linux/net/ipv4
Pavel Emelyanov 4dee959723 [NETFILTER]: ipt_CLUSTERIP: fix race between clusterip_config_find_get and _entry_put
Consider we are putting a clusterip_config entry with the "entries"
count == 1, and on the other CPU there's a clusterip_config_find_get
in progress:

CPU1:							CPU2:
clusterip_config_entry_put:				clusterip_config_find_get:
if (atomic_dec_and_test(&c->entries)) {
	/* true */
							read_lock_bh(&clusterip_lock);
							c = __clusterip_config_find(clusterip);
							/* found - it's still in list */
							...
							atomic_inc(&c->entries);
							read_unlock_bh(&clusterip_lock);

	write_lock_bh(&clusterip_lock);
	list_del(&c->list);
	write_unlock_bh(&clusterip_lock);
	...
	dev_put(c->dev);

Oops! We have an entry returned by the clusterip_config_find_get,
which is a) not in list b) has a stale dev pointer.

The problems will happen when the CPU2 will release the entry - it
will remove it from the list for the 2nd time, thus spoiling it, and
will put a stale dev pointer.

The fix is to make atomic_dec_and_test under the clusterip_lock.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-04-14 00:44:52 -07:00
..
ipvs ipvs: Make wrr "no available servers" error message rate-limited 2008-02-05 20:00:10 -08:00
netfilter [NETFILTER]: ipt_CLUSTERIP: fix race between clusterip_config_find_get and _entry_put 2008-04-14 00:44:52 -07:00
af_inet.c [NET] endianness noise: INADDR_ANY 2008-03-17 22:44:53 -07:00
ah4.c [IPSEC]: Fix bogus usage of u64 on input sequence number 2008-02-12 22:50:35 -08:00
arp.c Revert "[NDISC]: Fix race in generic address resolution" 2008-02-17 18:39:54 -08:00
cipso_ipv4.c NetLabel: introduce a new kernel configuration API for NetLabel 2008-02-05 09:44:20 -08:00
datagram.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
devinet.c [IPV4]: Reset scope when changing address 2008-02-26 18:42:41 -08:00
esp4.c [ESP]: Ensure IV is in linear part of the skb to avoid BUG() due to OOB access 2008-03-27 16:08:03 -07:00
fib_frontend.c [NETNS]: Lookup in FIB semantic hashes taking into account the namespace. 2008-01-31 19:28:41 -08:00
fib_hash.c ipv4/fib_hash.c: fix NULL dereference 2008-02-19 16:28:54 -08:00
fib_lookup.h [IPV4] FIB_HASH: Reduce memory needs and speedup lookups 2008-01-28 15:02:46 -08:00
fib_rules.c [IPV4]: Consolidate fib_select_default. 2008-01-28 15:11:02 -08:00
fib_semantics.c [NETNS]: Lookup in FIB semantic hashes taking into account the namespace. 2008-01-31 19:28:41 -08:00
fib_trie.c [IPV4] fib_trie: fix warning from rcu_assign_poinger 2008-03-22 17:59:58 -07:00
icmp.c [ICMP]: Ensure that ICMP relookup maintains status quo 2008-04-03 12:52:19 -07:00
igmp.c [IGMP]: Optimize kfree_skb in igmp_rcv. 2008-02-09 23:22:26 -08:00
inet_connection_sock.c [SOCK] proto: Add hashinfo member to struct proto 2008-02-03 04:28:52 -08:00
inet_diag.c [NETNS]: Tcp-v6 sockets per-net lookup. 2008-01-31 19:28:20 -08:00
inet_fragment.c [INET]: inet_frag_evictor() must run with BH disabled 2008-03-28 17:30:18 -07:00
inet_hashtables.c [INET]: Unexport inet_listen_wlock 2008-02-13 17:40:25 -08:00
inet_lro.c [LRO] Fix lro_mgr->features checks 2008-01-08 23:30:18 -08:00
inet_timewait_sock.c [NETNS][IPV6] tcp - assign the netns for timewait sockets 2008-04-10 20:53:10 -07:00
inetpeer.c [INET]: Use list_head-s in inetpeer.c 2007-11-12 21:27:28 -08:00
ip_forward.c [NET]: Don't send ICMP_FRAG_NEEDED for GSO packets 2008-03-28 16:23:19 -07:00
ip_fragment.c [IPV4]: Fix null dereference in ip_defrag 2008-03-21 15:01:50 -07:00
ip_gre.c [INET]: Don't create tunnels with '%' in name. 2008-02-26 23:51:04 -08:00
