diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2009-09-24 18:44:05 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-09-24 18:44:05 -0400 |
commit | b8273570f802a7658827dcb077b0b517ba75a289 (patch) | |
tree | 06fcee4433089cdb16504f40b1975ebbdf69e241 | |
parent | 704cc92e9ffe29458ea8831ae097c631b1160c01 (diff) |
genetlink: fix netns vs. netlink table locking (2)
Similar to commit d136f1bd366fdb7e747ca7e0218171e7a00a98a5,
there's a bug when unregistering a generic netlink family,
which is caught by the might_sleep() added in that commit:
BUG: sleeping function called from invalid context at net/netlink/af_netlink.c:183
in_atomic(): 1, irqs_disabled(): 0, pid: 1510, name: rmmod
2 locks held by rmmod/1510:
#0: (genl_mutex){+.+.+.}, at: [<ffffffff8138283b>] genl_unregister_family+0x2b/0x130
#1: (rcu_read_lock){.+.+..}, at: [<ffffffff8138270c>] __genl_unregister_mc_group+0x1c/0x120
Pid: 1510, comm: rmmod Not tainted 2.6.31-wl #444
Call Trace:
[<ffffffff81044ff9>] __might_sleep+0x119/0x150
[<ffffffff81380501>] netlink_table_grab+0x21/0x100
[<ffffffff813813a3>] netlink_clear_multicast_users+0x23/0x60
[<ffffffff81382761>] __genl_unregister_mc_group+0x71/0x120
[<ffffffff81382866>] genl_unregister_family+0x56/0x130
[<ffffffffa0007d85>] nl80211_exit+0x15/0x20 [cfg80211]
[<ffffffffa000005a>] cfg80211_exit+0x1a/0x40 [cfg80211]
Fix in the same way by grabbing the netlink table lock
before doing rcu_read_lock().
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/netlink.h | 1 | ||||
-rw-r--r-- | net/netlink/af_netlink.c | 19 | ||||
-rw-r--r-- | net/netlink/genetlink.c | 4 |
3 files changed, 15 insertions, 9 deletions
diff --git a/include/linux/netlink.h b/include/linux/netlink.h index 080f6ba9e73a..ab5d3126831f 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h | |||
@@ -187,6 +187,7 @@ extern struct sock *netlink_kernel_create(struct net *net, | |||
187 | extern void netlink_kernel_release(struct sock *sk); | 187 | extern void netlink_kernel_release(struct sock *sk); |
188 | extern int __netlink_change_ngroups(struct sock *sk, unsigned int groups); | 188 | extern int __netlink_change_ngroups(struct sock *sk, unsigned int groups); |
189 | extern int netlink_change_ngroups(struct sock *sk, unsigned int groups); | 189 | extern int netlink_change_ngroups(struct sock *sk, unsigned int groups); |
190 | extern void __netlink_clear_multicast_users(struct sock *sk, unsigned int group); | ||
190 | extern void netlink_clear_multicast_users(struct sock *sk, unsigned int group); | 191 | extern void netlink_clear_multicast_users(struct sock *sk, unsigned int group); |
191 | extern void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err); | 192 | extern void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err); |
192 | extern int netlink_has_listeners(struct sock *sk, unsigned int group); | 193 | extern int netlink_has_listeners(struct sock *sk, unsigned int group); |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 55180b99562a..a4bafbf15097 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
@@ -1609,6 +1609,16 @@ int netlink_change_ngroups(struct sock *sk, unsigned int groups) | |||
1609 | return err; | 1609 | return err; |
1610 | } | 1610 | } |
1611 | 1611 | ||
1612 | void __netlink_clear_multicast_users(struct sock *ksk, unsigned int group) | ||
1613 | { | ||
1614 | struct sock *sk; | ||
1615 | struct hlist_node *node; | ||
1616 | struct netlink_table *tbl = &nl_table[ksk->sk_protocol]; | ||
1617 | |||
1618 | sk_for_each_bound(sk, node, &tbl->mc_list) | ||
1619 | netlink_update_socket_mc(nlk_sk(sk), group, 0); | ||
1620 | } | ||
1621 | |||
1612 | /** | 1622 | /** |
1613 | * netlink_clear_multicast_users - kick off multicast listeners | 1623 | * netlink_clear_multicast_users - kick off multicast listeners |
1614 | * | 1624 | * |
@@ -1619,15 +1629,8 @@ int netlink_change_ngroups(struct sock *sk, unsigned int groups) | |||
1619 | */ | 1629 | */ |
1620 | void netlink_clear_multicast_users(struct sock *ksk, unsigned int group) | 1630 | void netlink_clear_multicast_users(struct sock *ksk, unsigned int group) |
1621 | { | 1631 | { |
1622 | struct sock *sk; | ||
1623 | struct hlist_node *node; | ||
1624 | struct netlink_table *tbl = &nl_table[ksk->sk_protocol]; | ||
1625 | |||
1626 | netlink_table_grab(); | 1632 | netlink_table_grab(); |
1627 | 1633 | __netlink_clear_multicast_users(ksk, group); | |
1628 | sk_for_each_bound(sk, node, &tbl->mc_list) | ||
1629 | netlink_update_socket_mc(nlk_sk(sk), group, 0); | ||
1630 | |||
1631 | netlink_table_ungrab(); | 1634 | netlink_table_ungrab(); |
1632 | } | 1635 | } |
1633 | 1636 | ||
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 566941e03363..44ff3f3810fa 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c | |||
@@ -220,10 +220,12 @@ static void __genl_unregister_mc_group(struct genl_family *family, | |||
220 | struct net *net; | 220 | struct net *net; |
221 | BUG_ON(grp->family != family); | 221 | BUG_ON(grp->family != family); |
222 | 222 | ||
223 | netlink_table_grab(); | ||
223 | rcu_read_lock(); | 224 | rcu_read_lock(); |
224 | for_each_net_rcu(net) | 225 | for_each_net_rcu(net) |
225 | netlink_clear_multicast_users(net->genl_sock, grp->id); | 226 | __netlink_clear_multicast_users(net->genl_sock, grp->id); |
226 | rcu_read_unlock(); | 227 | rcu_read_unlock(); |
228 | netlink_table_ungrab(); | ||
227 | 229 | ||
228 | clear_bit(grp->id, mc_groups); | 230 | clear_bit(grp->id, mc_groups); |
229 | list_del(&grp->list); | 231 | list_del(&grp->list); |