This is a note to let you know that I've just added the patch titled
l2tp: fix a race in l2tp_ip_sendmsg()
to the 3.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
l2tp-fix-a-race-in-l2tp_ip_sendmsg.patch
and it can be found in the queue-3.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From ca49ae5eccf6e744a6df0615f6cd4bcc3622d785 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <[email protected]>
Date: Fri, 8 Jun 2012 06:25:00 +0000
Subject: l2tp: fix a race in l2tp_ip_sendmsg()
From: Eric Dumazet <[email protected]>
[ Upstream commit 4399a4df98a63e30fd16e9d0cecc46ea92269e8f ]
Commit 081b1b1bb27f (l2tp: fix l2tp_ip_sendmsg() route handling) added
a race, in case IP route cache is disabled.
In this case, we should not do the dst_release(&rt->dst), since it'll
free the dst immediately, instead of waiting a RCU grace period.
Signed-off-by: Eric Dumazet <[email protected]>
Cc: James Chapman <[email protected]>
Cc: Denys Fedoryshchenko <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/l2tp/l2tp_ip.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/net/l2tp/l2tp_ip.c
+++ b/net/l2tp/l2tp_ip.c
@@ -516,10 +516,12 @@ static int l2tp_ip_sendmsg(struct kiocb
sk->sk_bound_dev_if);
if (IS_ERR(rt))
goto no_route;
- if (connected)
+ if (connected) {
sk_setup_caps(sk, &rt->dst);
- else
- dst_release(&rt->dst); /* safe since we hold
rcu_read_lock */
+ } else {
+ skb_dst_set(skb, &rt->dst);
+ goto xmit;
+ }
}
/* We dont need to clone dst here, it is guaranteed to not disappear.
@@ -527,6 +529,7 @@ static int l2tp_ip_sendmsg(struct kiocb
*/
skb_dst_set_noref(skb, &rt->dst);
+xmit:
/* Queue the packet to IP for output */
rc = ip_queue_xmit(skb, &inet->cork.fl);
rcu_read_unlock();
Patches currently in stable-queue which might be from [email protected] are
queue-3.4/be2net-fix-a-race-in-be_xmit.patch
queue-3.4/drop_monitor-dont-sleep-in-atomic-context.patch
queue-3.4/lpc_eth-fix-tx-completion.patch
queue-3.4/bonding-fix-corrupted-queue_mapping.patch
queue-3.4/bnx2x-fix-checksum-validation.patch
queue-3.4/net-neighbour-fix-neigh_dump_info.patch
queue-3.4/l2tp-fix-a-race-in-l2tp_ip_sendmsg.patch
queue-3.4/bnx2x-fix-panic-when-tx-ring-is-full.patch
queue-3.4/lpc_eth-add-missing-ndo_change_mtu.patch
queue-3.4/bql-avoid-possible-inconsistent-calculation.patch
queue-3.4/net-remove-skb_orphan_try.patch
queue-3.4/bql-avoid-unneeded-limit-decrement.patch
queue-3.4/netpoll-fix-netpoll_send_udp-bugs.patch
queue-3.4/dummy-fix-rcu_sched-self-detected-stalls.patch
queue-3.4/net-l2tp_eth-fix-kernel-panic-on-rmmod-l2tp_eth.patch
queue-3.4/bql-fix-posdiff-to-integer-overflow-aware.patch
queue-3.4/inetpeer-fix-a-race-in-inetpeer_gc_worker.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
