aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2008-09-15 14:48:46 -0400
committerDavid S. Miller <davem@davemloft.net>2008-09-15 14:48:46 -0400
commit93821778def10ec1e69aa3ac10adee975dad4ff3 (patch)
tree5cd95c0592407ac49b4f6bd9aa8ba71d93500aae
parentcff502a38394fd33693f6233e03fca363dfa956d (diff)
udp: Fix rcv socket locking
The previous patch in response to the recursive locking on IPsec reception is broken as it tries to drop the BH socket lock while in user context. This patch fixes it by shrinking the section protected by the socket lock to sock_queue_rcv_skb only. The only reason we added the lock is for the accounting which happens in that function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/udp.c62
1 files changed, 33 insertions, 29 deletions
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 8e42fbbd576..57e26fa6618 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -951,6 +951,27 @@ int udp_disconnect(struct sock *sk, int flags)
951 return 0; 951 return 0;
952} 952}
953 953
954static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
955{
956 int is_udplite = IS_UDPLITE(sk);
957 int rc;
958
959 if ((rc = sock_queue_rcv_skb(sk, skb)) < 0) {
960 /* Note that an ENOMEM error is charged twice */
961 if (rc == -ENOMEM)
962 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
963 is_udplite);
964 goto drop;
965 }
966
967 return 0;
968
969drop:
970 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
971 kfree_skb(skb);
972 return -1;
973}
974
954/* returns: 975/* returns:
955 * -1: error 976 * -1: error
956 * 0: success 977 * 0: success
@@ -989,9 +1010,7 @@ int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
989 up->encap_rcv != NULL) { 1010 up->encap_rcv != NULL) {
990 int ret; 1011 int ret;
991 1012
992 bh_unlock_sock(sk);
993 ret = (*up->encap_rcv)(sk, skb); 1013 ret = (*up->encap_rcv)(sk, skb);
994 bh_lock_sock(sk);
995 if (ret <= 0) { 1014 if (ret <= 0) {
996 UDP_INC_STATS_BH(sock_net(sk), 1015 UDP_INC_STATS_BH(sock_net(sk),
997 UDP_MIB_INDATAGRAMS, 1016 UDP_MIB_INDATAGRAMS,
@@ -1044,17 +1063,16 @@ int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
1044 goto drop; 1063 goto drop;
1045 } 1064 }
1046 1065
1047 if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) { 1066 rc = 0;
1048 /* Note that an ENOMEM error is charged twice */
1049 if (rc == -ENOMEM) {
1050 UDP_INC_STATS_BH(sock_net(sk),
1051 UDP_MIB_RCVBUFERRORS, is_udplite);
1052 atomic_inc(&sk->sk_drops);
1053 }
1054 goto drop;
1055 }
1056 1067
1057 return 0; 1068 bh_lock_sock(sk);
1069 if (!sock_owned_by_user(sk))
1070 rc = __udp_queue_rcv_skb(sk, skb);
1071 else
1072 sk_add_backlog(sk, skb);
1073 bh_unlock_sock(sk);
1074
1075 return rc;
1058 1076
1059drop: 1077drop:
1060 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 1078 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -1092,15 +1110,7 @@ static int __udp4_lib_mcast_deliver(struct net *net, struct sk_buff *skb,
1092 skb1 = skb_clone(skb, GFP_ATOMIC); 1110 skb1 = skb_clone(skb, GFP_ATOMIC);
1093 1111
1094 if (skb1) { 1112 if (skb1) {
1095 int ret = 0; 1113 int ret = udp_queue_rcv_skb(sk, skb1);
1096
1097 bh_lock_sock(sk);
1098 if (!sock_owned_by_user(sk))
1099 ret = udp_queue_rcv_skb(sk, skb1);
1100 else
1101 sk_add_backlog(sk, skb1);
1102 bh_unlock_sock(sk);
1103
1104 if (ret > 0) 1114 if (ret > 0)
1105 /* we should probably re-process instead 1115 /* we should probably re-process instead
1106 * of dropping packets here. */ 1116 * of dropping packets here. */
@@ -1195,13 +1205,7 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
1195 uh->dest, inet_iif(skb), udptable); 1205 uh->dest, inet_iif(skb), udptable);
1196 1206
1197 if (sk != NULL) { 1207 if (sk != NULL) {
1198 int ret = 0; 1208 int ret = udp_queue_rcv_skb(sk, skb);
1199 bh_lock_sock(sk);
1200 if (!sock_owned_by_user(sk))
1201 ret = udp_queue_rcv_skb(sk, skb);
1202 else
1203 sk_add_backlog(sk, skb);
1204 bh_unlock_sock(sk);
1205 sock_put(sk); 1209 sock_put(sk);
1206 1210
1207 /* a return value > 0 means to resubmit the input, but 1211 /* a return value > 0 means to resubmit the input, but
@@ -1494,7 +1498,7 @@ struct proto udp_prot = {
1494 .sendmsg = udp_sendmsg, 1498 .sendmsg = udp_sendmsg,
1495 .recvmsg = udp_recvmsg, 1499 .recvmsg = udp_recvmsg,
1496 .sendpage = udp_sendpage, 1500 .sendpage = udp_sendpage,
1497 .backlog_rcv = udp_queue_rcv_skb, 1501 .backlog_rcv = __udp_queue_rcv_skb,
1498 .hash = udp_lib_hash, 1502 .hash = udp_lib_hash,
1499 .unhash = udp_lib_unhash, 1503 .unhash = udp_lib_unhash,
1500 .get_port = udp_v4_get_port, 1504 .get_port = udp_v4_get_port,