diff options
author | Jarek Poplawski <jarkao2@gmail.com> | 2009-06-15 02:31:29 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-06-15 02:31:29 -0700 |
commit | e0f7cb8c8cc6cccce28d2ce39ad8c60d23c3799f (patch) | |
tree | 204963b92fd4cdd8a73cd133ef36360c0d47014f /kernel/capability.c | |
parent | 3c4bdc4bd4af791a72147b6ebc29553808f53cea (diff) | |
download | kernel_samsung_smdk4412-e0f7cb8c8cc6cccce28d2ce39ad8c60d23c3799f.zip kernel_samsung_smdk4412-e0f7cb8c8cc6cccce28d2ce39ad8c60d23c3799f.tar.gz kernel_samsung_smdk4412-e0f7cb8c8cc6cccce28d2ce39ad8c60d23c3799f.tar.bz2 |
ipv4: Fix fib_trie rebalancing
While doing trie_rebalance(): resize(), inflate(), halve() RCU free
tnodes before updating their parents. It depends on RCU delaying the
real destruction, but if RCU readers start after call_rcu() and before
parent update they could access freed memory.
It is currently prevented with preempt_disable() on the update side,
but it's not safe, except maybe classic RCU, plus it conflicts with
memory allocations with GFP_KERNEL flag used from these functions.
This patch explicitly delays freeing of tnodes by adding them to the
list, which is flushed after the update is finished.
Reported-by: Yan Zheng <zheng.yan@oracle.com>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/capability.c')
0 files changed, 0 insertions, 0 deletions