diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2006-02-02 17:01:13 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-02-02 17:01:13 -0800 |
commit | 6f4b6ec1cffcbb12cc47244381496d59b6a5a790 (patch) | |
tree | d43bba50024fcbe32faae70a5574aba45f2709ab | |
parent | f8addb3215bf58154f189017d934dfc06b62c75e (diff) | |
download | op-kernel-dev-6f4b6ec1cffcbb12cc47244381496d59b6a5a790.zip op-kernel-dev-6f4b6ec1cffcbb12cc47244381496d59b6a5a790.tar.gz |
[IPV6]: Fix illegal dst locking in softirq context.
On Tue, Jan 31, 2006 at 10:24:32PM +0100, Ingo Molnar wrote:
>
> [<c04de9e8>] _write_lock+0x8/0x10
> [<c0499015>] inet6_destroy_sock+0x25/0x100
> [<c04b8672>] tcp_v6_destroy_sock+0x12/0x20
> [<c046bbda>] inet_csk_destroy_sock+0x4a/0x150
> [<c047625c>] tcp_rcv_state_process+0xd4c/0xdd0
> [<c047d8e9>] tcp_v4_do_rcv+0xa9/0x340
> [<c047eabb>] tcp_v4_rcv+0x8eb/0x9d0
OK this is definitely broken. We should never touch the dst lock in
softirq context. Since inet6_destroy_sock may be called from that
context due to the asynchronous nature of sockets, we can't take the
lock there.
In fact this sk_dst_reset is totally redundant since all IPv6 sockets
use inet_sock_destruct as their socket destructor which always cleans
up the dst anyway. So the solution is to simply remove the call.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv6/af_inet6.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 064ffab..6c9711a 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -369,12 +369,6 @@ int inet6_destroy_sock(struct sock *sk) struct sk_buff *skb; struct ipv6_txoptions *opt; - /* - * Release destination entry - */ - - sk_dst_reset(sk); - /* Release rx options */ if ((skb = xchg(&np->pktoptions, NULL)) != NULL) |