aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorNeil Horman <nhorman@redhat.com>2005-06-28 15:40:02 -0700
committerDavid S. Miller <davem@davemloft.net>2005-06-28 15:40:02 -0700
commitfb3d89498d268c8dedc1ab5b15fa64f536564577 (patch)
tree9617e380d284684dc3c8b7264377f67c024e9f92 /security
parent689be43945e9ca7dd704522e55af1b8a73a994d3 (diff)
[IPVS]: Close race conditions on ip_vs_conn_tab list modification
In an smp system, it is possible for an connection timer to expire, calling ip_vs_conn_expire while the connection table is being flushed, before ct_write_lock_bh is acquired. Since the list iterator loop in ip_vs_con_flush releases and re-acquires the spinlock (even though it doesn't re-enable softirqs), it is possible for the expiration function to modify the connection list, while it is being traversed in ip_vs_conn_flush. The result is that the next pointer gets set to NULL, and subsequently dereferenced, resulting in an oops. Signed-off-by: Neil Horman <nhorman@redhat.com> Acked-by: JulianAnastasov Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions