linux/net/ipv6
YOSHIFUJI Hideaki / 吉藤英明 ecd9883724 ipv6: fix race condition regarding dst->expires and dst->from.
Eric Dumazet wrote:
| Some strange crashes happen in rt6_check_expired(), with access
| to random addresses.
|
| At first glance, it looks like the RTF_EXPIRES and
| stuff added in commit 1716a96101
| (ipv6: fix problem with expired dst cache)
| are racy : same dst could be manipulated at the same time
| on different cpus.
|
| At some point, our stack believes rt->dst.from contains a dst pointer,
| while its really a jiffie value (as rt->dst.expires shares the same area
| of memory)
|
| rt6_update_expires() should be fixed, or am I missing something ?
|
| CC Neil because of https://bugzilla.redhat.com/show_bug.cgi?id=892060

Because we do not have any locks for dst_entry, we cannot change
essential structure in the entry; e.g., we cannot change reference
to other entity.

To fix this issue, split 'from' and 'expires' field in dst_entry
out of union.  Once it is 'from' is assigned in the constructor,
keep the reference until the very last stage of the life time of
the object.

Of course, it is unsafe to change 'from', so make rt6_set_from simple
just for fresh entries.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Reported-by: Neil Horman <nhorman@tuxdriver.com>
CC: Gao Feng <gaofeng@cn.fujitsu.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reported-by: Steinar H. Gunderson <sesse@google.com>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-20 15:11:45 -05:00
..
netfilter Merge branch 'master' of git://1984.lsi.us.es/nf-next 2013-02-18 23:42:09 -05:00
addrconf_core.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
addrconf.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
addrlabel.c net: Enable a userns root rtnl calls that are safe for unprivilged users 2012-11-18 20:33:36 -05:00
af_inet6.c ipv6: Use FIELD_SIZEOF() in inet6_init(). 2013-01-09 23:38:23 -08:00
ah6.c net: Add skb_unclone() helper function. 2013-02-15 15:10:37 -05:00
anycast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-05 14:12:20 -05:00
esp6.c ah6/esp6: set transport header correctly for IPsec tunnel mode. 2013-01-08 12:41:30 +01:00
exthdrs_core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch 2012-11-30 12:01:30 -05:00
exthdrs_offload.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
exthdrs.c ipv6: Store Router Alert option in IP6CB directly. 2013-01-13 20:17:14 -05:00
fib6_rules.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
icmp.c ipv6: Add an error handler for icmp6 2013-01-18 14:19:42 -05:00
inet6_connection_sock.c ipv6: Fix inet6_csk_bind_conflict so it builds with user namespaces enabled 2013-01-29 15:20:12 -05:00
inet6_hashtables.c soreuseport: TCP/IPv6 implementation 2013-01-23 13:44:01 -05:00
ip6_checksum.c ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
ip6_fib.c ipv6: add support of equal cost multipath (ECMP) 2012-10-23 02:38:32 -04:00
ip6_flowlabel.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-08 18:02:14 -05:00
ip6_input.c ipv6: don't accept multicast traffic with scope 0 2013-02-11 14:00:54 -05:00
ip6_offload.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ipv6: don't let node/interface scoped multicast traffic escape on the wire 2013-02-11 14:00:54 -05:00
ip6_tunnel.c ipv6: Introduce ip6_flow_hdr() to fill version, tclass and flowlabel. 2013-01-13 20:17:13 -05:00
ip6mr.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
ipcomp6.c ipv6: Add redirect support to all protocol icmp error handlers. 2012-07-12 00:25:15 -07:00
ipv6_sockglue.c ipv6: rename datagram_send_ctl and datagram_recv_ctl 2013-01-31 13:53:08 -05:00
Kconfig gre: Support GRE over IPv6 2012-08-14 14:28:32 -07:00
Makefile ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
mcast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
mip6.c ipv6: mip6: fix mip6_mh_filter() 2012-09-25 16:04:44 -04:00
ndisc.c ndisc: Use compound literals to build redirect message. 2013-01-21 13:33:18 -05:00
netfilter.c netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change 2012-08-30 03:00:15 +02:00
output_core.c ipv6: Update ipv6 static library with newly needed functions 2012-11-15 17:39:23 -05:00
proc.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
protocol.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
raw.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
reassembly.c ipv6: fix a sparse warning 2013-02-18 15:28:00 -05:00
route.c ipv6: fix race condition regarding dst->expires and dst->from. 2013-02-20 15:11:45 -05:00
sit.c ipv6: add anti-spoofing checks for 6to4 and 6rd 2013-01-29 15:22:03 -05:00
syncookies.c tcp: make sysctl_tcp_ecn namespace aware 2013-01-06 21:09:56 -08:00
sysctl_net_ipv6.c net: Enable some sysctls that are safe for the userns root 2012-11-18 20:33:00 -05:00
tcp_ipv6.c tcp: send packets with a socket timestamp 2013-02-13 13:22:16 -05:00
tcpv6_offload.c net: Remove code duplication between offload structures 2012-11-15 17:39:51 -05:00
tunnel6.c net: ipv6: Standardize prefixes for message logging 2012-05-16 01:01:03 -04:00
udp_impl.h
udp_offload.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-05 14:12:20 -05:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipv6: fix warning in xfrm6_mode_tunnel_input 2013-02-18 12:42:47 -05:00
xfrm6_output.c xfrm6: remove unneeded NULL check in __xfrm6_output() 2012-02-01 02:52:48 -05:00
xfrm6_policy.c xfrm: release neighbor upon dst destruction 2013-02-18 14:57:29 -05:00
xfrm6_state.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
xfrm6_tunnel.c xfrm: Use ipv6_addr_equal() where appropriate. 2013-01-29 22:58:40 -05:00