[PATCH 04/17] pppoatm: take ATM socket lock in pppoatm_send()

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Woodhouse <dwmw2@infradead.org>
To: netdev@vger.kernel.org
Cc: chas@cmf.nrl.navy.mil, krzysiek@podlesie.net,
	David Woodhouse <David.Woodhouse@intel.com>
Subject: [PATCH 04/17] pppoatm: take ATM socket lock in pppoatm_send()
Date: Fri, 30 Nov 2012 00:35:23 +0000	[thread overview]
Message-ID: <1354235736-26833-5-git-send-email-dwmw2@infradead.org> (raw)
In-Reply-To: <1354235736-26833-1-git-send-email-dwmw2@infradead.org>

From: Krzysztof Mazur <krzysiek@podlesie.net>

The pppoatm_send() does not take any lock that will prevent concurrent
vcc_sendmsg(). This causes two problems:

	- there is no locking between checking the send queue size
	  with atm_may_send() and incrementing sk_wmem_alloc,
	  and the real queue size can be a little higher than sk_sndbuf

	- the vcc->sendmsg() can be called concurrently. I'm not sure
	  if it's allowed. Some drivers (eni, nicstar, ...) seem
	  to assume it will never happen.

Now pppoatm_send() takes ATM socket lock, the same that is used
in vcc_sendmsg() and other ATM socket functions. The pppoatm_send()
is called with BH disabled, so bh_lock_sock() is used instead
of lock_sock().

Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
Cc: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 net/atm/pppoatm.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/net/atm/pppoatm.c b/net/atm/pppoatm.c
index b23c672..c4a57bc 100644
--- a/net/atm/pppoatm.c
+++ b/net/atm/pppoatm.c
@@ -272,10 +272,19 @@ static inline int pppoatm_may_send(struct pppoatm_vcc *pvcc, int size)
 static int pppoatm_send(struct ppp_channel *chan, struct sk_buff *skb)
 {
 	struct pppoatm_vcc *pvcc = chan_to_pvcc(chan);
+	struct atm_vcc *vcc;
+	int ret;
+
 	ATM_SKB(skb)->vcc = pvcc->atmvcc;
 	pr_debug("(skb=0x%p, vcc=0x%p)\n", skb, pvcc->atmvcc);
 	if (skb->data[0] == '\0' && (pvcc->flags & SC_COMP_PROT))
 		(void) skb_pull(skb, 1);
+
+	vcc = ATM_SKB(skb)->vcc;
+	bh_lock_sock(sk_atm(vcc));
+	if (sock_owned_by_user(sk_atm(vcc)))
+		goto nospace;
+
 	switch (pvcc->encaps) {		/* LLC encapsulation needed */
 	case e_llc:
 		if (skb_headroom(skb) < LLC_LEN) {
@@ -288,8 +297,10 @@ static int pppoatm_send(struct ppp_channel *chan, struct sk_buff *skb)
 			}
 			consume_skb(skb);
 			skb = n;
-			if (skb == NULL)
+			if (skb == NULL) {
+				bh_unlock_sock(sk_atm(vcc));
 				return DROP_PACKET;
+			}
 		} else if (!pppoatm_may_send(pvcc, skb->truesize))
 			goto nospace;
 		memcpy(skb_push(skb, LLC_LEN), pppllc, LLC_LEN);
@@ -299,6 +310,7 @@ static int pppoatm_send(struct ppp_channel *chan, struct sk_buff *skb)
 			goto nospace;
 		break;
 	case e_autodetect:
+		bh_unlock_sock(sk_atm(vcc));
 		pr_debug("Trying to send without setting encaps!\n");
 		kfree_skb(skb);
 		return 1;
@@ -308,9 +320,12 @@ static int pppoatm_send(struct ppp_channel *chan, struct sk_buff *skb)
 	ATM_SKB(skb)->atm_options = ATM_SKB(skb)->vcc->atm_options;
 	pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n",
 		 skb, ATM_SKB(skb)->vcc, ATM_SKB(skb)->vcc->dev);
-	return ATM_SKB(skb)->vcc->send(ATM_SKB(skb)->vcc, skb)
+	ret = ATM_SKB(skb)->vcc->send(ATM_SKB(skb)->vcc, skb)
 	    ? DROP_PACKET : 1;
+	bh_unlock_sock(sk_atm(vcc));
+	return ret;
 nospace:
+	bh_unlock_sock(sk_atm(vcc));
 	/*
 	 * We don't have space to send this SKB now, but we might have
 	 * already applied SC_COMP_PROT compression, so may need to undo
-- 
1.8.0

