linux

mirror of https://github.com/torvalds/linux synced 2024-09-21 19:47:35 +00:00

History

Eric Dumazet 7716682cc5 tcp/dccp: fix another race at listener dismantle Ilya reported following lockdep splat: kernel: ========================= kernel: [ BUG: held lock freed! ] kernel: 4.5.0-rc1-ceph-00026-g5e0a311 #1 Not tainted kernel: ------------------------- kernel: swapper/5/0 is freeing memory ffff880035c9d200-ffff880035c9dbff, with a lock still held there! kernel: (&(&queue->rskq_lock)->rlock){+.-...}, at: [<ffffffff816f6a88>] inet_csk_reqsk_queue_add+0x28/0xa0 kernel: 4 locks held by swapper/5/0: kernel: #0: (rcu_read_lock){......}, at: [<ffffffff8169ef6b>] netif_receive_skb_internal+0x4b/0x1f0 kernel: #1: (rcu_read_lock){......}, at: [<ffffffff816e977f>] ip_local_deliver_finish+0x3f/0x380 kernel: #2: (slock-AF_INET){+.-...}, at: [<ffffffff81685ffb>] sk_clone_lock+0x19b/0x440 kernel: #3: (&(&queue->rskq_lock)->rlock){+.-...}, at: [<ffffffff816f6a88>] inet_csk_reqsk_queue_add+0x28/0xa0 To properly fix this issue, inet_csk_reqsk_queue_add() needs to return to its callers if the child as been queued into accept queue. We also need to make sure listener is still there before calling sk->sk_data_ready(), by holding a reference on it, since the reference carried by the child can disappear as soon as the child is put on accept queue. Reported-by: Ilya Dryomov <idryomov@gmail.com> Fixes: `ebb516af60` ("tcp/dccp: fix race at listener dismantle phase") Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2016-02-18 11:35:51 -05:00
..
acpi	ACPI / CPPC: remove redundant mbox_send_message() declaration	2016-02-03 01:09:52 +01:00
asm-generic	Merge branch 'akpm' (patches from Andrew)	2016-01-21 12:32:08 -08:00
clocksource
crypto	Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6	2016-01-22 11:58:43 -08:00
drm	Merge branch 'drm-fixes-mst' of git://people.freedesktop.org/~airlied/linux into drm-fixes	2016-02-05 15:24:17 +10:00
dt-bindings	ARM: SoC driver updates for v4.5	2016-01-20 18:42:30 -08:00
keys
kvm
linux	net/mlx4_core: Set UAR page size to 4KB regardless of system page size	2016-02-17 10:29:27 -05:00
math-emu
media	[media] vb2: fix nasty vb2_thread regression	2016-02-04 09:13:46 -02:00
memory
misc
net	tcp/dccp: fix another race at listener dismantle	2016-02-18 11:35:51 -05:00
pcmcia
ras
rdma	IB/mlx4: Enable send of RoCE QP1 packets with IP/UDP headers	2016-01-19 15:35:01 -05:00
rxrpc
scsi	Initial roundup of 4.5 merge window patches	2016-01-23 18:45:06 -08:00
soc	ARM: SoC driver updates for v4.5	2016-01-20 18:42:30 -08:00
sound	ALSA: rawmidi: Make snd_rawmidi_transmit() race-free	2016-02-03 14:51:28 +01:00
target	Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending	2016-01-20 17:20:53 -08:00
trace	This includes three minor fixes, mostly due to cut-and-paste issues.	2016-01-28 17:00:50 -08:00
uapi	Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm	2016-02-01 15:21:20 -08:00
video
xen	Merge branch 'for-4.5/drivers' of git://git.kernel.dk/linux-block	2016-01-21 18:19:38 -08:00
Kbuild