ipv6: Fix neigh lookup using NULL device.
authorDavid S. Miller <davem@davemloft.net>
Thu, 29 Dec 2011 23:51:57 +0000 (18:51 -0500)
committerDavid S. Miller <davem@davemloft.net>
Thu, 29 Dec 2011 23:51:57 +0000 (18:51 -0500)
In some of the rt6_bind_neighbour() call sites, it hasn't hooked
up the rt->dst.dev pointer yet, so we'd deref a NULL pointer when
obtaining dev->ifindex for the neighbour hash function computation.

Just pass the netdevice explicitly in to fix this problem.

Reported-by: Bjarke Istrup Pedersen <gurligebis@gentoo.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/route.c

index 30de9e74a8134cb500ef00c524152bf39bb28fbc..4a62c47599b4d8e5cdda3e86577749e48701a5c0 100644 (file)
@@ -129,11 +129,14 @@ static struct neighbour *ip6_neigh_lookup(const struct dst_entry *dst, const voi
        return neigh_create(&nd_tbl, daddr, dst->dev);
 }
 
-static int rt6_bind_neighbour(struct rt6_info *rt)
+static int rt6_bind_neighbour(struct rt6_info *rt, struct net_device *dev)
 {
-       struct neighbour *n = ip6_neigh_lookup(&rt->dst, &rt->rt6i_gateway);
-       if (IS_ERR(n))
-               return PTR_ERR(n);
+       struct neighbour *n = __ipv6_neigh_lookup(&nd_tbl, dev, &rt->rt6i_gateway);
+       if (!n) {
+               n = neigh_create(&nd_tbl, &rt->rt6i_gateway, dev);
+               if (IS_ERR(n))
+                       return PTR_ERR(n);
+       }
        dst_set_neighbour(&rt->dst, n);
 
        return 0;
@@ -746,7 +749,7 @@ static struct rt6_info *rt6_alloc_cow(const struct rt6_info *ort,
 #endif
 
        retry:
-               if (rt6_bind_neighbour(rt)) {
+               if (rt6_bind_neighbour(rt, rt->dst.dev)) {
                        struct net *net = dev_net(rt->dst.dev);
                        int saved_rt_min_interval =
                                net->ipv6.sysctl.ip6_rt_gc_min_interval;
@@ -1397,7 +1400,7 @@ int ip6_route_add(struct fib6_config *cfg)
                rt->rt6i_prefsrc.plen = 0;
 
        if (cfg->fc_flags & (RTF_GATEWAY | RTF_NONEXTHOP)) {
-               err = rt6_bind_neighbour(rt);
+               err = rt6_bind_neighbour(rt, dev);
                if (err)
                        goto out;
        }
@@ -2084,7 +2087,7 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
                rt->rt6i_flags |= RTF_ANYCAST;
        else
                rt->rt6i_flags |= RTF_LOCAL;
-       err = rt6_bind_neighbour(rt);
+       err = rt6_bind_neighbour(rt, rt->dst.dev);
        if (err) {
                dst_free(&rt->dst);
                return ERR_PTR(err);