From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Mar 2019 22:51:49 +0100
> On Thu, Mar 28, 2019 at 09:55:25PM +0100, Greg KH wrote:
>> On Thu, Mar 28, 2019 at 12:24:07PM -0700, David Miller wrote:
>> >
>> > Please queue up the following networking bug fixes for v4.19 and v5.0
>> > -stable, respectively.
>>
>> Now queued up, thanks.
>
> Hm, looks like the tun patch needs a call to rcu_read_unlock() in the
> error path. Should I drop that patch for now until a fix hits Linus's
> tree, or just leave it as-is for now and take the fix later?
Hmmm, I thought I included the:
>From 9180bb4f046064dfa4541488102703b402bb04e1 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@xxxxxxxxxx>
Date: Sat, 16 Mar 2019 13:09:53 -0700
Subject: [PATCH] tun: add a missing rcu_read_unlock() in error path
[ Upstream commit 9180bb4f046064dfa4541488102703b402bb04e1 ]
In my latest patch I missed one rcu_read_unlock(), in case
device is down.
Fixes: 4477138fa0ae ("tun: properly test for IFF_UP")
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
---
drivers/net/tun.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 0d343359f647..e9ca1c088d0b 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1960,6 +1960,7 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
rcu_read_lock();
if (unlikely(!(tun->dev->flags & IFF_UP))) {
err = -EIO;
+ rcu_read_unlock();
goto drop;
}
--
2.20.1
