linux/net
Pavel Emelyanov 9cd4002942 [NEIGH]: Fix race between neigh_parms_release and neightbl_fill_parms
The neightbl_fill_parms() is called under the write-locked tbl->lock
and accesses the parms->dev. The negh_parm_release() calls the
dev_put(parms->dev) without this lock. This creates a tiny race window
on which the parms contains potentially stale dev pointer.

To fix this race it's enough to move the dev_put() upper under the
tbl->lock, but note, that the parms are held by neighbors and thus can
live after the neigh_parms_release() is called, so we still can have a
parm with bad dev pointer.

I didn't find where the neigh->parms->dev is accessed, but still think
that putting the dev is to be done in a place, where the parms are
really freed. Am I right with that?

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-10 03:48:38 -08:00
..
9p 9p: add missing end-of-options record for trans_fd 2007-11-06 08:02:53 -06:00
802
8021q [VLAN]: Fix potential race in vlan_cleanup_module vs vlan_ioctl_handler. 2007-12-11 02:45:32 -08:00
appletalk [NET]: Forget the zero_it argument of sk_alloc() 2007-11-01 00:39:31 -07:00
atm [ATM]: Check IP header validity in mpc_send_packet 2008-01-09 03:51:59 -08:00
ax25 [NET]: Correct two mistaken skb_reset_mac_header() conversions. 2007-12-20 00:25:54 -08:00
bluetooth [BLUETOOTH]: put_device before device_del fix 2007-12-29 19:17:47 -08:00
bridge [BRIDGE]: Assign random address. 2007-12-16 13:35:51 -08:00
core [NEIGH]: Fix race between neigh_parms_release and neightbl_fill_parms 2008-01-10 03:48:38 -08:00
dccp [DCCP]: Spelling fixes 2007-12-20 13:59:39 -08:00
decnet [DECNET]: dn_nl_deladdr() almost always returns no error 2007-11-30 23:43:31 +11:00
econet [NET]: Forget the zero_it argument of sk_alloc() 2007-11-01 00:39:31 -07:00
ethernet [NET]: Validate device addr prior to interface-up 2007-10-23 21:27:50 -07:00
ieee80211 Merge branch 'fixes-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2007-11-30 23:29:27 +11:00
ipv4 [LRO] Fix lro_mgr->features checks 2008-01-08 23:30:18 -08:00
ipv6 [IPV6]: IPV6_MULTICAST_IF setting is ignored on link-local connect() 2008-01-08 23:52:21 -08:00
ipx [IPX]: Use existing sock refcnt debugging infrastructure 2007-11-10 21:39:26 -08:00
irda [IRDA]: irda_create() nuke user triggable printk 2008-01-08 23:30:05 -08:00
iucv [S390] Explicitly code allocpercpu calls in iucv 2007-11-20 11:13:47 +01:00
key [IPSEC]: Avoid undefined shift operation when testing algorithm ID 2007-12-19 23:44:29 -08:00
lapb
llc [NET]: Forget the zero_it argument of sk_alloc() 2007-11-01 00:39:31 -07:00
mac80211 mac80211: return an error when SIWRATE doesn't match any rate 2008-01-08 23:30:10 -08:00
netfilter [NETFILTER]: nf_conntrack_ipv4: fix module parameter compatibility 2007-12-26 19:36:33 -08:00
netlabel [NETLABEL]: Spelling fixes 2007-12-20 14:03:11 -08:00
netlink [NET]: Move unneeded data to initdata section. 2007-11-13 03:23:50 -08:00
netrom [NET]: Correct two mistaken skb_reset_mac_header() conversions. 2007-12-20 00:25:54 -08:00
packet [AF_PACKET]: Fix minor code duplication 2007-11-12 21:05:20 -08:00
rfkill rfkill: fix double-mutex-locking 2007-11-29 18:08:48 -05:00
rose [ROSE]: Trivial compilation CONFIG_INET=n case 2007-12-05 05:37:28 -08:00
rxrpc [AF_RXRPC]: Add a missing goto 2007-12-07 04:31:47 -08:00
sched [PKT_SCHED]: Spelling fixes 2007-12-20 14:02:40 -08:00
sctp [SCTP]: Add back the code that accounted for FORWARD_TSN parameter in INIT. 2008-01-08 23:30:04 -08:00
sunrpc NFS: add newline to kernel warning message in auth_gss code 2008-01-03 09:37:16 -05:00
tipc [TIPC]: Fix semaphore handling. 2007-12-14 13:54:37 -08:00
unix [UNIX]: EOF on non-blocking SOCK_SEQPACKET 2007-11-29 23:19:23 +11:00
wanrouter
wireless [WIRELESS] WEXT: Fix userspace corruption on 64-bit. 2007-11-20 03:29:53 -08:00
x25 [X25]: Add missing x25_neigh_put 2008-01-04 00:47:02 -08:00
xfrm [XFRM]: xfrm_algo_clone() allocates too much memory 2008-01-08 23:39:06 -08:00
compat.c [NET]: Fix function put_cmsg() which may cause usr application memory overflow 2007-12-20 14:36:44 -08:00
Kconfig
Makefile
nonet.c
socket.c [NET]: Add the helper kernel_sock_shutdown() 2007-11-12 18:10:39 -08:00
sysctl_net.c
TUNABLE