Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / 7ef43ebaa538e0cc9063cbf84593a05091bcace2^! / . / net / tipc / socket.c
commit7ef43ebaa538e0cc9063cbf84593a05091bcace2[log] [tgz]
authorAllan Stephens <allan.stephens@windriver.com>Mon May 12 15:42:28 2008 -0700
committerDavid S. Miller <davem@davemloft.net>Mon May 12 15:42:28 2008 -0700
treed2bac748f6620cc2f217672105918b2116f6c958
parent4e3e6dcb43c3669a8817cb3d0f920f91661afd98 [diff] [blame]
tipc: Fix race condition when creating socket or native port

This patch eliminates the (very remote) chance of a crash resulting
from a partially initialized socket or native port unexpectedly
receiving a message.  Now, during the creation of a socket or native
port, the underlying generic port's lock is not released until all
initialization required to handle incoming messages has been done.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 230f9ca..38f4879 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c

@@ -188,6 +188,7 @@
 	const struct proto_ops *ops;
 	socket_state state;
 	struct sock *sk;
+	struct tipc_port *tp_ptr;
 	u32 portref;
 
 	/* Validate arguments */
@@ -225,7 +226,7 @@
 	/* Allocate TIPC port for socket to use */
 
 	portref = tipc_createport_raw(sk, &dispatch, &wakeupdispatch,
-				      TIPC_LOW_IMPORTANCE);
+				      TIPC_LOW_IMPORTANCE, &tp_ptr);
 	if (unlikely(portref == 0)) {
 		sk_free(sk);
 		return -ENOMEM;
@@ -241,6 +242,8 @@
 	sk->sk_backlog_rcv = backlog_rcv;
 	tipc_sk(sk)->p = tipc_get_port(portref);
 
+	spin_unlock_bh(tp_ptr->lock);
+
 	if (sock->state == SS_READY) {
 		tipc_set_portunreturnable(portref, 1);
 		if (sock->type == SOCK_DGRAM)