Re: kernel panic in skb_copy_bits

From: David Miller
Date: Mon Jul 01 2013 - 16:36:20 EST

Next message: Alan Stern: "Re: [PATCH] usb: Clear both buffers when clearing a control transferTT buffer."
Previous message: Oleg Nesterov: "Re: [PATCH v4] tracing/uprobes: Support ftrace_event_file basemultibuffer"
In reply to: Alex Bligh: "Re: kernel panic in skb_copy_bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Date: Fri, 28 Jun 2013 02:37:42 -0700

> [PATCH] neighbour: fix a race in neigh_destroy()
>
> There is a race in neighbour code, because neigh_destroy() uses
> skb_queue_purge(&neigh->arp_queue) without holding neighbour lock,
> while other parts of the code assume neighbour rwlock is what
> protects arp_queue
>
> Convert all skb_queue_purge() calls to the __skb_queue_purge() variant
>
> Use __skb_queue_head_init() instead of skb_queue_head_init()
> to make clear we do not use arp_queue.lock
>
> And hold neigh->lock in neigh_destroy() to close the race.
>
> Reported-by: Joe Jin <joe.jin@xxxxxxxxxx>
> Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>

Applied and queued up for -stable, thanks Eric.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Stern: "Re: [PATCH] usb: Clear both buffers when clearing a control transferTT buffer."
Previous message: Oleg Nesterov: "Re: [PATCH v4] tracing/uprobes: Support ftrace_event_file basemultibuffer"
In reply to: Alex Bligh: "Re: kernel panic in skb_copy_bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]