diff options
author | Pavel Emelyanov <xemul@openvz.org> | 2008-03-24 17:48:59 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-03-24 17:48:59 -0400 |
commit | fa86d322d89995fef1bfb5cc768b89d8c22ea0d9 (patch) | |
tree | e657b8adc9ccd2e13b2e2276fab4733a273ded09 /include | |
parent | 8f3ea33a5078a09eba12bfe57424507809367756 (diff) |
[NEIGH]: Fix race between pneigh deletion and ipv6's ndisc_recv_ns (v3).
Proxy neighbors do not have any reference counting, so any caller
of pneigh_lookup (unless it's a netlink triggered add/del routine)
should _not_ perform any actions on the found proxy entry.
There's one exception from this rule - the ipv6's ndisc_recv_ns()
uses found entry to check the flags for NTF_ROUTER.
This creates a race between the ndisc and pneigh_delete - after
the pneigh is returned to the caller, the nd_tbl.lock is dropped
and the deleting procedure may proceed.
One of the fixes would be to add a reference counting, but this
problem exists for ndisc only. Besides such a patch would be too
big for -rc4.
So I propose to introduce a __pneigh_lookup() which is supposed
to be called with the lock held and use it in ndisc code to check
the flags on alive pneigh entry.
Changes from v2:
As David noticed, Exported the __pneigh_lookup() to ipv6 module.
The checkpatch generates a warning on it, since the EXPORT_SYMBOL
does not follow the symbol itself, but in this file all the
exports come at the end, so I decided no to break this harmony.
Changes from v1:
Fixed comments from YOSHIFUJI - indentation of prototype in header
and the pndisc_check_router() name - and a compilation fix, pointed
by Daniel - the is_routed was (falsely) considered as uninitialized
by gcc.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/neighbour.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/net/neighbour.h b/include/net/neighbour.h index ebbfb509822e..64a5f0120b52 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h | |||
@@ -218,6 +218,10 @@ extern unsigned long neigh_rand_reach_time(unsigned long base); | |||
218 | extern void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, | 218 | extern void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, |
219 | struct sk_buff *skb); | 219 | struct sk_buff *skb); |
220 | extern struct pneigh_entry *pneigh_lookup(struct neigh_table *tbl, struct net *net, const void *key, struct net_device *dev, int creat); | 220 | extern struct pneigh_entry *pneigh_lookup(struct neigh_table *tbl, struct net *net, const void *key, struct net_device *dev, int creat); |
221 | extern struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl, | ||
222 | struct net *net, | ||
223 | const void *key, | ||
224 | struct net_device *dev); | ||
221 | extern int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *key, struct net_device *dev); | 225 | extern int pneigh_delete(struct neigh_table *tbl, struct net *net, const void *key, struct net_device *dev); |
222 | 226 | ||
223 | extern void neigh_app_ns(struct neighbour *n); | 227 | extern void neigh_app_ns(struct neighbour *n); |