ChangeSet 1.2181.41.7, 2005/03/30 16:58:16-08:00, [EMAIL PROTECTED]
[NETLINK]: Fix sk_rmem_alloc assertion failure.
In netlink_dump we're operating on sk after dropping the cb lock.
This is racy because the owner of the socket could close it after
we drop the cb lock.
This is possible because netlink_dump isn't always called from the
context of the process that owns the socket. For instance, if there
is contention on rtnl then rtnetlink requests will be processed by
the process that owns the rtnl.
The solution is to hold a ref count on the socket before we drop
the cb lock.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
af_netlink.c | 2 ++
1 files changed, 2 insertions(+)
diff -Nru a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
--- a/net/netlink/af_netlink.c 2005-03-30 20:07:43 -08:00
+++ b/net/netlink/af_netlink.c 2005-03-30 20:07:43 -08:00
@@ -1080,9 +1080,11 @@
len = cb->dump(skb, cb);
if (len > 0) {
+ sock_hold(sk);
spin_unlock(&nlk->cb_lock);
skb_queue_tail(&sk->sk_receive_queue, skb);
sk->sk_data_ready(sk, len);
+ sock_put(sk);
return 0;
}
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
