• Eric Dumazet's avatar
    inet: add RCU protection to inet->opt · b8710128
    Eric Dumazet authored
    commit f6d8bd05 upstream.
    
    We lack proper synchronization to manipulate inet->opt ip_options
    
    Problem is ip_make_skb() calls ip_setup_cork() and
    ip_setup_cork() possibly makes a copy of ipc->opt (struct ip_options),
    without any protection against another thread manipulating inet->opt.
    
    Another thread can change inet->opt pointer and free old one under us.
    
    Use RCU to protect inet->opt (changed to inet->inet_opt).
    
    Instead of handling atomic refcounts, just copy ip_options when
    necessary, to avoid cache line dirtying.
    
    We cant insert an rcu_head in struct ip_options since its included in
    skb->cb[], so this patch is large because I had to introduce a new
    ip_options_rcu structure.
    Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
    Cc: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    [dannf/bwh: backported to Debian's 2.6.32]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
    b8710128
cipso_ipv4.c 63.5 KB