()
if we convert rtentry.dev handling to RCU later.

Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250228042328.96624-11-kuniyu@amazon.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent af5cd2a8

net/ipv4/fib_frontend.c

+4 −6
Original line number Diff line number Diff line
@@ -553,18 +553,16 @@ static int rtentry_to_fib_config(struct net *net, int cmd, struct rtentry *rt, 
			const struct in_ifaddr *ifa;

			struct in_device *in_dev;



			in_dev = __in_dev_get_rtnl(dev);

			in_dev = __in_dev_get_rtnl_net(dev);

			if (!in_dev)

				return -ENODEV;



			*colon = ':';



			rcu_read_lock();

			in_dev_for_each_ifa_rcu(ifa, in_dev) {

			in_dev_for_each_ifa_rtnl_net(net, ifa, in_dev) {

				if (strcmp(ifa->ifa_label, devname) == 0)

					break;

			}

			rcu_read_unlock();



			if (!ifa)

				return -ENODEV;
@@ -635,7 +633,7 @@ int ip_rt_ioctl(struct net *net, unsigned int cmd, struct rtentry *rt) 
		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))

			return -EPERM;



		rtnl_lock();

		rtnl_net_lock(net);

		err = rtentry_to_fib_config(net, cmd, rt, &cfg);

		if (err == 0) {

			struct fib_table *tb;
@@ -659,7 +657,7 @@ int ip_rt_ioctl(struct net *net, unsigned int cmd, struct rtentry *rt) 
			/* allocated by rtentry_to_fib_config() */

			kfree(cfg.fc_mx);

		}

		rtnl_unlock();

		rtnl_net_unlock(net);

		return err;

	}

	return -EINVAL;