diff options
| author | Florian Westphal <fw@strlen.de> | 2017-08-09 20:41:49 +0200 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-08-10 01:57:38 +0200 |
| commit | 019a316992ee0d9832b1c480c899d6bdf2a0a77e (patch) | |
| tree | 3a97790600c4e1a23ffce2d9376252704a3ee5aa | |
| parent | rtnetlink: make rtnl_register accept a flags parameter (diff) | |
| download | linux-019a316992ee0d9832b1c480c899d6bdf2a0a77e.tar.xz linux-019a316992ee0d9832b1c480c899d6bdf2a0a77e.zip | |
rtnetlink: add reference counting to prevent module unload while dump is in progress
I don't see what prevents rmmod (unregister_all is called) while a dump
is active.
Even if we'd add rtnl lock/unlock pair to unregister_all (as done here),
thats not enough either as rtnl_lock is released right before the dump
process starts.
So this adds a refcount:
* acquire rtnl mutex
* bump refcount
* release mutex
* start the dump
... and make unregister_all remove the callbacks (no new dumps possible)
and then wait until refcount is 0.
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/core/rtnetlink.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 67607c540c03..c45a7c5e3232 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -127,6 +127,7 @@ EXPORT_SYMBOL(lockdep_rtnl_is_held); #endif /* #ifdef CONFIG_PROVE_LOCKING */ static struct rtnl_link *rtnl_msg_handlers[RTNL_FAMILY_MAX + 1]; +static refcount_t rtnl_msg_handlers_ref[RTNL_FAMILY_MAX + 1]; static inline int rtm_msgindex(int msgtype) { @@ -272,10 +273,18 @@ EXPORT_SYMBOL_GPL(rtnl_unregister); */ void rtnl_unregister_all(int protocol) { + struct rtnl_link *handlers; + BUG_ON(protocol < 0 || protocol > RTNL_FAMILY_MAX); - kfree(rtnl_msg_handlers[protocol]); + rtnl_lock(); + handlers = rtnl_msg_handlers[protocol]; rtnl_msg_handlers[protocol] = NULL; + rtnl_unlock(); + + while (refcount_read(&rtnl_msg_handlers_ref[protocol]) > 0) + schedule(); + kfree(handlers); } EXPORT_SYMBOL_GPL(rtnl_unregister_all); @@ -4173,6 +4182,8 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, if (dumpit == NULL) return -EOPNOTSUPP; + refcount_inc(&rtnl_msg_handlers_ref[family]); + if (type == RTM_GETLINK) min_dump_alloc = rtnl_calcit(skb, nlh); @@ -4186,6 +4197,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, err = netlink_dump_start(rtnl, skb, nlh, &c); } rtnl_lock(); + refcount_dec(&rtnl_msg_handlers_ref[family]); return err; } |