Commit 3a5d1c0e authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

inet: reqsk_alloc() needs to take care of dead listeners

We'll soon no longer take a refcount on listeners,
so reqsk_alloc() can not assume a listener refcount is not
zero. We need to use atomic_inc_not_zero()
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 2d331915
...@@ -85,24 +85,23 @@ reqsk_alloc(const struct request_sock_ops *ops, struct sock *sk_listener, ...@@ -85,24 +85,23 @@ reqsk_alloc(const struct request_sock_ops *ops, struct sock *sk_listener,
struct request_sock *req; struct request_sock *req;
req = kmem_cache_alloc(ops->slab, GFP_ATOMIC | __GFP_NOWARN); req = kmem_cache_alloc(ops->slab, GFP_ATOMIC | __GFP_NOWARN);
if (!req)
if (req) { return NULL;
req->rsk_ops = ops; req->rsk_listener = NULL;
if (attach_listener) { if (attach_listener) {
sock_hold(sk_listener); if (unlikely(!atomic_inc_not_zero(&sk_listener->sk_refcnt))) {
kmem_cache_free(ops->slab, req);
return NULL;
}
req->rsk_listener = sk_listener; req->rsk_listener = sk_listener;
} else {
req->rsk_listener = NULL;
} }
req->rsk_ops = ops;
req_to_sk(req)->sk_prot = sk_listener->sk_prot; req_to_sk(req)->sk_prot = sk_listener->sk_prot;
sk_node_init(&req_to_sk(req)->sk_node); sk_node_init(&req_to_sk(req)->sk_node);
sk_tx_queue_clear(req_to_sk(req)); sk_tx_queue_clear(req_to_sk(req));
req->saved_syn = NULL; req->saved_syn = NULL;
/* Following is temporary. It is coupled with debugging
* helpers in reqsk_put() & reqsk_free()
*/
atomic_set(&req->rsk_refcnt, 0); atomic_set(&req->rsk_refcnt, 0);
}
return req; return req;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment