• Eric Dumazet's avatar
    ipv4: fix dst race in sk_dst_get() · f8864972
    Eric Dumazet authored
    When IP route cache had been removed in linux-3.6, we broke assumption
    that dst entries were all freed after rcu grace period. DST_NOCACHE
    dst were supposed to be freed from dst_release(). But it appears
    we want to keep such dst around, either in UDP sockets or tunnels.
    
    In sk_dst_get() we need to make sure dst refcount is not 0
    before incrementing it, or else we might end up freeing a dst
    twice.
    
    DST_NOCACHE set on a dst does not mean this dst can not be attached
    to a socket or a tunnel.
    
    Then, before actual freeing, we need to observe a rcu grace period
    to make sure all other cpus can catch the fact the dst is no longer
    usable.
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reported-by: default avatarDormando <dormando@rydia.net>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    f8864972
sock.h 63.5 KB