net: Fix IP_MULTICAST_IF

ipv4/ipv6 setsockopt(IP_MULTICAST_IF) have dubious __dev_get_by_index() calls.

This function should be called only with RTNL or dev_base_lock held, or reader
could see a corrupt hash chain and eventually enter an endless loop.

Fix is to call dev_get_by_index()/dev_put().

If this happens to be performance critical, we could define a new dev_exist_by_index()
function to avoid touching dev refcount.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Dumazet 2009-10-19 06:41:58 +00:00 committed by David S. Miller
parent 45054dc1bf
commit 55b8050353
2 changed files with 8 additions and 5 deletions

View File

@ -634,17 +634,16 @@ static int do_ip_setsockopt(struct sock *sk, int level,
break;
}
dev = ip_dev_find(sock_net(sk), mreq.imr_address.s_addr);
if (dev) {
if (dev)
mreq.imr_ifindex = dev->ifindex;
dev_put(dev);
}
} else
dev = __dev_get_by_index(sock_net(sk), mreq.imr_ifindex);
dev = dev_get_by_index(sock_net(sk), mreq.imr_ifindex);
err = -EADDRNOTAVAIL;
if (!dev)
break;
dev_put(dev);
err = -EINVAL;
if (sk->sk_bound_dev_if &&

View File

@ -496,13 +496,17 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
goto e_inval;
if (val) {
struct net_device *dev;
if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val)
goto e_inval;
if (__dev_get_by_index(net, val) == NULL) {
dev = dev_get_by_index(net, val);
if (!dev) {
retv = -ENODEV;
break;
}
dev_put(dev);
}
np->mcast_oif = val;
retv = 0;