diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-04-21 05:45:37 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-04-28 16:16:35 -0400 |
| commit | f6d8bd051c391c1c0458a30b2a7abcd939329259 (patch) | |
| tree | 1dc4daecdeb0b42c2c6b59d7d6b41e091c11db5f /net/ipv4/ip_options.c | |
| parent | 0a14842f5a3c0e88a1e59fac5c3025db39721f74 (diff) | |
inet: add RCU protection to inet->opt
We lack proper synchronization to manipulate inet->opt ip_options
Problem is ip_make_skb() calls ip_setup_cork() and
ip_setup_cork() possibly makes a copy of ipc->opt (struct ip_options),
without any protection against another thread manipulating inet->opt.
Another thread can change inet->opt pointer and free old one under us.
Use RCU to protect inet->opt (changed to inet->inet_opt).
Instead of handling atomic refcounts, just copy ip_options when
necessary, to avoid cache line dirtying.
We cant insert an rcu_head in struct ip_options since its included in
skb->cb[], so this patch is large because I had to introduce a new
ip_options_rcu structure.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ip_options.c')
| -rw-r--r-- | net/ipv4/ip_options.c | 38 |
1 files changed, 18 insertions, 20 deletions
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index 2391b24e8251..01fc40965848 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c | |||
| @@ -36,7 +36,7 @@ | |||
| 36 | * saddr is address of outgoing interface. | 36 | * saddr is address of outgoing interface. |
| 37 | */ | 37 | */ |
| 38 | 38 | ||
| 39 | void ip_options_build(struct sk_buff * skb, struct ip_options * opt, | 39 | void ip_options_build(struct sk_buff *skb, struct ip_options *opt, |
| 40 | __be32 daddr, struct rtable *rt, int is_frag) | 40 | __be32 daddr, struct rtable *rt, int is_frag) |
| 41 | { | 41 | { |
| 42 | unsigned char *iph = skb_network_header(skb); | 42 | unsigned char *iph = skb_network_header(skb); |
| @@ -83,9 +83,9 @@ void ip_options_build(struct sk_buff * skb, struct ip_options * opt, | |||
| 83 | * NOTE: dopt cannot point to skb. | 83 | * NOTE: dopt cannot point to skb. |
| 84 | */ | 84 | */ |
| 85 | 85 | ||
| 86 | int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb) | 86 | int ip_options_echo(struct ip_options *dopt, struct sk_buff *skb) |
| 87 | { | 87 | { |
| 88 | struct ip_options *sopt; | 88 | const struct ip_options *sopt; |
| 89 | unsigned char *sptr, *dptr; | 89 | unsigned char *sptr, *dptr; |
| 90 | int soffset, doffset; | 90 | int soffset, doffset; |
| 91 | int optlen; | 91 | int optlen; |
| @@ -95,10 +95,8 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb) | |||
| 95 | 95 | ||
| 96 | sopt = &(IPCB(skb)->opt); | 96 | sopt = &(IPCB(skb)->opt); |
| 97 | 97 | ||
| 98 | if (sopt->optlen == 0) { | 98 | if (sopt->optlen == 0) |
| 99 | dopt->optlen = 0; | ||
| 100 | return 0; | 99 | return 0; |
| 101 | } | ||
| 102 | 100 | ||
| 103 | sptr = skb_network_header(skb); | 101 | sptr = skb_network_header(skb); |
| 104 | dptr = dopt->__data; | 102 | dptr = dopt->__data; |
| @@ -157,7 +155,7 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb) | |||
| 157 | dopt->optlen += optlen; | 155 | dopt->optlen += optlen; |
| 158 | } | 156 | } |
| 159 | if (sopt->srr) { | 157 | if (sopt->srr) { |
| 160 | unsigned char * start = sptr+sopt->srr; | 158 | unsigned char *start = sptr+sopt->srr; |
