[patch 28/28] udp: Fix rcv socket locking

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
	Zwane Mwaikambo <zwane@arm.linux.org.uk>,
	"Theodore Ts'o" <tytso@mit.edu>,
	Randy Dunlap <rdunlap@xenotime.net>,
	Dave Jones <davej@redhat.com>,
	Chuck Wolber <chuckw@quantumlinux.com>,
	Chris Wedgwood <reviews@ml.cw.f00f.org>,
	Michael Krufky <mkrufky@linuxtv.org>,
	Chuck Ebbert <cebbert@redhat.com>,
	Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
	Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
	Jake Edge <jake@lwn.net>, Eugene Teo <eteo@redhat.com>,
	torvalds@linux-foundation.org, akpm@linux-foundation.org,
	alan@lxorguk.ukuu.org.uk,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>
Subject: [patch 28/28] udp: Fix rcv socket locking
Date: Mon, 6 Oct 2008 16:18:01 -0700	[thread overview]
Message-ID: <20081006231801.GC20567@suse.de> (raw)
In-Reply-To: <20081006231639.GA20567@suse.de>

[-- Attachment #1: 0006-udp-Fix-rcv-socket-locking.patch --]
[-- Type: text/plain, Size: 3998 bytes --]

2.6.25-stable review patch.  If anyone has any objections, please let us
know.

------------------
From: Herbert Xu <herbert@gondor.apana.org.au>

[ Upstream commits d97106ea52aa57e63ff40d04479016836bbb5a4e and
   93821778def10ec1e69aa3ac10adee975dad4ff3 ]

The previous patch in response to the recursive locking on IPsec
reception is broken as it tries to drop the BH socket lock while in
user context.

This patch fixes it by shrinking the section protected by the
socket lock to sock_queue_rcv_skb only.  The only reason we added
the lock is for the accounting which happens in that function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 net/ipv4/udp.c |   57 +++++++++++++++++++++++++++++++++------------------------
 net/ipv6/udp.c |    6 +++---
 2 files changed, 36 insertions(+), 27 deletions(-)

--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -956,6 +956,27 @@ int udp_disconnect(struct sock *sk, int 
 	return 0;
 }
 
+static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+{
+	int is_udplite = IS_UDPLITE(sk);
+	int rc;
+
+	if ((rc = sock_queue_rcv_skb(sk, skb)) < 0) {
+		/* Note that an ENOMEM error is charged twice */
+		if (rc == -ENOMEM)
+			UDP_INC_STATS_BH(UDP_MIB_RCVBUFERRORS,
+					 is_udplite);
+		goto drop;
+	}
+
+	return 0;
+
+drop:
+	UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite);
+	kfree_skb(skb);
+	return -1;
+}
+
 /* returns:
  *  -1: error
  *   0: success
@@ -1046,14 +1067,16 @@ int udp_queue_rcv_skb(struct sock * sk, 
 			goto drop;
 	}
 
-	if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) {
-		/* Note that an ENOMEM error is charged twice */
-		if (rc == -ENOMEM)
-			UDP_INC_STATS_BH(UDP_MIB_RCVBUFERRORS, is_udplite);
-		goto drop;
-	}
+	rc = 0;
 
-	return 0;
+	bh_lock_sock(sk);
+	if (!sock_owned_by_user(sk))
+		rc = __udp_queue_rcv_skb(sk, skb);
+	else
+		sk_add_backlog(sk, skb);
+	bh_unlock_sock(sk);
+
+	return rc;
 
 drop:
 	UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite);
@@ -1091,15 +1114,7 @@ static int __udp4_lib_mcast_deliver(stru
 				skb1 = skb_clone(skb, GFP_ATOMIC);
 
 			if (skb1) {
-				int ret = 0;
-
-				bh_lock_sock_nested(sk);
-				if (!sock_owned_by_user(sk))
-					ret = udp_queue_rcv_skb(sk, skb1);
-				else
-					sk_add_backlog(sk, skb1);
-				bh_unlock_sock(sk);
-
+				int ret = udp_queue_rcv_skb(sk, skb1);
 				if (ret > 0)
 					/* we should probably re-process instead
 					 * of dropping packets here. */
@@ -1192,13 +1207,7 @@ int __udp4_lib_rcv(struct sk_buff *skb, 
 			uh->dest, inet_iif(skb), udptable);
 
 	if (sk != NULL) {
-		int ret = 0;
-		bh_lock_sock_nested(sk);
-		if (!sock_owned_by_user(sk))
-			ret = udp_queue_rcv_skb(sk, skb);
-		else
-			sk_add_backlog(sk, skb);
-		bh_unlock_sock(sk);
+		int ret = udp_queue_rcv_skb(sk, skb);
 		sock_put(sk);
 
