mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 02:30:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

neighbor: gc_list changes should be protected by table lock

Browse source 
Adding and removing neighbor entries to / from the gc_list need to be
done while holding the table lock; a couple of places were missed in the
original patch.

Move the list_add_tail in neigh_alloc to ___neigh_create where the lock
is already obtained. Since neighbor entries should rarely be moved
to/from PERMANENT state, add lock/unlock around the gc_list changes in
neigh_change_state rather than extending the lock hold around all
neighbor updates.

Fixes: 58956317c8 ("neighbor: Improve garbage collection")
Reported-by: Andrei Vagin <avagin@gmail.com>
Reported-by: syzbot+6cc2fd1d3bdd2e007363@syzkaller.appspotmail.com
Reported-by: syzbot+35e87b87c00f386b041f@syzkaller.appspotmail.com
Reported-by: syzbot+b354d1fb59091ea73c37@syzkaller.appspotmail.com
Reported-by: syzbot+3ddead5619658537909b@syzkaller.appspotmail.com
Reported-by: syzbot+424d47d5c456ce8b2bbe@syzkaller.appspotmail.com
Reported-by: syzbot+e4d42eb35f6a27b0a628@syzkaller.appspotmail.com
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern 2018-12-10 13:54:07 -08:00 committed by David S. Miller
parent 93698321f7
commit 8cc196d6ef
1 changed files with 10 additions and 5 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

15
net/core/neighbour.c
View file

@ -138,11 +138,17 @@ static void neigh_change_state(struct neighbour *n, u8 new)
* add to the gc list if new state is not permanent * add to the gc list if new state is not permanent
*/ */
if (new_is_perm && on_gc_list) { if (new_is_perm && on_gc_list) {
write_lock_bh(&n->tbl->lock);
list_del_init(&n->gc_list); list_del_init(&n->gc_list);
write_unlock_bh(&n->tbl->lock);
atomic_dec(&n->tbl->gc_entries); atomic_dec(&n->tbl->gc_entries);
} else if (!new_is_perm && !on_gc_list) { } else if (!new_is_perm && !on_gc_list) {
/* add entries to the tail; cleaning removes from the front */ /* add entries to the tail; cleaning removes from the front */
write_lock_bh(&n->tbl->lock);
list_add_tail(&n->gc_list, &n->tbl->gc_list); list_add_tail(&n->gc_list, &n->tbl->gc_list);
write_unlock_bh(&n->tbl->lock);
atomic_inc(&n->tbl->gc_entries); atomic_inc(&n->tbl->gc_entries);
} }
} }
@ -390,11 +396,7 @@ static struct neighbour *neigh_alloc(struct neigh_table *tbl,
n->tbl = tbl; n->tbl = tbl;
refcount_set(&n->refcnt, 1); refcount_set(&n->refcnt, 1);
n->dead = 1; n->dead = 1;
INIT_LIST_HEAD(&n->gc_list);
if (!permanent)
list_add_tail(&n->gc_list, &n->tbl->gc_list);
else
INIT_LIST_HEAD(&n->gc_list);
atomic_inc(&tbl->entries); atomic_inc(&tbl->entries);
out: out:
@ -616,6 +618,9 @@ static struct neighbour *___neigh_create(struct neigh_table *tbl,
} }
n->dead = 0; n->dead = 0;
if (!permanent)
list_add_tail(&n->gc_list, &n->tbl->gc_list);
if (want_ref) if (want_ref)
neigh_hold(n); neigh_hold(n);
rcu_assign_pointer(n->next, rcu_assign_pointer(n->next,