kernel_optimize_test/net/ipv6
YOSHIFUJI Hideaki / 吉藤英明 ecd9883724 ipv6: fix race condition regarding dst->expires and dst->from.
Eric Dumazet wrote:
| Some strange crashes happen in rt6_check_expired(), with access
| to random addresses.
|
| At first glance, it looks like the RTF_EXPIRES and
| stuff added in commit 1716a96101
| (ipv6: fix problem with expired dst cache)
| are racy : same dst could be manipulated at the same time
| on different cpus.
|
| At some point, our stack believes rt->dst.from contains a dst pointer,
| while its really a jiffie value (as rt->dst.expires shares the same area
| of memory)
|
| rt6_update_expires() should be fixed, or am I missing something ?
|
| CC Neil because of https://bugzilla.redhat.com/show_bug.cgi?id=892060

Because we do not have any locks for dst_entry, we cannot change
essential structure in the entry; e.g., we cannot change reference
to other entity.

To fix this issue, split 'from' and 'expires' field in dst_entry
out of union.  Once it is 'from' is assigned in the constructor,
keep the reference until the very last stage of the life time of
the object.

Of course, it is unsafe to change 'from', so make rt6_set_from simple
just for fresh entries.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Reported-by: Neil Horman <nhorman@tuxdriver.com>
CC: Gao Feng <gaofeng@cn.fujitsu.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reported-by: Steinar H. Gunderson <sesse@google.com>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-20 15:11:45 -05:00
..
netfilter Merge branch 'master' of git://1984.lsi.us.es/nf-next 2013-02-18 23:42:09 -05:00
addrconf_core.c
addrconf.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
addrlabel.c
af_inet6.c ipv6: Use FIELD_SIZEOF() in inet6_init(). 2013-01-09 23:38:23 -08:00
ah6.c net: Add skb_unclone() helper function. 2013-02-15 15:10:37 -05:00
anycast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-05 14:12:20 -05:00
esp6.c ah6/esp6: set transport header correctly for IPsec tunnel mode. 2013-01-08 12:41:30 +01:00
exthdrs_core.c
exthdrs_offload.c
exthdrs.c ipv6: Store Router Alert option in IP6CB directly. 2013-01-13 20:17:14 -05:00
fib6_rules.c
icmp.c ipv6: Add an error handler for icmp6 2013-01-18 14:19:42 -05:00
inet6_connection_sock.c ipv6: Fix inet6_csk_bind_conflict so it builds with user namespaces enabled 2013-01-29 15:20:12 -05:00
inet6_hashtables.c soreuseport: TCP/IPv6 implementation 2013-01-23 13:44:01 -05:00
ip6_checksum.c ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
ip6_fib.c
ip6_flowlabel.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-08 18:02:14 -05:00
ip6_input.c ipv6: don't accept multicast traffic with scope 0 2013-02-11 14:00:54 -05:00
ip6_offload.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
ip6_offload.h
ip6_output.c ipv6: don't let node/interface scoped multicast traffic escape on the wire 2013-02-11 14:00:54 -05:00
ip6_tunnel.c ipv6: Introduce ip6_flow_hdr() to fill version, tclass and flowlabel. 2013-01-13 20:17:13 -05:00
ip6mr.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
ipcomp6.c
ipv6_sockglue.c ipv6: rename datagram_send_ctl and datagram_recv_ctl 2013-01-31 13:53:08 -05:00
Kconfig
Makefile ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
mcast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
mip6.c
ndisc.c ndisc: Use compound literals to build redirect message. 2013-01-21 13:33:18 -05:00
netfilter.c
output_core.c
proc.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
protocol.c
raw.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
reassembly.c ipv6: fix a sparse warning 2013-02-18 15:28:00 -05:00
route.c ipv6: fix race condition regarding dst->expires and dst->from. 2013-02-20 15:11:45 -05:00
sit.c ipv6: add anti-spoofing checks for 6to4 and 6rd 2013-01-29 15:22:03 -05:00
syncookies.c tcp: make sysctl_tcp_ecn namespace aware 2013-01-06 21:09:56 -08:00
sysctl_net_ipv6.c
tcp_ipv6.c tcp: send packets with a socket timestamp 2013-02-13 13:22:16 -05:00
tcpv6_offload.c
tunnel6.c
udp_impl.h
udp_offload.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-05 14:12:20 -05:00
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipv6: fix warning in xfrm6_mode_tunnel_input 2013-02-18 12:42:47 -05:00
xfrm6_output.c
xfrm6_policy.c xfrm: release neighbor upon dst destruction 2013-02-18 14:57:29 -05:00
xfrm6_state.c
xfrm6_tunnel.c xfrm: Use ipv6_addr_equal() where appropriate. 2013-01-29 22:58:40 -05:00