 		/* a return value > 0 means to resubmit the input, but
@@ -1493,7 +1502,7 @@ struct proto udp_prot = {
 	.sendmsg	   = udp_sendmsg,
 	.recvmsg	   = udp_recvmsg,
 	.sendpage	   = udp_sendpage,
-	.backlog_rcv	   = udp_queue_rcv_skb,
+	.backlog_rcv	   = __udp_queue_rcv_skb,
 	.hash		   = udp_lib_hash,
 	.unhash		   = udp_lib_unhash,
 	.get_port	   = udp_v4_get_port,
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -373,7 +373,7 @@ static int __udp6_lib_mcast_deliver(stru
 					uh->source, saddr, dif))) {
 		struct sk_buff *buff = skb_clone(skb, GFP_ATOMIC);
 		if (buff) {
-			bh_lock_sock_nested(sk2);
+			bh_lock_sock(sk2);
 			if (!sock_owned_by_user(sk2))
 				udpv6_queue_rcv_skb(sk2, buff);
 			else
@@ -381,7 +381,7 @@ static int __udp6_lib_mcast_deliver(stru
 			bh_unlock_sock(sk2);
 		}
 	}
-	bh_lock_sock_nested(sk);
+	bh_lock_sock(sk);
 	if (!sock_owned_by_user(sk))
 		udpv6_queue_rcv_skb(sk, skb);
 	else
@@ -499,7 +499,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, 
 
 	/* deliver */
 
-	bh_lock_sock_nested(sk);
+	bh_lock_sock(sk);
 	if (!sock_owned_by_user(sk))
 		udpv6_queue_rcv_skb(sk, skb);
 	else

--

     prev parent reply	other threads:[~2008-10-06 23:31 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20081006225949.357365087@mini.kroah.org>
2008-10-06 23:16 ` [patch 00/28] 2.6.25-stable review Greg KH
2008-10-06 23:16   ` [patch 01/28] USB: fix hcd interrupt disabling Greg KH
2008-10-06 23:17   ` [patch 02/28] pxa2xx_spi: dma bugfixes Greg KH
2008-10-07  0:15     ` Ned Forrester
2008-10-06 23:17   ` [patch 03/28] pxa2xx_spi: chipselect bugfixes Greg KH
2008-10-06 23:17   ` [patch 04/28] drivers/mmc/card/block.c: fix refcount leak in mmc_block_open() Greg KH
2008-10-06 23:17   ` [patch 05/28] ALSA: hda - Fix model for Dell Inspiron 1525 Greg KH
2008-10-07  5:55     ` Takashi Iwai
2008-10-09  2:38       ` Greg KH
2008-10-06 23:17   ` [patch 06/28] i2c-dev: Return correct error code on class_create() failure Greg KH
2008-10-06 23:17   ` [patch 07/28] ACPI: Fix thermal shutdowns Greg KH
2008-10-06 23:17   ` [patch 08/28] x86: add io delay quirk for Presario F700 Greg KH
2008-10-06 23:17   ` [patch 09/28] rtc: fix deadlock Greg KH
2008-10-06 23:17   ` [patch 10/28] ACPI: Avoid bogus EC timeout when EC is in Polling mode Greg KH
2008-10-06 23:17   ` [patch 11/28] clockevents: prevent clockevent event_handler ending up handler_noop Greg KH
2008-10-06 23:17   ` [patch 12/28] clockevents: prevent endless loop in periodic broadcast handler Greg KH
2008-10-06 23:17   ` [patch 13/28] clockevents: enforce reprogram in oneshot setup Greg KH
2008-10-06 23:17   ` [patch 14/28] clockevents: prevent multiple init/shutdown Greg KH
2008-10-06 23:17   ` [patch 15/28] clockevents: prevent endless loop lockup Greg KH
2008-10-06 23:17   ` [patch 16/28] HPET: make minimum reprogramming delta useful Greg KH
2008-10-06 23:17   ` [patch 17/28] clockevents: broadcast fixup possible waiters Greg KH
2008-10-06 23:17   ` [patch 18/28] x86: HPET fix moronic 32/64bit thinko Greg KH
2008-10-06 23:17   ` [patch 19/28] x86: HPET: read back compare register before reading counter Greg KH
2008-10-06 23:17   ` [patch 20/28] ntp: fix calculation of the next jiffie to trigger RTC sync Greg KH
2008-10-06 23:17   ` [patch 21/28] clockevents: remove WARN_ON which was used to gather information Greg KH
2008-10-06 23:17   ` [patch 22/28] x86: Fix broken LDT access in VMI Greg KH
2008-10-06 23:17   ` [patch 23/28] ipv6: Fix OOPS in ip6_dst_lookup_tail() Greg KH
2008-10-06 23:51     ` Neil Horman
2008-10-06 23:17   ` [patch 24/28] niu: panic on reset Greg KH
2008-10-06 23:17   ` [patch 25/28] netlink: fix overrun in attribute iteration Greg KH
2008-10-06 23:17   ` [patch 26/28] sctp: do not enable peer features if we cant do them Greg KH
2008-10-06 23:17   ` [patch 27/28] sctp: Fix oops when INIT-ACK indicates that peer doesnt support AUTH Greg KH
2008-10-06 23:18   ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081006231801.GC20567@suse.de \
    --to=gregkh@suse.de \
    --cc=akpm@linux-foundation.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=cavokz@gmail.com \
    --cc=cebbert@redhat.com \
    --cc=chuckw@quantumlinux.com \
    --cc=davej@redhat.com \
    --cc=davem@davemloft.net \
    --cc=eteo@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jake@lwn.net \
    --cc=jmforbes@linuxtx.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mkrufky@linuxtv.org \
    --cc=rbranco@la.checkpoint.com \
    --cc=rdunlap@xenotime.net \
    --cc=reviews@ml.cw.f00f.org \
    --cc=stable@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    --cc=w@1wt.eu \
    --cc=zwane@arm.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.