netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: [patch 1/1] Convert the semaphore to a mutex in net/tipc/socket.c
       [not found] ` <20071210011800.543055487@gmail.com>
@ 2007-12-12  0:44   ` Andrew Morton
  2007-12-12 19:24     ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Andrew Morton @ 2007-12-12  0:44 UTC (permalink / raw)
  To: Kevin Winchester
  Cc: mingo, per.liden, jon.maloy, allan.stephens, tipc-discussion,
	linux-kernel, kjwinchester, netdev, David S. Miller

On Sun, 09 Dec 2007 21:17:42 -0400
Kevin Winchester <kjwinchester@gmail.com> wrote:

> Note also that in the release method, down_interruptible() was being called
> without checking the return value.  I converted it to mutex_lock_interruptible()
> and made the interrupted case return -ERESTARTSYS, as was done for all other
> calls to down_interruptible() in the file.

That's an outright bug.

static int release(struct socket *sock)
{
	struct tipc_sock *tsock = tipc_sk(sock->sk);
	struct sock *sk = sock->sk;
	int res = TIPC_OK;
	struct sk_buff *buf;

	dbg("sock_delete: %x\n",tsock);
	if (!tsock)
		return 0;
	down_interruptible(&tsock->sem);
	if (!sock->sk) {
		up(&tsock->sem);
		return 0;
	}

	...

	up(&tsock->sem);

	...	
}

So if the calling process has signal_pending(), down_interruptible() will
return without having downed the semaphore and then we merrily proceed to
do up() on it, so a subsequent down() won't actually take the lock and
things will deteriorate from there.

So I'd propose this:

--- a/net/tipc/socket.c~a
+++ a/net/tipc/socket.c
@@ -253,7 +253,7 @@ static int release(struct socket *sock)
 	dbg("sock_delete: %x\n",tsock);
 	if (!tsock)
 		return 0;
-	down_interruptible(&tsock->sem);
+	down(&tsock->sem);
 	if (!sock->sk) {
 		up(&tsock->sem);
 		return 0;
_

as a for-2.6.24 bugfix.  And for 2.6.23.  But someone who knows what
they're doing should take a look at this...


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [patch 1/1] Convert the semaphore to a mutex in net/tipc/socket.c
  2007-12-12  0:44   ` [patch 1/1] Convert the semaphore to a mutex in net/tipc/socket.c Andrew Morton
@ 2007-12-12 19:24     ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2007-12-12 19:24 UTC (permalink / raw)
  To: akpm
  Cc: jon.maloy, per.liden, netdev, linux-kernel, tipc-discussion,
	allan.stephens, kjwinchester, mingo

From: Andrew Morton <akpm@linux-foundation.org>
Date: Tue, 11 Dec 2007 16:44:45 -0800

> So I'd propose this:

I've applied this to net-2.6, thanks Andrew.

-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-12-12 19:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20071210011741.039692330@gmail.com>
     [not found] ` <20071210011800.543055487@gmail.com>
2007-12-12  0:44   ` [patch 1/1] Convert the semaphore to a mutex in net/tipc/socket.c Andrew Morton
2007-12-12 19:24     ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).