From: Krzysztof Mazur <krzysiek@podlesie.net>
To: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>,
David Woodhouse <David.Woodhouse@intel.com>,
davem@davemloft.net, Krzysztof Mazur <krzysiek@podlesie.net>
Subject: [PATCH v3 5/7] pppoatm: take ATM socket lock in pppoatm_send()
Date: Tue, 6 Nov 2012 23:17:00 +0100 [thread overview]
Message-ID: <1352240222-363-6-git-send-email-krzysiek@podlesie.net> (raw)
In-Reply-To: <1352240222-363-1-git-send-email-krzysiek@podlesie.net>
The pppoatm_send() does not take any lock that will prevent concurrent
vcc_sendmsg(). This causes two problems:
- there is no locking between checking the send queue size
with atm_may_send() and incrementing sk_wmem_alloc,
and the real queue size can be a little higher than sk_sndbuf
- the vcc->sendmsg() can be called concurrently. I'm not sure
if it's allowed. Some drivers (eni, nicstar, ...) seem
to assume it will never happen.
Now pppoatm_send() takes ATM socket lock, the same that is used
in vcc_sendmsg() and other ATM socket functions. The pppoatm_send()
is called with BH disabled, so bh_lock_sock() is used instead
of lock_sock().
Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
Cc: David Woodhouse <David.Woodhouse@intel.com>
Cc: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
---
net/atm/pppoatm.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/net/atm/pppoatm.c b/net/atm/pppoatm.c
index b23c672..c4a57bc 100644
--- a/net/atm/pppoatm.c
+++ b/net/atm/pppoatm.c
@@ -272,10 +272,19 @@ static inline int pppoatm_may_send(struct pppoatm_vcc *pvcc, int size)
static int pppoatm_send(struct ppp_channel *chan, struct sk_buff *skb)
{
struct pppoatm_vcc *pvcc = chan_to_pvcc(chan);
+ struct atm_vcc *vcc;
+ int ret;
+
ATM_SKB(skb)->vcc = pvcc->atmvcc;
pr_debug("(skb=0x%p, vcc=0x%p)\n", skb, pvcc->atmvcc);
if (skb->data[0] == '\0' && (pvcc->flags & SC_COMP_PROT))
(void) skb_pull(skb, 1);
+
+ vcc = ATM_SKB(skb)->vcc;
+ bh_lock_sock(sk_atm(vcc));
+ if (sock_owned_by_user(sk_atm(vcc)))
+ goto nospace;
+
switch (pvcc->encaps) { /* LLC encapsulation needed */
case e_llc:
if (skb_headroom(skb) < LLC_LEN) {
@@ -288,8 +297,10 @@ static int pppoatm_send(struct ppp_channel *chan, struct sk_buff *skb)
}
consume_skb(skb);
skb = n;
- if (skb == NULL)
+ if (skb == NULL) {
+ bh_unlock_sock(sk_atm(vcc));
return DROP_PACKET;
+ }
} else if (!pppoatm_may_send(pvcc, skb->truesize))
goto nospace;
memcpy(skb_push(skb, LLC_LEN), pppllc, LLC_LEN);
@@ -299,6 +310,7 @@ static int pppoatm_send(struct ppp_channel *chan, struct sk_buff *skb)
goto nospace;
break;
case e_autodetect:
+ bh_unlock_sock(sk_atm(vcc));
pr_debug("Trying to send without setting encaps!\n");
kfree_skb(skb);
return 1;
@@ -308,9 +320,12 @@ static int pppoatm_send(struct ppp_channel *chan, struct sk_buff *skb)
ATM_SKB(skb)->atm_options = ATM_SKB(skb)->vcc->atm_options;
pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n",
skb, ATM_SKB(skb)->vcc, ATM_SKB(skb)->vcc->dev);
- return ATM_SKB(skb)->vcc->send(ATM_SKB(skb)->vcc, skb)
+ ret = ATM_SKB(skb)->vcc->send(ATM_SKB(skb)->vcc, skb)
? DROP_PACKET : 1;
+ bh_unlock_sock(sk_atm(vcc));
+ return ret;
nospace:
+ bh_unlock_sock(sk_atm(vcc));
/*
* We don't have space to send this SKB now, but we might have
* already applied SC_COMP_PROT compression, so may need to undo
--
1.8.0.233.g54991f2
next prev parent reply other threads:[~2012-11-06 22:20 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-06 22:16 [PATCH v3 0/7] pppoatm: fix multiple issues with pppoatm driver Krzysztof Mazur
2012-11-06 22:16 ` [PATCH v3 1/7] atm: detach protocol before closing vcc Krzysztof Mazur
2012-11-06 22:16 ` [PATCH v3 2/7] atm: add owner of push() callback to atmvcc Krzysztof Mazur
2012-11-07 19:05 ` chas williams - CONTRACTOR
2012-11-06 22:16 ` [PATCH v3 3/7] pppoatm: allow assign only on a connected socket Krzysztof Mazur
2012-11-06 22:16 ` [PATCH v3 4/7] pppoatm: fix module_put() race Krzysztof Mazur
2012-11-06 22:17 ` Krzysztof Mazur [this message]
2012-11-06 22:57 ` [PATCH v3 5/7] pppoatm: take ATM socket lock in pppoatm_send() Woodhouse, David
2012-11-06 22:17 ` [PATCH v3 6/7] pppoatm: don't send frames on not-ready vcc Krzysztof Mazur
2012-11-06 22:17 ` [PATCH v3 7/7] pppoatm: do not inline pppoatm_may_send() Krzysztof Mazur
2012-11-07 12:52 ` [PATCH v3 8/7] pppoatm: fix missing wakeup in pppoatm_send() David Woodhouse
2012-11-09 21:30 ` David Miller
2012-11-10 7:36 ` David Woodhouse
2012-11-10 18:38 ` David Miller
2012-11-10 20:23 ` Krzysztof Mazur
2012-11-10 21:02 ` David Woodhouse
2012-11-10 22:33 ` Krzysztof Mazur
2012-11-11 7:28 ` David Woodhouse
2012-11-11 11:04 ` Krzysztof Mazur
2012-11-11 11:39 ` David Woodhouse
2012-11-11 13:50 ` Krzysztof Mazur
2012-11-11 15:26 ` David Woodhouse
2012-11-11 16:12 ` Krzysztof Mazur
2012-11-11 17:03 ` David Woodhouse
2012-11-11 18:49 ` Krzysztof Mazur
2012-11-11 20:51 ` David Woodhouse
2012-11-11 22:57 ` Chas Williams (CONTRACTOR)
2012-11-27 13:27 ` David Woodhouse
2012-11-27 15:23 ` chas williams - CONTRACTOR
2012-11-28 0:48 ` David Woodhouse
2012-11-28 8:12 ` Krzysztof Mazur
2012-11-28 9:24 ` David Woodhouse
2012-11-28 9:58 ` Krzysztof Mazur
2012-11-28 10:19 ` David Woodhouse
2012-11-11 22:47 ` Chas Williams (CONTRACTOR)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1352240222-363-6-git-send-email-krzysiek@podlesie.net \
--to=krzysiek@podlesie.net \
--cc=David.Woodhouse@intel.com \
--cc=chas@cmf.nrl.navy.mil \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).