diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2010-09-27 04:18:27 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-09-27 21:30:44 -0700 |
commit | 7fa7cb7109d07c29ab28bb877bc7049a0150dbe5 (patch) | |
tree | ba618177a1d57189d5f485a5182a96f4e97b971f /net/core | |
parent | 15fc1f7056ebdc57e23f99077fec89e63e6fa941 (diff) | |
download | kernel_samsung_espresso10-7fa7cb7109d07c29ab28bb877bc7049a0150dbe5.zip kernel_samsung_espresso10-7fa7cb7109d07c29ab28bb877bc7049a0150dbe5.tar.gz kernel_samsung_espresso10-7fa7cb7109d07c29ab28bb877bc7049a0150dbe5.tar.bz2 |
fib: use atomic_inc_not_zero() in fib_rules_lookup
It seems we dont use appropriate refcount increment in an
rcu_read_lock() protected section.
fib_rule_get() might increment a null refcount and bad things could
happen.
While fib_nl_delrule() respects an rcu grace period before calling
fib_rule_put(), fib_rules_cleanup_ops() calls fib_rule_put() without a
grace period.
Note : after this patch, we might avoid the synchronize_rcu() call done
in fib_nl_delrule()
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
-rw-r--r-- | net/core/fib_rules.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c index 42e84e0..d078728 100644 --- a/net/core/fib_rules.c +++ b/net/core/fib_rules.c @@ -225,9 +225,11 @@ jumped: err = ops->action(rule, fl, flags, arg); if (err != -EAGAIN) { - fib_rule_get(rule); - arg->rule = rule; - goto out; + if (likely(atomic_inc_not_zero(&rule->refcnt))) { + arg->rule = rule; + goto out; + } + break; } } |