-
Dag Moxnes authored
Use the neighbour lock when copying the MAC address from the neighbour data struct in dst_fetch_ha. When not using the lock, it is possible for the function to race with neigh_update(), causing it to copy an torn MAC address: rdma_resolve_addr() rdma_resolve_ip() addr_resolve() addr_resolve_neigh() fetch_ha() dst_fetch_ha() memcpy(dev_addr->dst_dev_addr, n->ha, MAX_ADDR_LEN) and net_ioctl() arp_ioctl() arp_rec_delete() arp_invalidate() neigh_update() __neigh_update() memcpy(&neigh->ha, lladdr, dev->addr_len) It is possible to provoke this error by calling rdma_resolve_addr() in a tight loop, while deleting the corresponding ARP entry in another tight loop. Fixes: 51d45974 ("infiniband: addr: Consolidate code to fetch neighbour hardware address from dst.") Signed-off-by:Dag Moxnes <dag.moxnes@oracle.com> Signed-off-by:
Håkon Bugge <haakon.bugge@oracle.com> Reviewed-by:
Jason Gunthorpe <jgg@mellanox.com> Signed-off-by:
d8d9ec7d
