ipip: potential race in ip_tunnel_init_net() Eric Dumazet says that my previous fix for an ERR_PTR dereference (ea857f28ab 'ipip: dereferencing an ERR_PTR in ip_tunnel_init_net()') could be racy and suggests the following fix instead. Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: b4de77ade3fc56e41b978b68d78a351dab28b74e [log] [tgz]
author: Dan Carpenter <dan.carpenter@oracle.com> Fri Aug 23 11:15:37 2013 +0300
committer: David S. Miller <davem@davemloft.net> Sun Aug 25 18:39:59 2013 -0400
tree: 92e18e67c92a67d7ae83160a80c66b1767547840
parent: b8e2fde466f7902fed4ad10bb60c1377b27cbfb7 [diff] [blame]
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 24549b4..830de3f 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c

@@ -854,16 +854,14 @@
 
 	rtnl_lock();
 	itn->fb_tunnel_dev = __ip_tunnel_create(net, ops, &parms);
-	rtnl_unlock();
-
-	if (IS_ERR(itn->fb_tunnel_dev))
-		return PTR_ERR(itn->fb_tunnel_dev);
 	/* FB netdevice is special: we have one, and only one per netns.
 	 * Allowing to move it to another netns is clearly unsafe.
 	 */
-	itn->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL;
+	if (!IS_ERR(itn->fb_tunnel_dev))
+		itn->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL;
+	rtnl_unlock();
 
-	return 0;
+	return PTR_RET(itn->fb_tunnel_dev);
 }
 EXPORT_SYMBOL_GPL(ip_tunnel_init_net);
commit	b4de77ade3fc56e41b978b68d78a351dab28b74e	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Fri Aug 23 11:15:37 2013 +0300
committer	David S. Miller <davem@davemloft.net>	Sun Aug 25 18:39:59 2013 -0400
tree	92e18e67c92a67d7ae83160a80c66b1767547840
parent	b8e2fde466f7902fed4ad10bb60c1377b27cbfb7 [diff] [blame]