original_kernel/net/ipv4/ipvs
Neil Horman fb3d89498d [IPVS]: Close race conditions on ip_vs_conn_tab list modification
In an smp system, it is possible for an connection timer to expire, calling
ip_vs_conn_expire while the connection table is being flushed, before
ct_write_lock_bh is acquired.

Since the list iterator loop in ip_vs_con_flush releases and re-acquires the
spinlock (even though it doesn't re-enable softirqs), it is possible for the
expiration function to modify the connection list, while it is being traversed
in ip_vs_conn_flush.

The result is that the next pointer gets set to NULL, and subsequently
dereferenced, resulting in an oops.

Signed-off-by: Neil Horman <nhorman@redhat.com>
Acked-by: JulianAnastasov
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-06-28 15:40:02 -07:00
..
Kconfig
Makefile
ip_vs_app.c
ip_vs_conn.c
ip_vs_core.c
ip_vs_ctl.c
ip_vs_dh.c
ip_vs_est.c
ip_vs_ftp.c
ip_vs_lblc.c
ip_vs_lblcr.c
ip_vs_lc.c
ip_vs_nq.c
ip_vs_proto.c
ip_vs_proto_ah.c
ip_vs_proto_esp.c
ip_vs_proto_tcp.c
ip_vs_proto_udp.c
ip_vs_rr.c
ip_vs_sched.c
ip_vs_sed.c
ip_vs_sh.c
ip_vs_sync.c
ip_vs_wlc.c
ip_vs_wrr.c
ip_vs_xmit.c