android_kernel_xiaomi_sm8350/net
David S. Miller 69cc64d8d9 [NDISC]: Fix race in generic address resolution
Frank Blaschka provided the bug report and the initial suggested fix
for this bug.  He also validated this version of this fix.

The problem is that the access to neigh->arp_queue is inconsistent, we
grab references when dropping the lock lock to call
neigh->ops->solicit() but this does not prevent other threads of
control from trying to send out that packet at the same time causing
corruptions because both code paths believe they have exclusive access
to the skb.

The best option seems to be to hold the write lock on neigh->lock
during the ->solicit() call.  I looked at all of the ndisc_ops
implementations and this seems workable.  The only case that needs
special care is the IPV4 ARP implementation of arp_solicit().  It
wants to take neigh->lock as a reader to protect the header entry in
neigh->ha during the emission of the soliciation.  We can simply
remove the read lock calls to take care of that since holding the lock
as a writer at the caller providers a superset of the protection
afforded by the existing read locking.

The rest of the ->solicit() implementations don't care whether the
neigh is locked or not.

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 17:54:17 -08:00
..
9p 9p: transport API reorganization 2008-02-06 19:25:03 -06:00
802 [TR] net/802/tr.c: sysctl_tr_rif_timeout static 2008-01-31 19:28:31 -08:00
8021q [VLAN]: set_rx_mode support for unicast address list 2008-01-31 19:28:24 -08:00
appletalk
atm
ax25 [AX25] ax25_ds_timer: use mod_timer instead of add_timer 2008-02-12 17:53:34 -08:00
bluetooth bluetooth rfcomm tty: destroy before tty_close() 2008-02-05 03:12:06 -08:00
bridge [NETFILTER]: ebtables: mark matches, targets and watchers __read_mostly 2008-01-31 19:27:34 -08:00
can [CAN]: Minor clean-ups 2008-02-07 18:05:04 -08:00
core [NDISC]: Fix race in generic address resolution 2008-02-12 17:54:17 -08:00
dccp [SOCK] proto: Add hashinfo member to struct proto 2008-02-03 04:28:52 -08:00
decnet [DECNET] ROUTE: remove unecessary alignment 2008-02-07 23:29:57 -08:00
econet
ethernet
ieee80211
ipv4 [NDISC]: Fix race in generic address resolution 2008-02-12 17:54:17 -08:00
ipv6 [IPV6]: Replace using the magic constant "1024" with IP6_RT_PRIO_USER for fc_metric. 2008-02-09 23:43:11 -08:00
ipx
irda
iucv [AF_IUCV]: defensive programming of iucv_callback_txdone 2008-02-07 18:07:44 -08:00
key [KEY]: Convert net/pfkey to use seq files. 2008-02-09 23:20:06 -08:00
lapb
llc
mac80211 mac80211: Is not EXPERIMENTAL anymore 2008-02-05 14:35:47 -05:00
netfilter [NETFILTER]: xt_iprange: add missing #include 2008-02-07 17:57:11 -08:00
netlabel NetLabel: introduce a new kernel configuration API for NetLabel 2008-02-05 09:44:20 -08:00
netlink [PATCH] switch audit_get_loginuid() to task_struct * 2008-02-01 14:04:59 -05:00
netrom
packet
rfkill typo fix in net/rfkill/rfkill.c 2008-02-03 17:55:45 +02:00
rose
rxrpc Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
sched [PKT_SCHED] ematch: Fix build warning. 2008-02-10 03:48:15 -08:00
sctp [SCTP]: Convert sctp_dbg_objcnt to seq files. 2008-02-09 23:24:58 -08:00
sunrpc SUNPRC: Fix printk format warning 2008-02-10 18:11:22 -05:00
tipc [TIPC]: declare proto_ops structures as 'const'. 2008-02-07 18:18:01 -08:00
unix
wanrouter
wireless
x25 [AX25]: Beautify x25_init() version printk. 2008-01-31 19:27:06 -08:00
xfrm [IPSEC]: Add support for aes-ctr. 2008-02-07 23:11:56 -08:00
compat.c
Kconfig namespaces: mark NET_NS with "depends on NAMESPACES" 2008-02-08 09:22:23 -08:00
Makefile
nonet.c
socket.c
sysctl_net.c
TUNABLE