| To: | davem@xxxxxxxxxx, <usagi-core@xxxxxxxxxxxxxx> |
|---|---|
| Subject: | [PATCH] IPv6: fix dst leakage caused by rt6_cow() |
| From: | Ville Nuorvala <vnuorval@xxxxxxxxxx> |
| Date: | Mon, 18 Aug 2003 11:13:13 +0300 (EEST) |
| Cc: | netdev@xxxxxxxxxxx |
| In-reply-to: | <Pine.LNX.4.44.0308051530560.30970-200000@xxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
Hi,
since rt6_cow() calls dst_hold() it looks like we're leaking refcounts in
three places in route.c. The patch below should fix this.
--- linux-2.5.OLD/net/ipv6/route.c 2003-08-18 10:04:24.000000000 +0300
+++ linux-2.5/net/ipv6/route.c 2003-08-15 16:20:19.000000000 +0300
@@ -432,6 +432,7 @@
/* Race condition! In the gap, when rt6_lock was
released someone could insert this route. Relookup.
*/
+ dst_release(&rt->u.dst);
goto relookup;
}
dst_hold(&rt->u.dst);
@@ -486,6 +487,7 @@
/* Race condition! In the gap, when rt6_lock was
released someone could insert this route. Relookup.
*/
+ dst_release(&rt->u.dst);
goto relookup;
}
dst_hold(&rt->u.dst);
@@ -1094,8 +1096,8 @@
*/
dst_set_expires(&nrt->u.dst, ip6_rt_mtu_expires);
nrt->rt6i_flags |= RTF_DYNAMIC|RTF_EXPIRES;
- dst_release(&nrt->u.dst);
}
+ dst_release(&nrt->u.dst);
} else {
nrt = ip6_rt_copy(rt);
if (nrt == NULL)
Thanks,
Ville
--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@xxxxxxxxxx, phone: +358 (0)9 451 5257
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH][IPV6] fixed authentication error with TCP, David S. Miller |
|---|---|
| Next by Date: | Re: [PATCH][IPV6] fixed authentication error with TCP, Ville Nuorvala |
| Previous by Thread: | Re: [PATCH] IPV6: Fix bugs in ip6ip6_tnl_xmit(), David S. Miller |
| Next by Thread: | Re: [PATCH] IPv6: fix dst leakage caused by rt6_cow(), David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |