net/ipv6: fix LOCKDEP issue in rt6_remove_exception_rt()

rt6_remove_exception_rt() is called under rcu_read_lock() only.

We lock rt6_exception_lock a bit later, so we do not hold
rt6_exception_lock yet.

Fixes: 8a14e46f1402 ("net/ipv6: Fix missing rcu dereferences on from")
Signed-off-by: Eric Dumazet <[email protected]>
Reported-by: syzbot <[email protected]>
Cc: David Ahern <[email protected]>
Acked-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index ac3e51631c659b5c5c8a93c17011cb7f3ad266e2..432c4bcc1111085671f32987e4673e47898085a3 100644 (file)
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1546,8 +1546,7 @@ static int rt6_remove_exception_rt(struct rt6_info *rt)
        struct fib6_info *from;
        int err;
 
-       from = rcu_dereference_protected(rt->from,
-                                        lockdep_is_held(&rt6_exception_lock));
+       from = rcu_dereference(rt->from);
        if (!from ||
            !(rt->rt6i_flags & RTF_CACHE))
                return -EINVAL;