diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2009-12-03 01:49:01 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-12-04 01:17:44 +0100 |
commit | 47e1c323069bcef0acb8a2b48921688573f5ca63 (patch) | |
tree | bebfe86ae36055adae2100200e87727d21a7b762 /init | |
parent | tcp: connect() race with timewait reuse (diff) | |
download | linux-47e1c323069bcef0acb8a2b48921688573f5ca63.tar.xz linux-47e1c323069bcef0acb8a2b48921688573f5ca63.zip |
tcp: fix a timewait refcnt race
After TCP RCU conversion, tw->tw_refcnt should not be set to 1 in
inet_twsk_alloc(). It allows a RCU reader to get this timewait socket,
while we not yet stabilized it.
Only choice we have is to set tw_refcnt to 0 in inet_twsk_alloc(),
then atomic_add() it later, once everything is done.
Location of this atomic_add() is tricky, because we dont want another
writer to find this timewait in ehash, while tw_refcnt is still zero !
Thanks to Kapil Dakhane tests and reports.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions