From 7e36763b2c204d59de4e88087f84a2c0c8421f25 Mon Sep 17 00:00:00 2001 From: Frank Blaschka Date: Mon, 3 Mar 2008 12:16:04 -0800 Subject: [PATCH] [NET]: Fix race in generic address resolution. neigh_update sends skb from neigh->arp_queue while neigh_timer_handler has increased skbs refcount and calls solicit with the skb. neigh_timer_handler should not increase skbs refcount but make a copy of the skb and do solicit with the copy. Signed-off-by: Frank Blaschka Signed-off-by: David S. Miller --- net/core/neighbour.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/neighbour.c b/net/core/neighbour.c index aef01533dfb..d9a02b2cc28 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -839,7 +839,7 @@ static void neigh_timer_handler(unsigned long arg) struct sk_buff *skb = skb_peek(&neigh->arp_queue); /* keep skb alive even if arp_queue overflows */ if (skb) - skb_get(skb); + skb = skb_copy(skb, GFP_ATOMIC); write_unlock(&neigh->lock); neigh->ops->solicit(neigh, skb); atomic_inc(&neigh->probes);