diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-04-21 05:45:37 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-04-28 16:16:35 -0400 |
| commit | f6d8bd051c391c1c0458a30b2a7abcd939329259 (patch) | |
| tree | 1dc4daecdeb0b42c2c6b59d7d6b41e091c11db5f /include/net | |
| parent | 0a14842f5a3c0e88a1e59fac5c3025db39721f74 (diff) | |
inet: add RCU protection to inet->opt
We lack proper synchronization to manipulate inet->opt ip_options
Problem is ip_make_skb() calls ip_setup_cork() and
ip_setup_cork() possibly makes a copy of ipc->opt (struct ip_options),
without any protection against another thread manipulating inet->opt.
Another thread can change inet->opt pointer and free old one under us.
Use RCU to protect inet->opt (changed to inet->inet_opt).
Instead of handling atomic refcounts, just copy ip_options when
necessary, to avoid cache line dirtying.
We cant insert an rcu_head in struct ip_options since its included in
skb->cb[], so this patch is large because I had to introduce a new
ip_options_rcu structure.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/inet_sock.h | 14 | ||||
| -rw-r--r-- | include/net/ip.h | 11 |
2 files changed, 17 insertions, 8 deletions
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h index 7a37369f8ea3..ed2ba6eca724 100644 --- a/include/net/inet_sock.h +++ b/include/net/inet_sock.h | |||
| @@ -57,7 +57,15 @@ struct ip_options { | |||
| 57 | unsigned char __data[0]; | 57 | unsigned char __data[0]; |
| 58 | }; | 58 | }; |
| 59 | 59 | ||
| 60 | #define optlength(opt) (sizeof(struct ip_options) + opt->optlen) | 60 | struct ip_options_rcu { |
| 61 | struct rcu_head rcu; | ||
| 62 | struct ip_options opt; | ||
| 63 | }; | ||
| 64 | |||
| 65 | struct ip_options_data { | ||
| 66 | struct ip_options_rcu opt; | ||
| 67 | char data[40]; | ||
| 68 | }; | ||
| 61 | 69 | ||
| 62 | struct inet_request_sock { | 70 | struct inet_request_sock { |
| 63 | struct request_sock req; | 71 | struct request_sock req; |
| @@ -78,7 +86,7 @@ struct inet_request_sock { | |||
| 78 | acked : 1, | 86 | acked : 1, |
| 79 | no_srccheck: 1; | 87 | no_srccheck: 1; |
| 80 | kmemcheck_bitfield_end(flags); | 88 | kmemcheck_bitfield_end(flags); |
| 81 | struct ip_options *opt; | 89 | struct ip_options_rcu *opt; |
| 82 | }; | 90 | }; |
| 83 | 91 | ||
| 84 | static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) | 92 | static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) |
| @@ -140,7 +148,7 @@ struct inet_sock { | |||
| 140 | __be16 inet_sport; | 148 | __be16 inet_sport; |
| 141 | __u16 inet_id; | 149 | __u16 inet_id; |
| 142 | 150 | ||
| 143 | struct ip_options *opt; | 151 | struct ip_options_rcu __rcu *inet_opt; |
| 144 | __u8 tos; | 152 | __u8 tos; |
| 145 | __u8 min_ttl; | 153 | __u8 min_ttl; |
| 146 | __u8 mc_ttl; | 154 | __u8 mc_ttl; |
diff --git a/include/net/ip.h b/include/net/ip.h index 7c416583b710..3a59bf99aa3a 100644 --- a/include/net/ip.h +++ b/include/net/ip.h | |||
| @@ -52,7 +52,7 @@ static inline unsigned int ip_hdrlen(const struct sk_buff *skb) | |||
| 52 | struct ipcm_cookie { | 52 | struct ipcm_cookie { |
| 53 | __be32 addr; | 53 | __be32 addr; |
| 54 | int oif; | 54 | int oif; |
| 55 | struct ip_options *opt; | 55 | struct ip_options_rcu *opt; |
| 56 | __u8 tx_flags; | 56 | __u8 tx_flags; |
| 57 | }; | 57 | }; |
| 58 | 58 | ||
| @@ -92,7 +92,7 @@ extern int igmp_mc_proc_init(void); | |||
| 92 | 92 | ||
| 93 | extern int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk, | 93 | extern int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk, |
| 94 | __be32 saddr, __be32 daddr, | 94 | __be32 saddr, __be32 daddr, |
| 95 | struct ip_options *opt); | 95 | struct ip_options_rcu *opt); |
| 96 | extern int ip_rcv(struct sk_buff *skb, struct net_device *dev, | 96 | extern int ip_rcv(struct sk_buff *skb, struct net_device *dev, |
| 97 | struct packet_type *pt, struct net_device *orig_dev); | 97 | struct packet_type *pt, struct net_device *orig_dev); |
| 98 | extern int ip_local_deliver(struct sk_buff *skb); | 98 | extern int ip_local_deliver(struct sk_buff *skb); |
| @@ -416,14 +416,15 @@ extern int ip_forward(struct sk_buff *skb); | |||
| 416 | * Functions provided by ip_options.c | 416 | * Functions provided by ip_options.c |
| 417 | */ | 417 | */ |
| 418 | 418 | ||
| 419 | extern void ip_options_build(struct sk_buff *skb, struct ip_options *opt, __be32 daddr, struct rtable *rt, int is_frag); | 419 | extern void ip_options_build(struct sk_buff *skb, struct ip_options *opt, |
| 420 | __be32 daddr, struct rtable *rt, int is_frag); | ||
| 420 | extern int ip_options_echo(struct ip_options *dopt, struct sk_buff *skb); | 421 | extern int ip_options_echo(struct ip_options *dopt, struct sk_buff *skb); |
| 421 | extern void ip_options_fragment(struct sk_buff *skb); | 422 | extern void ip_options_fragment(struct sk_buff *skb); |
| 422 | extern int ip_options_compile(struct net *net, | 423 | extern int ip_options_compile(struct net *net, |
| 423 | struct ip_options *opt, struct sk_buff *skb); | 424 | struct ip_options *opt, struct sk_buff *skb); |
| 424 | extern int ip_options_get(struct net *net, struct ip_options **optp, | 425 | extern int ip_options_get(struct net *net, struct ip_options_rcu **optp, |
| 425 | unsigned char *data, int optlen); | 426 | unsigned char *data, int optlen); |
| 426 | extern int ip_options_get_from_user(struct net *net, struct ip_options **optp, | 427 | extern int ip_options_get_from_user(struct net *net, struct ip_options_rcu **optp, |
| 427 | unsigned char __user *data, int optlen); | 428 | unsigned char __user *data, int optlen); |
| 428 | extern void ip_options_undo(struct ip_options * opt); | 429 | extern void ip_options_undo(struct ip_options * opt); |
| 429 | extern void ip_forward_options(struct sk_buff *skb); | 430 | extern void ip_forward_options(struct sk_buff *skb); |