[PATCH net-next-2.6] fib: use atomic_inc_not_zero() in fib_rules_lookup

[PATCH net-next-2.6] fib: use atomic_inc_not_zero() in fib_rules_lookup

[Eric Dumazet]

It seems we dont use appropriate refcount increment in an
rcu_read_lock() protected section.

fib_rule_get() might increment a null refcount and bad things could
happen.

While fib_nl_delrule() respects an rcu grace period before calling
fib_rule_put(), fib_rules_cleanup_ops() calls fib_rule_put() without a
grace period.

Note : after this patch, we might avoid the synchronize_rcu() call done
in fib_nl_delrule()

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
 net/core/fib_rules.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 42e84e0..910eac3 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -225,9 +225,11 @@ jumped:
 			err = ops->action(rule, fl, flags, arg);
 
 		if (err != -EAGAIN) {
-			fib_rule_get(rule);
-			arg->rule = rule;
-			goto out;
+			if (likely(atomic_inc_not_zero(&rule->refcnt))) {
+				arg->rule = rule;
+				goto out;
+			}
+			break;
 		}
 	}
 

Re: [PATCH net-next-2.6] fib: use atomic_inc_not_zero() in fib_rules_lookup

[David Miller]

From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Mon, 27 Sep 2010 16:18:27 +0200

> It seems we dont use appropriate refcount increment in an
> rcu_read_lock() protected section.
> 
> fib_rule_get() might increment a null refcount and bad things could
> happen.
> 
> While fib_nl_delrule() respects an rcu grace period before calling
> fib_rule_put(), fib_rules_cleanup_ops() calls fib_rule_put() without a
> grace period.
> 
> Note : after this patch, we might avoid the synchronize_rcu() call done
> in fib_nl_delrule()
> 
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>

Applied.