| From foo@baz Mon Sep 17 13:33:56 CEST 2018 |
| From: Stephen Hemminger <stephen@networkplumber.org> |
| Date: Thu, 13 Sep 2018 07:58:47 -0700 |
| Subject: ipv6: frags: rewrite ip6_expire_frag_queue() |
| To: davem@davemloft.net, gregkh@linuxfoundation.org |
| Cc: netdev@vger.kernel.org, stable@vger.kernel.org, edumazet@google.com |
| Message-ID: <20180913145902.17531-16-sthemmin@microsoft.com> |
| |
| From: Eric Dumazet <edumazet@google.com> |
| |
| Make it similar to IPv4 ip_expire(), and release the lock |
| before calling icmp functions. |
| |
| Signed-off-by: Eric Dumazet <edumazet@google.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| (cherry picked from commit 05c0b86b9696802fd0ce5676a92a63f1b455bdf3) |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/reassembly.c | 24 ++++++++++++++++-------- |
| 1 file changed, 16 insertions(+), 8 deletions(-) |
| |
| --- a/net/ipv6/reassembly.c |
| +++ b/net/ipv6/reassembly.c |
| @@ -92,7 +92,9 @@ EXPORT_SYMBOL(ip6_frag_init); |
| void ip6_expire_frag_queue(struct net *net, struct frag_queue *fq) |
| { |
| struct net_device *dev = NULL; |
| + struct sk_buff *head; |
| |
| + rcu_read_lock(); |
| spin_lock(&fq->q.lock); |
| |
| if (fq->q.flags & INET_FRAG_COMPLETE) |
| @@ -100,28 +102,34 @@ void ip6_expire_frag_queue(struct net *n |
| |
| inet_frag_kill(&fq->q); |
| |
| - rcu_read_lock(); |
| dev = dev_get_by_index_rcu(net, fq->iif); |
| if (!dev) |
| - goto out_rcu_unlock; |
| + goto out; |
| |
| __IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS); |
| __IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_REASMTIMEOUT); |
| |
| /* Don't send error if the first segment did not arrive. */ |
| - if (!(fq->q.flags & INET_FRAG_FIRST_IN) || !fq->q.fragments) |
| - goto out_rcu_unlock; |
| + head = fq->q.fragments; |
| + if (!(fq->q.flags & INET_FRAG_FIRST_IN) || !head) |
| + goto out; |
| |
| /* But use as source device on which LAST ARRIVED |
| * segment was received. And do not use fq->dev |
| * pointer directly, device might already disappeared. |
| */ |
| - fq->q.fragments->dev = dev; |
| - icmpv6_send(fq->q.fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0); |
| -out_rcu_unlock: |
| - rcu_read_unlock(); |
| + head->dev = dev; |
| + skb_get(head); |
| + spin_unlock(&fq->q.lock); |
| + |
| + icmpv6_send(head, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0); |
| + kfree_skb(head); |
| + goto out_rcu_unlock; |
| + |
| out: |
| spin_unlock(&fq->q.lock); |
| +out_rcu_unlock: |
| + rcu_read_unlock(); |
| inet_frag_put(&fq->q); |
| } |
| EXPORT_SYMBOL(ip6_expire_frag_queue); |
