linux/net/ipv6
Jiri Benc 8a226b2cfa ipv6: prevent race between address creation and removal
There's a race in IPv6 automatic addess assignment. The address is created
with zero lifetime when it's added to various address lists. Before it gets
assigned the correct lifetime, there's a window where a new address may be
configured. This causes the semi-initiated address to be deleted in
addrconf_verify.

This was discovered as a reference leak caused by concurrent run of
__ipv6_ifa_notify for both RTM_NEWADDR and RTM_DELADDR with the same
address.

Fix this by setting the lifetime before the address is added to
inet6_addr_lst.

A few notes:

1. In addrconf_prefix_rcv, by setting update_lft to zero, the
   if (update_lft) { ... } condition is no longer executed for newly
   created addresses. This is okay, as the ifp fields are set in
   ipv6_add_addr now and ipv6_ifa_notify is called (and has been called)
   through addrconf_dad_start.

2. The removal of the whole block under ifp->lock in inet6_addr_add is okay,
   too, as tstamp is initialized to jiffies in ipv6_add_addr.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 14:16:20 -07:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-07-03 14:55:13 -07:00
Kconfig
Makefile
addrconf.c ipv6: prevent race between address creation and removal 2013-08-01 14:16:20 -07:00
addrconf_core.c
addrlabel.c
af_inet6.c
ah6.c
anycast.c
datagram.c
esp6.c
exthdrs.c
exthdrs_core.c
exthdrs_offload.c
fib6_rules.c
icmp.c
inet6_connection_sock.c
inet6_hashtables.c
ip6_checksum.c
ip6_fib.c ipv6: update ip6_rt_last_gc every time GC is run 2013-08-01 14:16:20 -07:00
ip6_flowlabel.c
ip6_gre.c
ip6_icmp.c
ip6_input.c
ip6_offload.c
ip6_offload.h
ip6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-07-03 14:55:13 -07:00
ip6_tunnel.c
ip6mr.c ipv6: take rtnl_lock and mark mrt6 table as freed on namespace cleanup 2013-07-24 17:02:13 -07:00
ipcomp6.c
ipv6_sockglue.c
mcast.c ipv6,mcast: always hold idev->lock before mca_lock 2013-07-01 23:39:21 -07:00
mip6.c
ndisc.c ipv6: prevent fib6_run_gc() contention 2013-08-01 14:16:20 -07:00
netfilter.c
output_core.c
ping.c net: ipv6: fix wrong ping_v6_sendmsg return value 2013-07-03 17:42:05 -07:00
proc.c
protocol.c
raw.c
reassembly.c
route.c ipv6: update ip6_rt_last_gc every time GC is run 2013-08-01 14:16:20 -07:00
sit.c sit: fix tunnel update via netlink 2013-07-04 14:55:47 -07:00
syncookies.c
sysctl_net_ipv6.c
tcp_ipv6.c net: rename ll methods to busy-poll 2013-07-10 17:08:27 -07:00
tcpv6_offload.c
tunnel6.c
udp.c net: rename ll methods to busy-poll 2013-07-10 17:08:27 -07:00
udp_impl.h
udp_offload.c
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c
xfrm6_state.c
xfrm6_tunnel.c