ip_input.c [IPv4] RAW: Compact the API for the kernel 2008-01-28 14:54:28 -08:00
ip_options.c [NETNS]: Add netns parameter to inet_(dev_)add_type. 2008-01-28 15:01:27 -08:00
ip_output.c [NET]: Introducing socket mark socket option. 2008-01-31 19:27:19 -08:00
ip_sockglue.c [IPV4]: Fix byte value boundary check in do_ip_getsockopt(). 2008-04-10 01:29:36 -07:00
ipcomp.c [IPCOMP]: Disable BH on output when using shared tfm 2008-02-28 11:23:17 -08:00
ipconfig.c [NET] endianness noise: INADDR_ANY 2008-03-17 22:44:53 -07:00
ipip.c [INET]: Don't create tunnels with '%' in name. 2008-02-26 23:51:04 -08:00
ipmr.c [NETNS]: Add namespace parameter to ip_route_output_key. 2008-01-28 15:11:07 -08:00
Kconfig [ESP]: Add select on AUTHENC 2008-03-04 14:29:21 -08:00
Makefile [IPV4]: Cleanup the sysctl_net_ipv4.c file 2008-01-28 14:56:27 -08:00
netfilter.c [NETNS]: Add namespace parameter to ip_route_output_key. 2008-01-28 15:11:07 -08:00
proc.c [NETNS][FRAGS]: Make the mem counter per-namespace. 2008-01-28 15:10:36 -08:00
protocol.c
raw.c [RAW]: Wrong content of the /proc/net/raw6. 2008-01-31 19:27:26 -08:00
route.c [IPV4]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:14:25 -08:00
syncookies.c [NETNS]: Add namespace parameter to ip_route_output_key. 2008-01-28 15:11:07 -08:00
sysctl_net_ipv4.c [TCP]: Fix a bug in strategy_allowed_congestion_control 2008-01-31 19:28:23 -08:00
tcp_bic.c [TCP]: BIC web page link is corrected. 2008-02-28 22:14:32 -08:00
tcp_cong.c [TCP]: Uninline tcp_is_cwnd_limited 2008-01-28 15:01:48 -08:00
tcp_cubic.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_diag.c [INET]: Let inet_diag and friends autoload 2007-10-22 02:59:54 -07:00
tcp_highspeed.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_htcp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_hybla.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_illinois.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_input.c [TCP]: Don't allow FRTO to take place while MTU is being probed 2008-04-07 22:33:57 -07:00
tcp_ipv4.c [TCP]: Fix tcp_v4_send_synack() comment 2008-02-17 22:29:19 -08:00
tcp_lp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_minisocks.c [TCP]: Move sack_ok access to obviously named funcs & cleanup 2007-10-10 16:48:00 -07:00
tcp_output.c [TCP]: tcp_simple_retransmit can cause S+L 2008-04-07 22:33:07 -07:00
tcp_probe.c [NET]: Make /proc/net per network namespace 2007-10-10 16:49:06 -07:00
tcp_scalable.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_timer.c [TCP]: Do not purge sk_forward_alloc entirely in tcp_delack_timer(). 2008-01-28 15:01:42 -08:00
tcp_vegas.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_westwood.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_yeah.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp.c [TCP]: Let skbs grow over a page on fast peers 2008-03-22 15:47:05 -07:00
tunnel4.c [INET]: Cleanup the xfrm4_tunnel_(un)register 2007-11-10 21:48:54 -08:00
udp_impl.h [UDP]: Randomize port selection. 2007-10-10 16:48:31 -07:00
udp.c [IP] UDP: Use SEQ_START_TOKEN. 2008-03-31 19:38:15 -07:00
udplite.c [IPV4] UDP,UDPLITE: Sparse: {__udp4_lib,udp,udplite}_err() are of void. 2008-01-28 15:10:24 -08:00
xfrm4_input.c [IPSEC]: Fix transport-mode async resume on intput without netfilter 2008-01-28 15:00:10 -08:00
xfrm4_mode_beet.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_policy.c [NET]: should explicitely initialize atomic_t field in struct dst_ops 2008-01-31 19:27:23 -08:00
xfrm4_state.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_tunnel.c [IPCOMP]: Fix reception of incompressible packets 2008-01-31 19:27:24 -08:00