aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2011-05-26 13:27:11 -0400
committerDavid S. Miller <davem@davemloft.net>2011-05-27 13:39:11 -0400
commit686a7e32ca7fdd819eb9606abd3db52b77d1479f (patch)
tree409af64ba9a4685781e5cd6ed455b1927a13348d /include/linux
parente7a46b4d0839c2a3aa2e0ae0b145f293f6738498 (diff)
inetpeer: fix race in unused_list manipulations
Several crashes in cleanup_once() were reported in recent kernels. Commit d6cc1d642de9 (inetpeer: various changes) added a race in unlink_from_unused(). One way to avoid taking unused_peers.lock before doing the list_empty() test is to catch 0->1 refcnt transitions, using full barrier atomic operations variants (atomic_cmpxchg() and atomic_inc_return()) instead of previous atomic_inc() and atomic_add_unless() variants. We then call unlink_from_unused() only for the owner of the 0->1 transition. Add a new atomic_add_unless_return() static helper With help from Arun Sharma. Refs: https://bugzilla.kernel.org/show_bug.cgi?id=32772 Reported-by: Arun Sharma <asharma@fb.com> Reported-by: Maximilian Engelhardt <maxi@daemonizer.de> Reported-by: Yann Dupont <Yann.Dupont@univ-nantes.fr> Reported-by: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
0 files changed, 0 insertions, 0 deletions