Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cbc45497 authored by Eric Dumazet's avatar Eric Dumazet Committed by Greg Kroah-Hartman
Browse files

ipv6: frags: rewrite ip6_expire_frag_queue() 



Make it similar to IPv4 ip_expire(), and release the lock
before calling icmp functions.

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
(cherry picked from commit 05c0b86b9696802fd0ce5676a92a63f1b455bdf3)
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 7a87ec92

net/ipv6/reassembly.c

+16 −8
Original line number Diff line number Diff line
@@ -92,7 +92,9 @@ EXPORT_SYMBOL(ip6_frag_init); 
void ip6_expire_frag_queue(struct net *net, struct frag_queue *fq)

{

	struct net_device *dev = NULL;

	struct sk_buff *head;



	rcu_read_lock();

	spin_lock(&fq->q.lock);



	if (fq->q.flags & INET_FRAG_COMPLETE)
@@ -100,28 +102,34 @@ void ip6_expire_frag_queue(struct net *net, struct frag_queue *fq) 


	inet_frag_kill(&fq->q);



	rcu_read_lock();

	dev = dev_get_by_index_rcu(net, fq->iif);

	if (!dev)

		goto out_rcu_unlock;

		goto out;



	__IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);

	__IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_REASMTIMEOUT);



	/* Don't send error if the first segment did not arrive. */

	if (!(fq->q.flags & INET_FRAG_FIRST_IN) || !fq->q.fragments)

		goto out_rcu_unlock;

	head = fq->q.fragments;

	if (!(fq->q.flags & INET_FRAG_FIRST_IN) || !head)

		goto out;



	/* But use as source device on which LAST ARRIVED

	 * segment was received. And do not use fq->dev

	 * pointer directly, device might already disappeared.

	 */

	fq->q.fragments->dev = dev;

	icmpv6_send(fq->q.fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0);

out_rcu_unlock:

	rcu_read_unlock();

	head->dev = dev;

	skb_get(head);

	spin_unlock(&fq->q.lock);



	icmpv6_send(head, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0);

	kfree_skb(head);

	goto out_rcu_unlock;



out:

	spin_unlock(&fq->q.lock);

out_rcu_unlock:

	rcu_read_unlock();

	inet_frag_put(&fq->q);

}

EXPORT_SYMBOL(ip6_expire_frag_queue);