From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Eric Dumazet <eric.dumazet@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>, netdev@vger.kernel.org
Subject: [net-next PATCH 1/3] net: fix race bug in fragmentation create code
Date: Thu, 18 Apr 2013 23:37:27 +0200 [thread overview]
Message-ID: <20130418213715.14296.43912.stgit@dragon> (raw)
In-Reply-To: <20130418213637.14296.43143.stgit@dragon>
During creation of a new inet_frag_queue, the lru_list pointer is
updated after releasing the hash bucket lock, which can lead to a
race condition (and panic), if the inet_frag_queue is deleted
(very quickly) before the lru_list is valid.
This race condition is should not be able to occur with current
LRU based evictor. For the planned direct hash based
evictor/clean strategy, this race condition is more likely to
occur.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
---
net/ipv4/inet_fragment.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index e97d66a..beec05b 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -283,9 +283,9 @@ static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf,
atomic_inc(&qp->refcnt);
hlist_add_head(&qp->list, &hb->chain);
+ inet_frag_lru_add(nf, qp);
spin_unlock(&hb->chain_lock);
read_unlock(&f->lock);
- inet_frag_lru_add(nf, qp);
return qp;
}
next prev parent reply other threads:[~2013-04-18 21:34 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-18 21:37 [net-next PATCH 0/3] net: frag code fixes and RFC for LRU removal Jesper Dangaard Brouer
2013-04-18 21:37 ` Jesper Dangaard Brouer [this message]
2013-04-19 1:00 ` [net-next PATCH 1/3] net: fix race bug in fragmentation create code Hannes Frederic Sowa
2013-04-19 8:09 ` Jesper Dangaard Brouer
2013-04-18 21:38 ` [net-next PATCH 2/3] net: fix enforcing of fragment queue hash list depth Jesper Dangaard Brouer
2013-04-19 0:52 ` Hannes Frederic Sowa
2013-04-19 10:11 ` Eric Dumazet
2013-04-19 10:41 ` David Laight
2013-04-19 11:14 ` Eric Dumazet
2013-04-19 12:19 ` Jesper Dangaard Brouer
2013-04-19 12:45 ` Hannes Frederic Sowa
2013-04-19 14:29 ` Jesper Dangaard Brouer
2013-04-19 15:06 ` Hannes Frederic Sowa
2013-04-19 19:44 ` Hannes Frederic Sowa
2013-04-22 9:10 ` Jesper Dangaard Brouer
2013-04-22 14:54 ` Hannes Frederic Sowa
2013-04-22 16:30 ` Jesper Dangaard Brouer
2013-04-22 17:49 ` Jesper Dangaard Brouer
2013-04-23 0:20 ` Hannes Frederic Sowa
2013-04-23 14:19 ` Jesper Dangaard Brouer
2013-04-23 20:54 ` Hannes Frederic Sowa
2013-04-19 14:42 ` Eric Dumazet
2013-04-19 14:45 ` Eric Dumazet
2013-04-19 14:45 ` Eric Dumazet
2013-04-19 14:49 ` Eric Dumazet
2013-04-24 13:35 ` Jesper Dangaard Brouer
2013-04-24 15:05 ` Eric Dumazet
2013-04-18 21:39 ` [RFC net-next PATCH 3/3] net: remove fragmentation LRU list system Jesper Dangaard Brouer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130418213715.14296.43912.stgit@dragon \
--to=brouer@redhat.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).