From: Neil Horman <nhorman@redhat.com>
Date: Tue, 28 Jun 2005 22:40:02 +0000 (-0700)
Subject: [IPVS]: Close race conditions on ip_vs_conn_tab list modification
X-Git-Tag: v2.6.13-rc1~2^2~5
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb3d89498d268c8dedc1ab5b15fa64f536564577;p=pandora-kernel.git

[IPVS]: Close race conditions on ip_vs_conn_tab list modification

In an smp system, it is possible for an connection timer to expire, calling
ip_vs_conn_expire while the connection table is being flushed, before
ct_write_lock_bh is acquired.

Since the list iterator loop in ip_vs_con_flush releases and re-acquires the
spinlock (even though it doesn't re-enable softirqs), it is possible for the
expiration function to modify the connection list, while it is being traversed
in ip_vs_conn_flush.

The result is that the next pointer gets set to NULL, and subsequently
dereferenced, resulting in an oops.

Signed-off-by: Neil Horman <nhorman@redhat.com>
Acked-by: JulianAnastasov
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed