[PATCH 4.9 03/59] sctp: sctp_transport_lookup_process should rcu_read_unlock when transport is null

From: Greg Kroah-Hartman
Date: Fri Jan 13 2017 - 07:15:31 EST


4.9-stable review patch. If anyone has any objections, please let me know.

------------------

From: Xin Long <lucien.xin@xxxxxxxxx>


[ Upstream commit 08abb79542c9e8c367d1d8e44fe1026868d3f0a7 ]

Prior to this patch, sctp_transport_lookup_process didn't rcu_read_unlock
when it failed to find a transport by sctp_addrs_lookup_transport.

This patch is to fix it by moving up rcu_read_unlock right before checking
transport and also to remove the out path.

Fixes: 1cceda784980 ("sctp: fix the issue sctp_diag uses lock_sock in rcu_read_lock")
Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/sctp/socket.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4479,9 +4479,10 @@ int sctp_transport_lookup_process(int (*

rcu_read_lock();
transport = sctp_addrs_lookup_transport(net, laddr, paddr);
- if (!transport || !sctp_transport_hold(transport))
+ if (!transport || !sctp_transport_hold(transport)) {
+ rcu_read_unlock();
goto out;
-
+ }
rcu_read_unlock();
err = cb(transport, p);
sctp_transport_put(transport);