Message ID | 49094B0F.2090208@cosmosbay.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Eric Dumazet <dada1@cosmosbay.com> Date: Thu, 30 Oct 2008 06:50:07 +0100 > [PATCH] udp: add a missing smp_wmb() in udp_lib_get_port() > > Corey Minyard spotted a missing memory barrier in udp_lib_get_port() > > We need to make sure a reader cannot read the new 'sk->sk_next' value > and previous value of 'sk->sk_hash'. Or else, an item could be deleted > from a chain, and inserted into another chain. If new chain was empty > before the move, 'next' pointer is NULL, and lockless reader can > not detect it missed following items in original chain. > > This patch is temporary, since we expect an upcoming patch > to introduce another way of handling the problem. > > Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> I've applied this to net-next-2.6 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c3ecec8..5e605ac 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -189,6 +189,11 @@ int udp_lib_get_port(struct sock *sk, unsigned short snum, inet_sk(sk)->num = snum; sk->sk_hash = snum; if (sk_unhashed(sk)) { + /* + * We need that previous write to sk->sk_hash committed + * before write to sk->next done in following add_node() variant + */ + smp_wmb(); sk_add_node_rcu(sk, &hslot->head); sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); }