netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 2.6 PKT_SCHED]: Fix scheduler/classifier module unload race
@ 2004-11-07 22:41 Patrick McHardy
  2004-11-10  5:46 ` David S. Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Patrick McHardy @ 2004-11-07 22:41 UTC (permalink / raw)
  To: David S. Miller; +Cc: netdev

[-- Attachment #1: Type: text/plain, Size: 268 bytes --]

This patch fixes an scheduler/classifier module unload race.
struct Qdisc_ops which includes the owner field is also part
of the module's memory, so ops might already be freed when
try_module_get(ops->owner) is called outside of the locked
section.

Regards
Patrick



[-- Attachment #2: x --]
[-- Type: text/plain, Size: 2062 bytes --]

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/11/07 05:03:11+01:00 kaber@coreworks.de 
#   [PKT_SCHED]: Fix scheduler/classifier module unload race
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/sched/sch_api.c
#   2004/11/07 05:03:04+01:00 kaber@coreworks.de +4 -4
#   [PKT_SCHED]: Fix scheduler/classifier module unload race
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/sched/cls_api.c
#   2004/11/07 05:03:04+01:00 kaber@coreworks.de +4 -6
#   [PKT_SCHED]: Fix scheduler/classifier module unload race
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
diff -Nru a/net/sched/cls_api.c b/net/sched/cls_api.c
--- a/net/sched/cls_api.c	2004-11-07 23:32:50 +01:00
+++ b/net/sched/cls_api.c	2004-11-07 23:32:50 +01:00
@@ -60,8 +60,11 @@
 	if (kind) {
 		read_lock(&cls_mod_lock);
 		for (t = tcf_proto_base; t; t = t->next) {
-			if (rtattr_strcmp(kind, t->kind) == 0)
+			if (rtattr_strcmp(kind, t->kind) == 0) {
+				if (!try_module_get(t->owner))
+					t = NULL;
 				break;
+			}
 		}
 		read_unlock(&cls_mod_lock);
 	}
@@ -231,11 +234,6 @@
 		tp->q = q;
 		tp->classify = tp_ops->classify;
 		tp->classid = parent;
-		err = -EBUSY;
-		if (!try_module_get(tp_ops->owner)) {
-			kfree(tp);
-			goto errout;
-		}
 		if ((err = tp_ops->init(tp)) != 0) {
 			module_put(tp_ops->owner);
 			kfree(tp);
diff -Nru a/net/sched/sch_api.c b/net/sched/sch_api.c
--- a/net/sched/sch_api.c	2004-11-07 23:32:50 +01:00
+++ b/net/sched/sch_api.c	2004-11-07 23:32:50 +01:00
@@ -229,8 +229,11 @@
 	if (kind) {
 		read_lock(&qdisc_mod_lock);
 		for (q = qdisc_base; q; q = q->next) {
-			if (rtattr_strcmp(kind, q->id) == 0)
+			if (rtattr_strcmp(kind, q->id) == 0) {
+				if (!try_module_get(q->owner))
+					q = NULL;
 				break;
+			}
 		}
 		read_unlock(&qdisc_mod_lock);
 	}
@@ -408,9 +411,6 @@
 
 	err = -EINVAL;
 	if (ops == NULL)
-		goto err_out;
-	err = -EBUSY;
-	if (!try_module_get(ops->owner))
 		goto err_out;
 
 	/* ensure that the Qdisc and the private data are 32-byte aligned */

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-11-10  5:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-07 22:41 [PATCH 2.6 PKT_SCHED]: Fix scheduler/classifier module unload race Patrick McHardy
2004-11-10  5:46 ` David S. Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).