This patch resolves the race condition with module unload
in qdisc_create by moving try_module_get up to the first
qdisc_lookup_ops call.
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/08/17 01:32:55+02:00 kaber@xxxxxxxxxxxx
# [PKT_SCHED]: Resolve race condition with module unload in qdisc_create()
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# net/sched/sch_api.c
# 2004/08/17 01:32:36+02:00 kaber@xxxxxxxxxxxx +6 -13
# [PKT_SCHED]: Resolve race condition with module unload in qdisc_create()
#
diff -Nru a/net/sched/sch_api.c b/net/sched/sch_api.c
--- a/net/sched/sch_api.c 2004-08-17 01:35:50 +02:00
+++ b/net/sched/sch_api.c 2004-08-17 01:35:50 +02:00
@@ -407,6 +407,9 @@
err = -EINVAL;
if (ops == NULL)
goto err_out;
+ err = -EBUSY;
+ if (!try_module_get(ops->owner))
+ goto err_out;
/* ensure that the Qdisc and the private data are 32-byte aligned */
size = ((sizeof(*sch) + QDISC_ALIGN_CONST) & ~QDISC_ALIGN_CONST);
@@ -415,18 +418,12 @@
p = kmalloc(size, GFP_KERNEL);
err = -ENOBUFS;
if (!p)
- goto err_out;
+ goto err_out2;
memset(p, 0, size);
sch = (struct Qdisc *)(((unsigned long)p + QDISC_ALIGN_CONST)
& ~QDISC_ALIGN_CONST);
sch->padded = (char *)sch - (char *)p;
- /* Grrr... Resolve race condition with module unload */
-
- err = -EINVAL;
- if (ops != qdisc_lookup_ops(kind))
- goto err_out;
-
INIT_LIST_HEAD(&sch->list);
skb_queue_head_init(&sch->q);
@@ -444,7 +441,7 @@
handle = qdisc_alloc_handle(dev);
err = -ENOMEM;
if (handle == 0)
- goto err_out;
+ goto err_out2;
}
if (handle == TC_H_INGRESS)
@@ -452,10 +449,6 @@
else
sch->handle = handle;
- err = -EBUSY;
- if (!try_module_get(ops->owner))
- goto err_out;
-
/* enqueue is accessed locklessly - make sure it's visible
* before we set a netdevice's qdisc pointer to sch */
smp_wmb();
@@ -471,8 +464,8 @@
#endif
return sch;
}
+err_out2:
module_put(ops->owner);
-
err_out:
*errp = err;
if (p)
|