diff options
| author | Miklos Szeredi <mszeredi@suse.cz> | 2007-07-11 17:22:39 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2007-07-11 17:22:39 -0400 |
| commit | 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 (patch) | |
| tree | 3403194403ab25f1f7a360a002adf63be2b4e9b0 /net/unix/af_unix.c | |
| parent | 99d24edeb6abc6ca3a0d0fbdb83c664c04403c8c (diff) | |
[AF_UNIX]: Rewrite garbage collector, fixes race.
Throw out the old mark & sweep garbage collector and put in a
refcounting cycle detecting one.
The old one had a race with recvmsg, that resulted in false positives
and hence data loss. The old algorithm operated on all unix sockets
in the system, so any additional locking would have meant performance
problems for all users of these.
The new algorithm instead only operates on "in flight" sockets, which
are very rare, and the additional locking for these doesn't negatively
impact the vast majority of users.
In fact it's probable, that there weren't *any* heavy senders of
sockets over sockets, otherwise the above race would have been
discovered long ago.
The patch works OK with the app that exposed the race with the old
code. The garbage collection has also been verified to work in a few
simple cases.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/unix/af_unix.c')
| -rw-r--r-- | net/unix/af_unix.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 3654b647ac79..65ebccc0a698 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c | |||
| @@ -592,7 +592,8 @@ static struct sock * unix_create1(struct socket *sock) | |||
| 592 | u->dentry = NULL; | 592 | u->dentry = NULL; |
| 593 | u->mnt = NULL; | 593 | u->mnt = NULL; |
| 594 | spin_lock_init(&u->lock); | 594 | spin_lock_init(&u->lock); |
| 595 | atomic_set(&u->inflight, sock ? 0 : -1); | 595 | atomic_set(&u->inflight, 0); |
| 596 | INIT_LIST_HEAD(&u->link); | ||
| 596 | mutex_init(&u->readlock); /* single task reading lock */ | 597 | mutex_init(&u->readlock); /* single task reading lock */ |
| 597 | init_waitqueue_head(&u->peer_wait); | 598 | init_waitqueue_head(&u->peer_wait); |
| 598 | unix_insert_socket(unix_sockets_unbound, sk); | 599 | unix_insert_socket(unix_sockets_unbound, sk); |
| @@ -1134,9 +1135,6 @@ restart: | |||
| 1134 | /* take ten and and send info to listening sock */ | 1135 | /* take ten and and send info to listening sock */ |
| 1135 | spin_lock(&other->sk_receive_queue.lock); | 1136 | spin_lock(&other->sk_receive_queue.lock); |
| 1136 | __skb_queue_tail(&other->sk_receive_queue, skb); | 1137 | __skb_queue_tail(&other->sk_receive_queue, skb); |
| 1137 | /* Undo artificially decreased inflight after embrion | ||
| 1138 | * is installed to listening socket. */ | ||
| 1139 | atomic_inc(&newu->inflight); | ||
| 1140 | spin_unlock(&other->sk_receive_queue.lock); | 1138 | spin_unlock(&other->sk_receive_queue.lock); |
| 1141 | unix_state_unlock(other); | 1139 | unix_state_unlock(other); |
| 1142 | other->sk_data_ready(other, 0); | 1140 | other->sk_data_ready(other, 0); |