Re: [PATCH] net: Fix sock_wfree() race

From: David Miller
Date: Fri Sep 11 2009 - 14:43:32 EST

Next message: Ingo Molnar: "[GIT PULL] core/futexes for v2.6.32"
Previous message: Ingo Molnar: "[GIT PULL] core/debug for v2.6.32"
In reply to: Eric Dumazet: "Re: [PATCH] net: Fix sock_wfree() race"
Next in thread: David Miller: "Re: [PATCH] net: Fix sock_wfree() race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Date: Wed, 09 Sep 2009 00:49:31 +0200

> [PATCH] net: Fix sock_wfree() race
>
> Commit 2b85a34e911bf483c27cfdd124aeb1605145dc80
> (net: No more expensive sock_hold()/sock_put() on each tx)
> opens a window in sock_wfree() where another cpu
> might free the socket we are working on.
>
> Fix is to call sk->sk_write_space(sk) only
> while still holding a reference on sk.
>
> Since doing this call is done before the
> atomic_sub(truesize, &sk->sk_wmem_alloc), we should pass truesize as
> a bias for possible sk_wmem_alloc evaluations.
>
> Reported-by: Jike Song <albcamus@xxxxxxxxx>
> Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>

Applied to net-next-2.6, thanks. I'll queue up your simpler
version for -stable.

BTW, if most if not all of the sock_writeable() calls are now
sock_writeable_bias(), it's probably better to just add the
bias argument to sock_writable().

And a quick grep shows that only a few plain sock_writeable()
calls remain in the less often used protocols.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "[GIT PULL] core/futexes for v2.6.32"
Previous message: Ingo Molnar: "[GIT PULL] core/debug for v2.6.32"
In reply to: Eric Dumazet: "Re: [PATCH] net: Fix sock_wfree() race"
Next in thread: David Miller: "Re: [PATCH] net: Fix sock_wfree() race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]