From patchwork Mon Sep 27 14:18:27 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Dumazet <eric.dumazet@gmail.com>
X-Patchwork-Id: 65873
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 6D5E1B70B8
	for <patchwork-incoming@ozlabs.org>;
	Tue, 28 Sep 2010 00:18:39 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932578Ab0I0OSe (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 27 Sep 2010 10:18:34 -0400
Received: from mail-fx0-f46.google.com ([209.85.161.46]:55446 "EHLO
	mail-fx0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756026Ab0I0OSd (ORCPT
	<rfc822;netdev@vger.kernel.org>); Mon, 27 Sep 2010 10:18:33 -0400
Received: by fxm3 with SMTP id 3so1830421fxm.19
	for <netdev@vger.kernel.org>; Mon, 27 Sep 2010 07:18:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:subject:from:to:cc
	:content-type:date:message-id:mime-version:x-mailer
	:content-transfer-encoding;
	bh=1uZLimVXz9ivCYZUtcS6ihdPSAYC8qRRmX9xvh5tTc8=;
	b=JnU6dULXN0XYyAd6gVaj2UdpzSRhURviM2LGx1gnultVcaYtFzeuZ+Zd4cMffT+dKZ
	QdhP/PChEaqMIfMN5LdZFNMUvOCuDVn7FAD7JaSbLNWUzOOe3hpimD1y8nYYl2hBAfjm
	QQTXXj9fQMOCM1HGTJe7ZKyEzMY3R4as3RRj4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=subject:from:to:cc:content-type:date:message-id:mime-version
	:x-mailer:content-transfer-encoding;
	b=HWe8WN+e6v499xF/Q/wpH4MNbVsxZ1jMfJ8rVSSdDjIEkUu3PV3D2a5Qn3oXa4lS4d
	Edhf5wuQjg5dtk1eV+rPIFHvJcuLvTSi+j6pKvzLTczmqM7ZzNDXOjYwWVsmEiUd3eP6
	WTIYfmco44L5B174BC47LcT8jFfexfPUdHyUQ=
Received: by 10.223.120.84 with SMTP id c20mr196727far.93.1285597112200;
	Mon, 27 Sep 2010 07:18:32 -0700 (PDT)
Received: from [10.150.51.212] (gw0.net.jmsp.net [212.23.165.14])
	by mx.google.com with ESMTPS id
	c20sm2428137fak.33.2010.09.27.07.18.29
	(version=SSLv3 cipher=RC4-MD5);
	Mon, 27 Sep 2010 07:18:30 -0700 (PDT)
Subject: [PATCH net-next-2.6] fib: use atomic_inc_not_zero() in
	fib_rules_lookup
From: Eric Dumazet <eric.dumazet@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: netdev <netdev@vger.kernel.org>,
	"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Date: Mon, 27 Sep 2010 16:18:27 +0200
Message-ID: <1285597107.23938.250.camel@edumazet-laptop>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3 
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

It seems we dont use appropriate refcount increment in an
rcu_read_lock() protected section.

fib_rule_get() might increment a null refcount and bad things could
happen.

While fib_nl_delrule() respects an rcu grace period before calling
fib_rule_put(), fib_rules_cleanup_ops() calls fib_rule_put() without a
grace period.

Note : after this patch, we might avoid the synchronize_rcu() call done
in fib_nl_delrule()

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
 net/core/fib_rules.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 42e84e0..910eac3 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -225,9 +225,11 @@ jumped:
 			err = ops->action(rule, fl, flags, arg);
 
 		if (err != -EAGAIN) {
-			fib_rule_get(rule);
-			arg->rule = rule;
-			goto out;
+			if (likely(atomic_inc_not_zero(&rule->refcnt))) {
+				arg->rule = rule;
+				goto out;
+			}
+			break;
 		}
 	}