Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
GfA
/
linux_kernel
5
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Merge branch 'ipv6-couple-of-fixes-for-rcu-change-to-from'

David Ahern says:

====================
net/ipv6: couple of fixes for rcu change to from

So many details... I am thankful for all the robots running the
permutations and tools.

Two bug fixes from the rcu change to rt->from:
1. missing rcu lock in ip6_negative_advice
2. rcu dereferences in 2 sites
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller 7 жил өмнө
parent
40cde8249a 8a14e46f14
commit
f7c3b12cec
1 өөрчлөгдсөн 12 нэмэгдсэн , 5 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 12 5
      net/ipv6/route.c

+ 12 - 5
net/ipv6/route.c
Файл харах 

@@ -1541,11 +1541,13 @@ static struct rt6_info *rt6_find_cached_rt(struct fib6_info *rt,
 
 static int rt6_remove_exception_rt(struct rt6_info *rt)
 
 {
 
 	struct rt6_exception_bucket *bucket;
 
-	struct fib6_info *from = rt->from;
 
 	struct in6_addr *src_key = NULL;
 
 	struct rt6_exception *rt6_ex;
 
+	struct fib6_info *from;
 
 	int err;
 
 
+	from = rcu_dereference_protected(rt->from,
 
+					 lockdep_is_held(&rt6_exception_lock));
 
 	if (!from ||
 
 	    !(rt->rt6i_flags & RTF_CACHE))
 
 		return -EINVAL;
 
@@ -2201,10 +2203,12 @@ static struct dst_entry *ip6_negative_advice(struct dst_entry *dst)
 
 
 	if (rt) {
 
 		if (rt->rt6i_flags & RTF_CACHE) {
 
+			rcu_read_lock();
 
 			if (rt6_check_expired(rt)) {
 
 				rt6_remove_exception_rt(rt);
 
 				dst = NULL;
 
 			}
 
+			rcu_read_unlock();
 
 		} else {
 
 			dst_release(dst);
 
 			dst = NULL;
 
@@ -2221,6 +2225,7 @@ static void ip6_link_failure(struct sk_buff *skb)
 
 
 	rt = (struct rt6_info *) skb_dst(skb);
 
 	if (rt) {
 
+		rcu_read_lock();
 
 		if (rt->rt6i_flags & RTF_CACHE) {
 
 			if (dst_hold_safe(&rt->dst))
 
 				rt6_remove_exception_rt(rt);
 
@@ -2228,15 +2233,14 @@ static void ip6_link_failure(struct sk_buff *skb)
 
 			struct fib6_info *from;
 
 			struct fib6_node *fn;
 
 
-			rcu_read_lock();
 
 			from = rcu_dereference(rt->from);
 
 			if (from) {
 
 				fn = rcu_dereference(from->fib6_node);
 
 				if (fn && (rt->rt6i_flags & RTF_DEFAULT))
 
 					fn->fn_sernum = -1;
 
 			}
 
-			rcu_read_unlock();
 
 		}
 
+		rcu_read_unlock();
 
 	}
 
 }
 
 
@@ -3338,8 +3342,10 @@ static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_bu
 
 
 	rcu_read_lock();
 
 	from = rcu_dereference(rt->from);
 
-	nrt = ip6_rt_cache_alloc(from, &msg->dest, NULL);
 
+	fib6_info_hold(from);
 
 	rcu_read_unlock();
 
+
 
+	nrt = ip6_rt_cache_alloc(from, &msg->dest, NULL);
 
 	if (!nrt)
 
 		goto out;
 
 
@@ -3353,7 +3359,7 @@ static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_bu
 
 	 * a cached route because rt6_insert_exception() will
 
 	 * takes care of it
 
 	 */
 
-	if (rt6_insert_exception(nrt, rt->from)) {
 
+	if (rt6_insert_exception(nrt, from)) {
 
 		dst_release_immediate(&nrt->dst);
 
 		goto out;
 
 	}
 
@@ -3365,6 +3371,7 @@ static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_bu
 
 	call_netevent_notifiers(NETEVENT_REDIRECT, &netevent);
 
 
 out:
 
+	fib6_info_release(from);
 
 	neigh_release(neigh);
 
 }