| 161 | __be32 faddr; | 159 | __be32 faddr; |
| 162 | 160 | ||
| 163 | optlen = start[1]; | 161 | optlen = start[1]; |
| @@ -499,19 +497,19 @@ void ip_options_undo(struct ip_options * opt) | |||
| 499 | } | 497 | } |
| 500 | } | 498 | } |
| 501 | 499 | ||
| 502 | static struct ip_options *ip_options_get_alloc(const int optlen) | 500 | static struct ip_options_rcu *ip_options_get_alloc(const int optlen) |
| 503 | { | 501 | { |
| 504 | return kzalloc(sizeof(struct ip_options) + ((optlen + 3) & ~3), | 502 | return kzalloc(sizeof(struct ip_options_rcu) + ((optlen + 3) & ~3), |
| 505 | GFP_KERNEL); | 503 | GFP_KERNEL); |
| 506 | } | 504 | } |
| 507 | 505 | ||
| 508 | static int ip_options_get_finish(struct net *net, struct ip_options **optp, | 506 | static int ip_options_get_finish(struct net *net, struct ip_options_rcu **optp, |
| 509 | struct ip_options *opt, int optlen) | 507 | struct ip_options_rcu *opt, int optlen) |
| 510 | { | 508 | { |
| 511 | while (optlen & 3) | 509 | while (optlen & 3) |
| 512 | opt->__data[optlen++] = IPOPT_END; | 510 | opt->opt.__data[optlen++] = IPOPT_END; |
| 513 | opt->optlen = optlen; | 511 | opt->opt.optlen = optlen; |
| 514 | if (optlen && ip_options_compile(net, opt, NULL)) { | 512 | if (optlen && ip_options_compile(net, &opt->opt, NULL)) { |
| 515 | kfree(opt); | 513 | kfree(opt); |
| 516 | return -EINVAL; | 514 | return -EINVAL; |
| 517 | } | 515 | } |
| @@ -520,29 +518,29 @@ static int ip_options_get_finish(struct net *net, struct ip_options **optp, | |||
| 520 | return 0; | 518 | return 0; |
| 521 | } | 519 | } |
| 522 | 520 | ||
| 523 | int ip_options_get_from_user(struct net *net, struct ip_options **optp, | 521 | int ip_options_get_from_user(struct net *net, struct ip_options_rcu **optp, |
| 524 | unsigned char __user *data, int optlen) | 522 | unsigned char __user *data, int optlen) |
| 525 | { | 523 | { |
| 526 | struct ip_options *opt = ip_options_get_alloc(optlen); | 524 | struct ip_options_rcu *opt = ip_options_get_alloc(optlen); |
| 527 | 525 | ||
| 528 | if (!opt) | 526 | if (!opt) |
| 529 | return -ENOMEM; | 527 | return -ENOMEM; |
| 530 | if (optlen && copy_from_user(opt->__data, data, optlen)) { | 528 | if (optlen && copy_from_user(opt->opt.__data, data, optlen)) { |
| 531 | kfree(opt); | 529 | kfree(opt); |
| 532 | return -EFAULT; | 530 | return -EFAULT; |
| 533 | } | 531 | } |
| 534 | return ip_options_get_finish(net, optp, opt, optlen); | 532 | return ip_options_get_finish(net, optp, opt, optlen); |
| 535 | } | 533 | } |
| 536 | 534 | ||
| 537 | int ip_options_get(struct net *net, struct ip_options **optp, | 535 | int ip_options_get(struct net *net, struct ip_options_rcu **optp, |
| 538 | unsigned char *data, int optlen) | 536 | unsigned char *data, int optlen) |
| 539 | { | 537 | { |
| 540 | struct ip_options *opt = ip_options_get_alloc(optlen); | 538 | struct ip_options_rcu *opt = ip_options_get_alloc(optlen); |
| 541 | 539 | ||
| 542 | if (!opt) | 540 | if (!opt) |
| 543 | return -ENOMEM; | 541 | return -ENOMEM; |
| 544 | if (optlen) | 542 | if (optlen) |
| 545 | memcpy(opt->__data, data, optlen); | 543 | memcpy(opt->opt.__data, data, optlen); |
| 546 | return ip_options_get_finish(net, optp, opt, optlen); | 544 | return ip_options_get_finish(net, optp, opt, optlen); |
| 547 | } | 545 | } |
| 548 | 546 | ||