next prev parent reply	other threads:[~2012-11-30  0:36 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-30  0:35 [PATCH 00/17] ATM fixes for pppoatm/br2684 David Woodhouse
2012-11-30  0:35 ` [PATCH 01/17] atm: add owner of push() callback to atmvcc David Woodhouse
2012-11-30  0:35 ` [PATCH 02/17] pppoatm: allow assign only on a connected socket David Woodhouse
2012-11-30  0:35 ` [PATCH 03/17] pppoatm: fix module_put() race David Woodhouse
2012-11-30  0:35 ` David Woodhouse [this message]
2012-11-30  0:35 ` [PATCH 05/17] pppoatm: drop frames to not-ready vcc David Woodhouse
2012-11-30 10:27   ` Krzysztof Mazur
2012-11-30  0:35 ` [PATCH 06/17] pppoatm: do not inline pppoatm_may_send() David Woodhouse
2012-11-30  0:35 ` [PATCH 07/17] solos-pci: Wait for pending TX to complete when releasing vcc David Woodhouse
2012-12-02  0:17   ` [PATCH v2 " David Woodhouse
2012-11-30  0:35 ` [PATCH 08/17] br2684: don't send frames on not-ready vcc David Woodhouse
2012-11-30  0:35 ` [PATCH 09/17] atm: Add release_cb() callback to vcc David Woodhouse
2012-11-30  0:35 ` [PATCH 10/17] pppoatm: fix missing wakeup in pppoatm_send() David Woodhouse
2012-11-30  0:35 ` [PATCH 11/17] br2684: fix module_put() race David Woodhouse
2012-11-30  0:35 ` [PATCH 12/17] solos-pci: Fix leak of skb received for unknown vcc David Woodhouse
2012-11-30  0:35 ` [PATCH 13/17] br2684: allow assign only on a connected socket David Woodhouse
2012-11-30  0:35 ` [PATCH 14/17] pppoatm: optimise PPP channel wakeups after sock_owned_by_user() David Woodhouse
2012-11-30  0:35 ` [PATCH 15/17] solos-pci: clean up pclose() function David Woodhouse
2012-11-30  0:35 ` [PATCH 16/17] solos-pci: use GFP_KERNEL where possible, not GFP_ATOMIC David Woodhouse
2012-11-30  0:35 ` [PATCH 17/17] solos-pci: remove list_vccs() debugging function David Woodhouse
2012-11-30 10:44 ` [PATCH 00/17] ATM fixes for pppoatm/br2684 Krzysztof Mazur
2012-11-30 20:22   ` David Woodhouse
2012-12-01 16:43     ` David Miller
2012-12-01 16:44       ` David Miller
2012-12-01 16:48         ` David Woodhouse
2012-12-01 17:02           ` Chas Williams (CONTRACTOR)
2012-12-01 17:21             ` David Woodhouse
2012-12-02  1:57               ` Chas Williams (CONTRACTOR)
2012-12-02  2:17                 ` David Miller
2012-12-01 17:33         ` David Woodhouse
2012-12-02  0:40           ` David Woodhouse
2012-12-02  1:49             ` David Miller
2012-12-02  8:14               ` David Woodhouse
2012-12-02 21:29                 ` Checking struct size against sizeof(skb->cb) (was Re: [PATCH 00/17] ATM fixes for pppoatm/br2684) David Woodhouse
2012-12-20 14:03               ` skb->cb size checks " David Woodhouse
2012-12-02  0:35         ` [PATCH 00/17] ATM fixes for pppoatm/br2684 David Woodhouse
2012-12-02  1:47           ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b23c672 dfblob:c4a57bc )
 OR (
bs:"[PATCH 04/17] pppoatm: take ATM socket lock in pppoatm_send()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1354235736-26833-5-git-send-email-dwmw2@infradead.org \
    --to=dwmw2@infradead.org \
    --cc=David.Woodhouse@intel.com \
    --cc=chas@cmf.nrl.navy.mil \
    --cc=krzysiek@podlesie.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).