netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[PATCH 2.6 PKT_SCHED]: Fix scheduler/classifier module unload race

from [Patrick McHardy] [Permanent Link][Original]
To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: [PATCH 2.6 PKT_SCHED]: Fix scheduler/classifier module unload race
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Sun, 07 Nov 2004 23:41:27 +0100
Cc: netdev@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.3) Gecko/20041008 Debian/1.7.3-5 
This patch fixes an scheduler/classifier module unload race.
struct Qdisc_ops which includes the owner field is also part
of the module's memory, so ops might already be freed when
try_module_get(ops->owner) is called outside of the locked
section.

Regards
Patrick



# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/11/07 05:03:11+01:00 kaber@xxxxxxxxxxxx 
#   [PKT_SCHED]: Fix scheduler/classifier module unload race
#   
#   Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
# 
# net/sched/sch_api.c
#   2004/11/07 05:03:04+01:00 kaber@xxxxxxxxxxxx +4 -4
#   [PKT_SCHED]: Fix scheduler/classifier module unload race
#   
#   Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
# 
# net/sched/cls_api.c
#   2004/11/07 05:03:04+01:00 kaber@xxxxxxxxxxxx +4 -6
#   [PKT_SCHED]: Fix scheduler/classifier module unload race
#   
#   Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
# 
diff -Nru a/net/sched/cls_api.c b/net/sched/cls_api.c
--- a/net/sched/cls_api.c       2004-11-07 23:32:50 +01:00
+++ b/net/sched/cls_api.c       2004-11-07 23:32:50 +01:00
@@ -60,8 +60,11 @@
        if (kind) {
                read_lock(&cls_mod_lock);
                for (t = tcf_proto_base; t; t = t->next) {
-                       if (rtattr_strcmp(kind, t->kind) == 0)
+                       if (rtattr_strcmp(kind, t->kind) == 0) {
+                               if (!try_module_get(t->owner))
+                                       t = NULL;
                                break;
+                       }
                }
                read_unlock(&cls_mod_lock);
        }
@@ -231,11 +234,6 @@
                tp->q = q;
                tp->classify = tp_ops->classify;
                tp->classid = parent;
-               err = -EBUSY;
-               if (!try_module_get(tp_ops->owner)) {
-                       kfree(tp);
-                       goto errout;
-               }
                if ((err = tp_ops->init(tp)) != 0) {
                        module_put(tp_ops->owner);
                        kfree(tp);
diff -Nru a/net/sched/sch_api.c b/net/sched/sch_api.c
--- a/net/sched/sch_api.c       2004-11-07 23:32:50 +01:00
+++ b/net/sched/sch_api.c       2004-11-07 23:32:50 +01:00
@@ -229,8 +229,11 @@
        if (kind) {
                read_lock(&qdisc_mod_lock);
                for (q = qdisc_base; q; q = q->next) {
-                       if (rtattr_strcmp(kind, q->id) == 0)
+                       if (rtattr_strcmp(kind, q->id) == 0) {
+                               if (!try_module_get(q->owner))
+                                       q = NULL;
                                break;
+                       }
                }
                read_unlock(&qdisc_mod_lock);
        }
@@ -408,9 +411,6 @@
 
        err = -EINVAL;
        if (ops == NULL)
-               goto err_out;
-       err = -EBUSY;
-       if (!try_module_get(ops->owner))
                goto err_out;
 
        /* ensure that the Qdisc and the private data are 32-byte aligned */
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PROBLEM: IProute hangs after running traffic shaping scripts, Patrick McHardy
Next by Date:  Re: ZyXEL GN650-T, Francois Romieu
Previous by Thread:  Re: [patch 1/9] arcnet fixes, Esben Nielsen
Next by Thread:  Re: [PATCH 2.6 PKT_SCHED]: Fix scheduler/classifier module unload race, David S. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]