linux/net/core
Pavel Emelyanov 9cd4002942 [NEIGH]: Fix race between neigh_parms_release and neightbl_fill_parms
The neightbl_fill_parms() is called under the write-locked tbl->lock
and accesses the parms->dev. The negh_parm_release() calls the
dev_put(parms->dev) without this lock. This creates a tiny race window
on which the parms contains potentially stale dev pointer.

To fix this race it's enough to move the dev_put() upper under the
tbl->lock, but note, that the parms are held by neighbors and thus can
live after the neigh_parms_release() is called, so we still can have a
parm with bad dev pointer.

I didn't find where the neigh->parms->dev is accessed, but still think
that putting the dev is to be done in a place, where the parms are
really freed. Am I right with that?

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-10 03:48:38 -08:00
..
datagram.c
dev_mcast.c [NET]: Move unneeded data to initdata section. 2007-11-13 03:23:50 -08:00
dev.c [NET]: Stop polling when napi_disable() is pending. 2008-01-08 23:30:13 -08:00
dst.c [NET]: Removing duplicit #includes 2007-11-07 04:11:44 -08:00
ethtool.c
fib_rules.c [INET]: Small possible memory leak in FIB rules 2007-11-10 22:12:03 -08:00
filter.c [NET]: Fix bug in sk_filter race cures. 2007-10-18 21:48:39 -07:00
flow.c [NET]: Use BUILD_BUG_ON in net/core/flowi.c 2007-10-23 21:27:57 -07:00
gen_estimator.c remove asm/bitops.h includes 2007-10-19 11:53:41 -07:00
gen_stats.c
iovec.c
kmap_skb.h
link_watch.c
Makefile
neighbour.c [NEIGH]: Fix race between neigh_parms_release and neightbl_fill_parms 2008-01-10 03:48:38 -08:00
net_namespace.c [NET]: Cleanup pernet operation without CONFIG_NET_NS 2007-11-13 03:23:21 -08:00
net-sysfs.c [NET]: Remove in-code externs for some functions from net/core/dev.c 2007-10-23 21:27:56 -07:00
net-sysfs.h [NET]: Remove in-code externs for some functions from net/core/dev.c 2007-10-23 21:27:56 -07:00
netevent.c
netpoll.c [NET]: Fix race between poll_napi() and net_rx_action() 2007-10-29 22:37:28 -07:00
pktgen.c [PKTGEN]: Fix double unlock of xfrm_state->lock 2007-11-19 22:51:24 -08:00
request_sock.c [INET]: Fix potential kfree on vmalloc-ed area of request_sock_queue 2007-11-15 02:57:06 -08:00
rtnetlink.c [NETNS]: Fix get_net_ns_by_pid 2007-10-26 22:56:12 -07:00
scm.c [NET]: Fix function put_cmsg() which may cause usr application memory overflow 2007-12-20 14:36:44 -08:00
skbuff.c [NET]: Clone the sk_buff 'iif' field in __skb_clone() 2008-01-08 23:30:17 -08:00
sock.c [NET]: Unexport sysctl_{r,w}mem_max. 2007-11-12 21:24:14 -08:00
stream.c
sysctl_net_core.c [NET]: Don't declare extern variables in net/core/sysctl_net_core.c 2007-10-23 21:27:56 -07:00
user_dma.c
utils.c