summaryrefslogtreecommitdiff
path: root/net/ipv4
diff options
context:
space:
mode:
authorChristoph Paasch <christoph.paasch@uclouvain.be>2014-01-21 16:30:26 +0400
committerDavid S. Miller <davem@davemloft.net>2014-01-23 09:26:16 +0400
commit00ca9c5b2b11d44eaf20a4b647efc999734323ec (patch)
treefbcafcdcc52950691a0430ad377448216fbcfd84 /net/ipv4
parent7705b10463622006dce368a47fa9d4dd7b6489ec (diff)
downloadlinux-00ca9c5b2b11d44eaf20a4b647efc999734323ec.tar.xz
tcp: metrics: Fix rcu-race when deleting multiple entries
In bbf852b96ebdc6d1 I introduced the tmlist, which allows to delete multiple entries from the cache that match a specified destination if no source-IP is specified. However, as the cache is an RCU-list, we should not create this tmlist, as it will change the tcpm_next pointer of the element that will be deleted and so a thread iterating over the cache's entries while holding the RCU-lock might get "redirected" to this tmlist. This patch fixes this, by reverting back to the old behavior prior to bbf852b96ebdc6d1, which means that we simply change the tcpm_next pointer of the previous element (pp) to jump over the one we are deleting. The difference is that we call kfree_rcu() directly on the cache entry, which allows us to delete multiple entries from the list. Fixes: bbf852b96ebdc6d1 (tcp: metrics: Delete all entries matching a certain destination) Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/tcp_metrics.c14
1 files changed, 5 insertions, 9 deletions
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index fa950941de65..9ae48b4a37d1 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -1019,13 +1019,13 @@ static int tcp_metrics_flush_all(struct net *net)
static int tcp_metrics_nl_cmd_del(struct sk_buff *skb, struct genl_info *info)
{
struct tcpm_hash_bucket *hb;
- struct tcp_metrics_block *tm, *tmlist = NULL;
+ struct tcp_metrics_block *tm;
struct tcp_metrics_block __rcu **pp;
struct inetpeer_addr saddr, daddr;
unsigned int hash;
struct net *net = genl_info_net(info);
int ret;
- bool src = true;
+ bool src = true, found = false;
ret = parse_nl_addr(info, &daddr, &hash, 1);
if (ret < 0)
@@ -1044,19 +1044,15 @@ static int tcp_metrics_nl_cmd_del(struct sk_buff *skb, struct genl_info *info)
if (addr_same(&tm->tcpm_daddr, &daddr) &&
(!src || addr_same(&tm->tcpm_saddr, &saddr))) {
*pp = tm->tcpm_next;
- tm->tcpm_next = tmlist;
- tmlist = tm;
+ kfree_rcu(tm, rcu_head);
+ found = true;
} else {
pp = &tm->tcpm_next;
}
}
spin_unlock_bh(&tcp_metrics_lock);
- if (!tmlist)
+ if (!found)
return -ESRCH;
- for (tm = tmlist; tm; tm = tmlist) {
- tmlist = tm->tcpm_next;
- kfree_rcu(tm, rcu_head);
- }
return 0;
}