missing spin_unlock in tcp_v4_get

The Linux Kernel Mailing List
 help / color / mirror / Atom feed

* missing spin_unlock in tcp_v4_get_port
@ 2005-08-22 21:17 Ted Unangst
  2005-08-22 21:25 ` David S. Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Ted Unangst @ 2005-08-22 21:17 UTC (permalink / raw)
  To: linux-kernel

There appears to be a missing spin_unlock in tcp_v4_get_port.

                 do {    rover++;
                         if (rover > high)
                                 rover = low;
                         head = &tcp_bhash[tcp_bhashfn(rover)];
                         spin_lock(&head->lock);
head->lock is acquired.
                         tb_for_each(tb, node, &head->chain)
                                 if (tb->port == rover)
                                         goto next;
we don't find what we want.  break out of while loop.
                         break;
                 next:
                         spin_unlock(&head->lock);
                 } while (--remaining > 0);
                 tcp_port_rover = rover;
                 spin_unlock(&tcp_portalloc_lock);

                 /* Exhausted local port range during search? */
                 ret = 1;
                 if (remaining <= 0)
                         goto fail;
here we go to fail; head->lock is still acquired.
....
fail_unlock:
         spin_unlock(&head->lock);
fail:
         local_bh_enable();
         return ret;

Is this a real bug?  The same code was also copy-pasted into 
tcp_v6_get_port.


-- 
Ted Unangst             www.coverity.com             Coverity, Inc.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: missing spin_unlock in tcp_v4_get_port
  2005-08-22 21:17 missing spin_unlock in tcp_v4_get_port Ted Unangst
@ 2005-08-22 21:25 ` David S. Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2005-08-22 21:25 UTC (permalink / raw)
  To: tedu; +Cc: linux-kernel

From: Ted Unangst <tedu@coverity.com>
Subject: missing spin_unlock in tcp_v4_get_port
Date: Mon, 22 Aug 2005 14:17:36 -0700

> There appears to be a missing spin_unlock in tcp_v4_get_port.
> 
>                  do {    rover++;
>                          if (rover > high)
>                                  rover = low;
>                          head = &tcp_bhash[tcp_bhashfn(rover)];
>                          spin_lock(&head->lock);
> head->lock is acquired.
>                          tb_for_each(tb, node, &head->chain)
>                                  if (tb->port == rover)
>                                          goto next;
> we don't find what we want.  break out of while loop.
>                          break;
>                  next:
>                          spin_unlock(&head->lock);
>                  } while (--remaining > 0);
>                  tcp_port_rover = rover;
>                  spin_unlock(&tcp_portalloc_lock);
> 
>                  /* Exhausted local port range during search? */
>                  ret = 1;
>                  if (remaining <= 0)
>                          goto fail;
> here we go to fail; head->lock is still acquired.

Only if remaining <= 0, in which case we broke out of the loop due to
the "while (--remaining > 0)" test, not because of the "break;"
statement, and thus the lock is not held.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-08-22 21:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-22 21:17 missing spin_unlock in tcp_v4_get_port Ted Unangst
2005-08-22 21:25 ` David S. Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox