From: Hangbin Liu liuhangbin@gmail.com
stable inclusion from stable-v4.19.316 commit 10610575a3ac2a702bf5c57aa931beaf847949c7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA6SHW CVE: CVE-2024-38612
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit 160e9d2752181fcf18c662e74022d77d3164cd45 ]
The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called.
This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.
Fixes: 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support") Reported-by: Guillaume Nault gnault@redhat.com Signed-off-by: Hangbin Liu liuhangbin@gmail.com Reviewed-by: Sabrina Dubroca sd@queasysnail.net Reviewed-by: David Ahern dsahern@kernel.org Link: https://lore.kernel.org/r/20240509131812.1662197-4-liuhangbin@gmail.com Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org --- net/ipv6/seg6.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c index 4bd601c96434..001566dcc8ce 100644 --- a/net/ipv6/seg6.c +++ b/net/ipv6/seg6.c @@ -484,6 +484,8 @@ int __init seg6_init(void) #endif #ifdef CONFIG_IPV6_SEG6_LWTUNNEL out_unregister_genl: +#endif +#if IS_ENABLED(CONFIG_IPV6_SEG6_LWTUNNEL) || IS_ENABLED(CONFIG_IPV6_SEG6_HMAC) genl_unregister_family(&seg6_genl_family); #endif out_unregister_pernet: