From patchwork Tue Apr 20 10:35:18 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Yu X-Patchwork-Id: 50530 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id EB679B7CF6 for ; Tue, 20 Apr 2010 20:35:43 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754402Ab0DTKfV (ORCPT ); Tue, 20 Apr 2010 06:35:21 -0400 Received: from mail-wy0-f174.google.com ([74.125.82.174]:47411 "EHLO mail-wy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754376Ab0DTKfU (ORCPT ); Tue, 20 Apr 2010 06:35:20 -0400 Received: by wyb39 with SMTP id 39so3154713wyb.19 for ; Tue, 20 Apr 2010 03:35:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:received:message-id :subject:from:to:cc:content-type; bh=LYuhwbMBXzH85ZCrJ4IrqXAwGNumVKwKbuIhIbAaICE=; b=XKbe6oSAXzzLN9l+Uq3MNYjk1oupEn7NlXifXgFwkk2hWgw1dqtSQT8B685LrxcB9B plyQUbpCkGwqGESW+oYR22kKkgi1ta3IIKWm8K6a58VJg0L75xEhmiB9VyQR4jsrVEE2 tmMKg7E2wSsKwCWJomsxU/EHoW1zSqEjjHriY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=QWBopHuvAZxfLMUlgyGpL4/CVZ2s6Ai9hiA5oUBMzj5TvYvVFZi7VMsIyhHL98ZWE9 Fc8lWL+rfQ3d0lAtm9rDVubqW6jUsOYW/qm8Zmpk8nS40x0/ZlhGsZE3DZnlcLrxfC/O VSNbtF0jpmKSQF7vMka/oTQA3q8tCOnE9B3EA= MIME-Version: 1.0 Received: by 10.216.72.17 with HTTP; Tue, 20 Apr 2010 03:35:18 -0700 (PDT) Date: Tue, 20 Apr 2010 18:35:18 +0800 Received: by 10.216.90.3 with SMTP id d3mr1331710wef.110.1271759718516; Tue, 20 Apr 2010 03:35:18 -0700 (PDT) Message-ID: Subject: A possible bug in reqsk_queue_hash_req() From: Li Yu To: netdev@vger.kernel.org Cc: linux-kernel@vger.kernel.org Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Hi, I found out a possible bug in reqsk_queue_hash_req(), it seem that we should move "req->dl_next = lopt->syn_table[hash];" statement into follow write lock protected scope. As I browsed source code, this function only can be call at rx code path which is protected a spin lock over struct sock , but its caller ( inet_csk_reqsk_queue_hash_add() ) is a GPL exported symbol, so I think that we'd best move this statement into below write lock protected scope. Below is the patch to play this change, please do not apply it on source code, it's just for show. Thanks. Yu --- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- include/net/request_sock.h 2010-04-09 15:27:14.000000000 +0800 +++ include/net/request_sock.h 2010-04-20 18:11:32.000000000 +0800 @@ -247,9 +247,9 @@ static inline void reqsk_queue_hash_req( req->expires = jiffies + timeout; req->retrans = 0; req->sk = NULL; - req->dl_next = lopt->syn_table[hash]; write_lock(&queue->syn_wait_lock); + req->dl_next = lopt->syn_table[hash]; lopt->syn_table[hash] = req; write_unlock(&queue->syn_wait_lock); }