ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses

[ Upstream commit d4a7e9bb74b5aaf07b89f6531c080b1130bdf019 ]

I realized the last patch calls dev_get_by_index_rcu in a branch not
holding the rcu lock. Add the calls to rcu_read_lock and rcu_read_unlock.

Fixes: ec90ad334986 ("ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 2f11163..d6f2dab 100644 (file)
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -303,17 +303,20 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
                        goto out;
                }
 
+               rcu_read_lock();
                if (sk->sk_bound_dev_if) {
                        dev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if);
                        if (!dev) {
                                err = -ENODEV;
-                               goto out;
+                               goto out_unlock;
                        }
                }
 
                /* Reproduce AF_INET checks to make the bindings consistent */
                v4addr = addr->sin6_addr.s6_addr32[3];
                chk_addr_ret = inet_addr_type_dev_table(net, dev, v4addr);
+               rcu_read_unlock();
+
                if (!net->ipv4.sysctl_ip_nonlocal_bind &&
                    !(inet->freebind || inet->transparent) &&
                    v4addr != htonl(INADDR_ANY) &&