netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] vlan: fix potential race in vlan_cleanup_module vs vlan_ioctl_handler
@ 2007-12-11 10:25 Pavel Emelyanov
  2007-12-11 10:38 ` Patrick McHardy
  0 siblings, 1 reply; 3+ messages in thread
From: Pavel Emelyanov @ 2007-12-11 10:25 UTC (permalink / raw)
  To: David Miller, Patrick McHardy; +Cc: Linux Netdev List, devel

The vlan module cleanup function starts with

	vlan_netlink_fini();
	vlan_ioctl_set(NULL);

The first call removes all the vlan devices and
the second one closes the vlan ioctl.

AFAIS there's a tiny race window between these two
calls - after rtnl unregistered all the vlans, but 
the ioctl handler isn't set to NULL yet, user can 
manage to call this ioctl and create one vlan device, 
and that this function will later BUG_ON seeing 
non-emply hashes.

I think, that we must first close the vlan ioctl
and only after this remove all the vlans with the
vlan_netlink_fini() call.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>

---

diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 5b18315..4add9bd 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -124,8 +124,8 @@ static void __exit vlan_cleanup_module(void)
 {
 	int i;
 
-	vlan_netlink_fini();
 	vlan_ioctl_set(NULL);
+	vlan_netlink_fini();
 
 	/* Un-register us from receiving netdevice events */
 	unregister_netdevice_notifier(&vlan_notifier_block);

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-12-11 10:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-11 10:25 [PATCH] vlan: fix potential race in vlan_cleanup_module vs vlan_ioctl_handler Pavel Emelyanov
2007-12-11 10:38 ` Patrick McHardy
2007-12-11 10:41   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).