diff options
author | Denis Lunev <den@openvz.org> | 2007-04-18 17:05:58 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-04-18 17:05:58 -0700 |
commit | ac57b3a9ce280763296f99e32187a0b4384d9389 (patch) | |
tree | 5aa81b60abfe3436a5d7d52a93a9c5cb9b9d71a5 /fs | |
parent | bfb6709d0b239af5e3ce5859aae926e1b79ba84b (diff) |
[NETLINK]: Don't attach callback to a going-away netlink socket
There is a race between netlink_dump_start() and netlink_release()
that can lead to the situation when a netlink socket with non-zero
callback is freed.
Here it is:
CPU1: CPU2
netlink_release(): netlink_dump_start():
sk = netlink_lookup(); /* OK */
netlink_remove();
spin_lock(&nlk->cb_lock);
if (nlk->cb) { /* false */
...
}
spin_unlock(&nlk->cb_lock);
spin_lock(&nlk->cb_lock);
if (nlk->cb) { /* false */
...
}
nlk->cb = cb;
spin_unlock(&nlk->cb_lock);
...
sock_orphan(sk);
/*
* proceed with releasing
* the socket
*/
The proposal it to make sock_orphan before detaching the callback
in netlink_release() and to check for the sock to be SOCK_DEAD in
netlink_dump_start() before setting a new callback.
Signed-off-by: Denis Lunev <den@openvz.org>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Pavel Emelianov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs')
0 files changed, 0 insertions, 0 deletions