diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-05-26 13:27:11 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-05-27 13:39:11 -0400 |
commit | 686a7e32ca7fdd819eb9606abd3db52b77d1479f (patch) | |
tree | 409af64ba9a4685781e5cd6ed455b1927a13348d /include/linux | |
parent | e7a46b4d0839c2a3aa2e0ae0b145f293f6738498 (diff) |
inetpeer: fix race in unused_list manipulations
Several crashes in cleanup_once() were reported in recent kernels.
Commit d6cc1d642de9 (inetpeer: various changes) added a race in
unlink_from_unused().
One way to avoid taking unused_peers.lock before doing the list_empty()
test is to catch 0->1 refcnt transitions, using full barrier atomic
operations variants (atomic_cmpxchg() and atomic_inc_return()) instead
of previous atomic_inc() and atomic_add_unless() variants.
We then call unlink_from_unused() only for the owner of the 0->1
transition.
Add a new atomic_add_unless_return() static helper
With help from Arun Sharma.
Refs: https://bugzilla.kernel.org/show_bug.cgi?id=32772
Reported-by: Arun Sharma <asharma@fb.com>
Reported-by: Maximilian Engelhardt <maxi@daemonizer.de>
Reported-by: Yann Dupont <Yann.Dupont@univ-nantes.fr>
Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
0 files changed, 0 insertions, 0 deletions