From: Dan Carpenter <dan.carpenter@linaro.org>
To: Lizhi Xu <lizhi.xu@windriver.com>
Cc: davem@davemloft.net, edumazet@google.com, horms@kernel.org,
kuba@kernel.org, linux-hams@vger.kernel.org,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
pabeni@redhat.com,
syzbot+2860e75836a08b172755@syzkaller.appspotmail.com,
syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH V2] netrom: Prevent race conditions between multiple add route
Date: Mon, 20 Oct 2025 15:57:33 +0300 [thread overview]
Message-ID: <aPYxvdLFjjduK28o@stanley.mountain> (raw)
In-Reply-To: <aPYqRJXGhCNws4d3@stanley.mountain>
On Mon, Oct 20, 2025 at 03:25:40PM +0300, Dan Carpenter wrote:
> netrom/nr_route.c
> 214 nr_node_lock(nr_node);
I guess nr_node is different for each thread?
> 215
> 216 if (quality != 0)
> 217 strscpy(nr_node->mnemonic, mnemonic);
> 218
> 219 for (found = 0, i = 0; i < nr_node->count; i++) {
> 220 if (nr_node->routes[i].neighbour == nr_neigh) {
> 221 nr_node->routes[i].quality = quality;
> 222 nr_node->routes[i].obs_count = obs_count;
> 223 found = 1;
> 224 break;
> 225 }
> 226 }
> 227
> 228 if (!found) {
> 229 /* We have space at the bottom, slot it in */
> 230 if (nr_node->count < 3) {
> 231 nr_node->routes[2] = nr_node->routes[1];
> 232 nr_node->routes[1] = nr_node->routes[0];
> 233
> 234 nr_node->routes[0].quality = quality;
> 235 nr_node->routes[0].obs_count = obs_count;
> 236 nr_node->routes[0].neighbour = nr_neigh;
> 237
> 238 nr_node->which++;
> 239 nr_node->count++;
> 240 nr_neigh_hold(nr_neigh);
> 241 nr_neigh->count++;
> 242 } else {
> 243 /* It must be better than the worst */
> 244 if (quality > nr_node->routes[2].quality) {
> 245 nr_node->routes[2].neighbour->count--;
> 246 nr_neigh_put(nr_node->routes[2].neighbour);
> 247
> 248 if (nr_node->routes[2].neighbour->count == 0 && !nr_node->routes[2].neighbour->locked)
> 249 nr_remove_neigh(nr_node->routes[2].neighbour);
Does neighbour->count means how many nr_node pointers have it in ->routes[]?
I wish this code had comments.
KTDOO: add comments explaining all the counters in netrom/nr_route.c
> 250
> 251 nr_node->routes[2].quality = quality;
> 252 nr_node->routes[2].obs_count = obs_count;
> 253 nr_node->routes[2].neighbour = nr_neigh;
> 254
> 255 nr_neigh_hold(nr_neigh);
> 256 nr_neigh->count++;
Could we just add some locking to this if statement only? I had thought
that nr_node_lock() serialized it but now I think maybe not? Or maybe we
could increment the counters before assigning it?
nr_neigh->count++;
nr_neigh_hold(nr_neigh);
nr_node->routes[2].neighbour = nr_neigh;
I'm not an expert in concerency. Does calling nr_neigh_hold() mean th
that the nr_neigh->count++ will happen before the assignment?
> 257 }
> 258 }
> 259 }
regards,
dan carpenter
next prev parent reply other threads:[~2025-10-20 12:57 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 16:35 [syzbot] [hams?] KASAN: slab-use-after-free Read in nr_add_node syzbot
2025-10-18 20:37 ` syzbot
2025-10-19 5:02 ` Brahmajit Das
2025-10-19 5:21 ` syzbot
2025-10-19 5:10 ` Brahmajit Das
2025-10-19 5:10 ` syzbot
2025-10-20 8:13 ` [PATCH] netrom: Prevent race conditions between multiple add route Lizhi Xu
2025-10-20 10:10 ` Dan Carpenter
2025-10-20 11:02 ` [PATCH V2] " Lizhi Xu
2025-10-20 12:25 ` Dan Carpenter
2025-10-20 12:33 ` Dan Carpenter
2025-10-20 12:57 ` Dan Carpenter [this message]
2025-10-20 13:34 ` Lizhi Xu
2025-10-20 13:49 ` Lizhi Xu
2025-10-20 17:59 ` Dan Carpenter
2025-10-21 2:05 ` Lizhi Xu
2025-10-21 6:36 ` Dan Carpenter
2025-10-21 8:34 ` Lizhi Xu
2025-10-21 8:35 ` [PATCH V3] netrom: Prevent race conditions between neighbor operations Lizhi Xu
2025-10-23 11:44 ` Paolo Abeni
2025-10-23 11:54 ` Eric Dumazet
2025-10-23 12:41 ` Lizhi Xu
2025-10-23 13:50 ` [PATCH V4] netrom: Preventing the use of abnormal neighbor Lizhi Xu
2025-10-28 14:13 ` Paolo Abeni
2025-10-29 2:59 ` Lizhi Xu
2025-11-13 6:33 ` Lizhi Xu
2025-10-24 10:45 ` [PATCH V3] netrom: Prevent race conditions between neighbor operations Dan Carpenter
2025-10-19 5:16 ` Forwarded: Re: [syzbot] [hams?] KASAN: slab-use-after-free Read in nr_add_node syzbot
2025-10-19 13:55 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPYxvdLFjjduK28o@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-hams@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizhi.xu@windriver.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzbot+2860e75836a08b172755@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.