ChangeSet 1.2323, 2005/03/31 20:29:09-08:00, [EMAIL PROTECTED]
[NETLINK]: More complete fix for race.
Unfortunately my patch only closed half the race. There is still
a chunk of code between netlink_dump_start and netlink_dump that runs
outside the cb lock which isn't protected by an sk reference.
Here is a better patch which protects the entire netlink_dump function
with a sk reference.
The other call to netlink_dump by recvmsg is safe as the open file
descriptor already holds a reference. As such the final sock_put
in netlink_dump can be turned into a __sock_put since there is at
least one reference held by the caller.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
af_netlink.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff -Nru a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
--- a/net/netlink/af_netlink.c 2005-04-01 09:08:47 -08:00
+++ b/net/netlink/af_netlink.c 2005-04-01 09:08:47 -08:00
@@ -1080,11 +1080,9 @@
len = cb->dump(skb, cb);
if (len > 0) {
- sock_hold(sk);
spin_unlock(&nlk->cb_lock);
skb_queue_tail(&sk->sk_receive_queue, skb);
sk->sk_data_ready(sk, len);
- sock_put(sk);
return 0;
}
@@ -1099,7 +1097,7 @@
spin_unlock(&nlk->cb_lock);
netlink_destroy_callback(cb);
- sock_put(sk);
+ __sock_put(sk);
return 0;
}
@@ -1138,9 +1136,11 @@
return -EBUSY;
}
nlk->cb = cb;
+ sock_hold(sk);
spin_unlock(&nlk->cb_lock);
netlink_dump(sk);
+ sock_put(sk);
return 0;
}
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
