1
linux/net/core
YOSHIFUJI Hideaki / 吉藤英明 ecd9883724 ipv6: fix race condition regarding dst->expires and dst->from.
Eric Dumazet wrote:
| Some strange crashes happen in rt6_check_expired(), with access
| to random addresses.
|
| At first glance, it looks like the RTF_EXPIRES and
| stuff added in commit 1716a96101
| (ipv6: fix problem with expired dst cache)
| are racy : same dst could be manipulated at the same time
| on different cpus.
|
| At some point, our stack believes rt->dst.from contains a dst pointer,
| while its really a jiffie value (as rt->dst.expires shares the same area
| of memory)
|
| rt6_update_expires() should be fixed, or am I missing something ?
|
| CC Neil because of https://bugzilla.redhat.com/show_bug.cgi?id=892060

Because we do not have any locks for dst_entry, we cannot change
essential structure in the entry; e.g., we cannot change reference
to other entity.

To fix this issue, split 'from' and 'expires' field in dst_entry
out of union.  Once it is 'from' is assigned in the constructor,
keep the reference until the very last stage of the life time of
the object.

Of course, it is unsafe to change 'from', so make rt6_set_from simple
just for fresh entries.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Reported-by: Neil Horman <nhorman@tuxdriver.com>
CC: Gao Feng <gaofeng@cn.fujitsu.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reported-by: Steinar H. Gunderson <sesse@google.com>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-20 15:11:45 -05:00
..
datagram.c net: fix infinite loop in __skb_recv_datagram() 2013-02-12 16:07:19 -05:00
dev_addr_lists.c net: move procfs code to net/core/net-procfs.c 2013-02-19 00:51:10 -05:00
dev_ioctl.c net: move ioctl functions into a separated file 2013-02-18 12:27:32 -05:00
dev.c net: fix a build failure when !CONFIG_PROC_FS 2013-02-19 13:18:13 -05:00
drop_monitor.c drop_monitor: dont sleep in atomic context 2012-06-04 11:42:01 -04:00
dst.c ipv6: fix race condition regarding dst->expires and dst->from. 2013-02-20 15:11:45 -05:00
ethtool.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
fib_rules.c net: Enable a userns root rtnl calls that are safe for unprivilged users 2012-11-18 20:33:36 -05:00
filter.c sk-filter: Add ability to lock a socket filter program 2013-01-17 03:21:25 -05:00
flow_dissector.c net: move rx and tx hash functions to net/core/flow_dissector.c 2013-01-21 14:26:17 -05:00
flow.c net: Use IS_ERR_OR_NULL(). 2013-01-22 14:28:28 -05:00
gen_estimator.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
gen_stats.c gen_stats: Stop using NLA_PUT*(). 2012-04-02 04:33:44 -04:00
iovec.c
link_watch.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
Makefile net: move procfs code to net/core/net-procfs.c 2013-02-19 00:51:10 -05:00
neighbour.c net neigh: Optimize neighbor entry size calculation. 2013-01-28 23:17:51 -05:00
net_namespace.c userns: Require CAP_SYS_ADMIN for most uses of setns. 2012-12-14 16:12:03 -08:00
net-procfs.c net: fix a build failure when !CONFIG_PROC_FS 2013-02-19 13:18:13 -05:00
net-sysfs.c net: Add support for XPS without sysfs being defined 2013-01-10 22:47:04 -08:00
net-sysfs.h
net-traces.c
netevent.c
netpoll.c netpoll: fix smatch warnings in netpoll core code 2013-02-13 11:56:46 -05:00
netprio_cgroup.c net: core: Remove unnecessary alloc/OOM messages 2013-02-06 14:58:52 -05:00
pktgen.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
request_sock.c tcp: fix a panic on UP machines in reqsk_fastopen_remove 2013-01-14 18:10:05 -05:00
rtnetlink.c bridge: Add vlan support to static neighbors 2013-02-13 19:42:16 -05:00
scm.c net: net_cls: fd passed in SCM_RIGHTS datagram not set correctly 2013-01-22 14:17:38 -05:00
secure_seq.c netfilter: ipv6: add IPv6 NAT support 2012-08-30 03:00:17 +02:00
skbuff.c net: fix a wrong assignment in skb_split() 2013-02-20 15:11:44 -05:00
sock_diag.c netlink: hide struct module parameter in netlink_kernel_create 2012-09-08 18:46:30 -04:00
sock.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
stream.c
sysctl_net_core.c net: avoid to hang up on sending due to sysctl configuration overflow. 2013-01-28 23:15:27 -05:00
timestamping.c
user_dma.c
utils.c net: add doc for in4_pton() 2012-10-12 13:56:52 -04:00