@@ -540,11 +540,13 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
return -ESRCH;
case IPV6_FL_A_RENEW:
+ spin_lock_bh(&ip6_fl_lock);
rcu_read_lock_bh();
for_each_sk_fl_rcu(np, sfl) {
if (sfl->fl->label == freq.flr_label) {
err = fl6_renew(sfl->fl, freq.flr_linger, freq.flr_expires);
rcu_read_unlock_bh();
+ spin_unlock_bh(&ip6_fl_lock);
return err;
}
}
@@ -555,10 +557,12 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
fl = fl_lookup(net, freq.flr_label);
if (fl) {
err = fl6_renew(fl, freq.flr_linger, freq.flr_expires);
+ spin_unlock_bh(&ip6_fl_lock);
fl_release(fl);
return err;
}
}
+ spin_unlock_bh(&ip6_fl_lock);
return -ESRCH;
case IPV6_FL_A_GET:
Take ip6_fl_lock before to read and update a label. It prevents race condition if GC is running. Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Florent Fourcot <florent.fourcot@enst-bretagne.fr> --- net/ipv6/ip6_flowlabel.c | 4 ++++ 1 file changed, 4 insertions(+)