On 12/6/17, 12:50 PM, "David Miller" <da...@davemloft.net> wrote:
From: "Nikita V. Shirokov" <tehn...@fb.com>
Date: Wed, 6 Dec 2017 10:19:33 -0800
> commit 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels")
> introduced new exit point in ipxip6_rcv. however rcu_read_unlock is
> missing there. this diff is fixing this
>
> Signed-off-by: Nikita V. Shirokov <tehn...@fb.com>
...
> @@ -903,8 +903,10 @@ static int ipxip6_rcv(struct sk_buff *skb, u8
ipproto,
> goto drop;
> if (t->parms.collect_md) {
> tun_dst = ipv6_tun_rx_dst(skb, 0, 0, 0);
> - if (!tun_dst)
> + if (!tun_dst) {
> + rcu_read_unlock();
> return 0;
> + }
> }
> ret = __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate,
> log_ecn_error);
Shouldn't it branch to 'drop' otherwise we leak the skb?
Fair point, will rework.
--
Nikita
