race in net/ipv4/ipip.c ?

To:	netdev@xxxxxxxxxxx
Subject:	race in net/ipv4/ipip.c ?
From:	Lennert Buytenhek <buytenh@xxxxxxxxxxxxxx>
Date:	Wed, 12 Jan 2005 13:23:00 +0100
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.4.1i

Hi!

        static void ipip_tunnel_link(struct ipip_tunnel *t)
        {
                struct ipip_tunnel **tp = ipip_bucket(t);

                t->next = *tp;
                write_lock_bh(&ipip_lock);
                *tp = t;
                write_unlock_bh(&ipip_lock);
        }

Shouldn't the "t->next = *tp" be done inside the write lock?

A similar race exists in ipip_tunnel_unlink, and ip_gre seems to have
the same issues.


cheers,
Lennert

<Prev in Thread]	Current Thread	[Next in Thread>
race in net/ipv4/ipip.c ?, Lennert Buytenhek <= Re: race in net/ipv4/ipip.c ?, Thomas Graf Re: race in net/ipv4/ipip.c ?, YOSHIFUJI Hideaki / 吉藤英明 Re: race in net/ipv4/ipip.c ?, Thomas Graf Re: race in net/ipv4/ipip.c ?, YOSHIFUJI Hideaki / 吉藤英明 Re: race in net/ipv4/ipip.c ?, David S. Miller Re: race in net/ipv4/ipip.c ?, YOSHIFUJI Hideaki / 吉藤英明 Re: race in net/ipv4/ipip.c ?, David S. Miller Re: race in net/ipv4/ipip.c ?, Lennert Buytenhek

Previous by Date:	Please confirm your message, Neil Russell
Next by Date:	Re: race in net/ipv4/ipip.c ?, Thomas Graf
Previous by Thread:	Please confirm your message, Neil Russell
Next by Thread:	Re: race in net/ipv4/ipip.c ?, Thomas Graf
Indexes:	[Date] [Thread] [Top] [All Lists]