diff options
author | Eric Dumazet <edumazet@google.com> | 2016-04-01 08:52:16 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-04-04 22:11:19 -0400 |
commit | 3a5d1c0e7cb5ba91aabbd7e28626e3cc925f8093 (patch) | |
tree | 14db12b0567eaaa34d3d9850645daf8b54e8689f | |
parent | 2d331915a04144dad738e725769d8fac06ef6155 (diff) | |
download | op-kernel-dev-3a5d1c0e7cb5ba91aabbd7e28626e3cc925f8093.zip op-kernel-dev-3a5d1c0e7cb5ba91aabbd7e28626e3cc925f8093.tar.gz |
inet: reqsk_alloc() needs to take care of dead listeners
We'll soon no longer take a refcount on listeners,
so reqsk_alloc() can not assume a listener refcount is not
zero. We need to use atomic_inc_not_zero()
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/request_sock.h | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/include/net/request_sock.h b/include/net/request_sock.h index f49759d..6ebe13e 100644 --- a/include/net/request_sock.h +++ b/include/net/request_sock.h @@ -85,24 +85,23 @@ reqsk_alloc(const struct request_sock_ops *ops, struct sock *sk_listener, struct request_sock *req; req = kmem_cache_alloc(ops->slab, GFP_ATOMIC | __GFP_NOWARN); - - if (req) { - req->rsk_ops = ops; - if (attach_listener) { - sock_hold(sk_listener); - req->rsk_listener = sk_listener; - } else { - req->rsk_listener = NULL; + if (!req) + return NULL; + req->rsk_listener = NULL; + if (attach_listener) { + if (unlikely(!atomic_inc_not_zero(&sk_listener->sk_refcnt))) { + kmem_cache_free(ops->slab, req); + return NULL; } - req_to_sk(req)->sk_prot = sk_listener->sk_prot; - sk_node_init(&req_to_sk(req)->sk_node); - sk_tx_queue_clear(req_to_sk(req)); - req->saved_syn = NULL; - /* Following is temporary. It is coupled with debugging - * helpers in reqsk_put() & reqsk_free() - */ - atomic_set(&req->rsk_refcnt, 0); + req->rsk_listener = sk_listener; } + req->rsk_ops = ops; + req_to_sk(req)->sk_prot = sk_listener->sk_prot; + sk_node_init(&req_to_sk(req)->sk_node); + sk_tx_queue_clear(req_to_sk(req)); + req->saved_syn = NULL; + atomic_set(&req->rsk_refcnt, 0); + return req; } |