[NEIGH]: Fix race between neighbor lookup and table's hash_rnd update.

[sfrench/cifs-2.6.git] / net / core / neighbour.c

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 802493327a8799c207dbe5c81a7f53f23bcf6751..2328acbd16cdf1c87dd84c8e151cfc466126b256 100644 (file)
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -59,7 +59,6 @@ static void neigh_timer_handler(unsigned long arg);
 static void __neigh_notify(struct neighbour *n, int type, int flags);
 static void neigh_update_notify(struct neighbour *neigh);
 static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev);
-void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev);
 
 static struct neigh_table *neigh_tables;
 #ifdef CONFIG_PROC_FS
@@ -359,11 +358,12 @@ struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
 {
        struct neighbour *n;
        int key_len = tbl->key_len;
-       u32 hash_val = tbl->hash(pkey, dev);
+       u32 hash_val;
 
        NEIGH_CACHE_STAT_INC(tbl, lookups);
 
        read_lock_bh(&tbl->lock);
+       hash_val = tbl->hash(pkey, dev);
        for (n = tbl->hash_buckets[hash_val & tbl->hash_mask]; n; n = n->next) {
                if (dev == n->dev && !memcmp(n->primary_key, pkey, key_len)) {
                        neigh_hold(n);
@@ -380,11 +380,12 @@ struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
 {
        struct neighbour *n;
        int key_len = tbl->key_len;
-       u32 hash_val = tbl->hash(pkey, NULL);
+       u32 hash_val;
 
        NEIGH_CACHE_STAT_INC(tbl, lookups);
 
        read_lock_bh(&tbl->lock);
+       hash_val = tbl->hash(pkey, NULL);
        for (n = tbl->hash_buckets[hash_val & tbl->hash_mask]; n; n = n->next) {
                if (!memcmp(n->primary_key, pkey, key_len) &&
                    (net == n->dev->nd_net)) {
@@ -508,6 +509,7 @@ struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
        if (tbl->pconstructor && tbl->pconstructor(n)) {
                if (dev)
                        dev_put(dev);
+               release_net(net);
                kfree(n);
                n = NULL;
                goto out;
@@ -578,6 +580,13 @@ static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev)
        return -ENOENT;
 }
 
+static void neigh_parms_destroy(struct neigh_parms *parms);
+
+static inline void neigh_parms_put(struct neigh_parms *parms)
+{
+       if (atomic_dec_and_test(&parms->refcnt))
+               neigh_parms_destroy(parms);
+}
 
 /*
  *     neighbour must already be out of the table;
@@ -1291,10 +1300,7 @@ struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
        struct neigh_parms *p, *ref;
        struct net *net;
 
-       net = &init_net;
-       if (dev)
-               net = dev->nd_net;
-
+       net = dev->nd_net;
        ref = lookup_neigh_params(tbl, net, 0);
        if (!ref)
                return NULL;
@@ -1306,15 +1312,14 @@ struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
                INIT_RCU_HEAD(&p->rcu_head);
                p->reachable_time =
                                neigh_rand_reach_time(p->base_reachable_time);
-               if (dev) {
-                       if (dev->neigh_setup && dev->neigh_setup(dev, p)) {
-                               kfree(p);
-                               return NULL;
-                       }
 
-                       dev_hold(dev);
-                       p->dev = dev;
+               if (dev->neigh_setup && dev->neigh_setup(dev, p)) {
+                       kfree(p);
+                       return NULL;
                }
+
+               dev_hold(dev);
+               p->dev = dev;
                p->net = hold_net(net);
                p->sysctl_table = NULL;
                write_lock_bh(&tbl->lock);
@@ -1355,7 +1360,7 @@ void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms)
        NEIGH_PRINTK1("neigh_parms_release: not found\n");
 }
 
-void neigh_parms_destroy(struct neigh_parms *parms)
+static void neigh_parms_destroy(struct neigh_parms *parms)
 {
        release_net(parms->net);
        kfree(parms);
@@ -2142,7 +2147,7 @@ EXPORT_SYMBOL(__neigh_for_each_release);
 static struct neighbour *neigh_get_first(struct seq_file *seq)
 {
        struct neigh_seq_state *state = seq->private;
-       struct net *net = state->net;
+       struct net *net = state->p.net;
        struct neigh_table *tbl = state->tbl;
        struct neighbour *n = NULL;
        int bucket = state->bucket;
@@ -2183,7 +2188,7 @@ static struct neighbour *neigh_get_next(struct seq_file *seq,
                                        loff_t *pos)
 {
        struct neigh_seq_state *state = seq->private;
-       struct net *net = state->net;
+       struct net *net = state->p.net;
        struct neigh_table *tbl = state->tbl;
 
        if (state->neigh_sub_iter) {
@@ -2243,7 +2248,7 @@ static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
 static struct pneigh_entry *pneigh_get_first(struct seq_file *seq)
 {
        struct neigh_seq_state *state = seq->private;
-       struct net * net = state->net;
+       struct net * net = state->p.net;
        struct neigh_table *tbl = state->tbl;
        struct pneigh_entry *pn = NULL;
        int bucket = state->bucket;
@@ -2266,7 +2271,7 @@ static struct pneigh_entry *pneigh_get_next(struct seq_file *seq,
                                            loff_t *pos)
 {
        struct neigh_seq_state *state = seq->private;
-       struct net * net = state->net;
+       struct net * net = state->p.net;
        struct neigh_table *tbl = state->tbl;
 
        pn = pn->next;