af_iucv: Fix race when queuing incoming iucv messages
authorHendrik Brueckner <brueckner@linux.vnet.ibm.com>
Tue, 21 Apr 2009 06:04:24 +0000 (06:04 +0000)
committerDavid S. Miller <davem@davemloft.net>
Wed, 22 Apr 2009 06:43:15 +0000 (23:43 -0700)
AF_IUCV runs into a race when queuing incoming iucv messages
and receiving the resulting backlog.

If the Linux system is under pressure (high load or steal time),
the message queue grows up, but messages are not received and queued
onto the backlog queue. In that case, applications do not
receive any data with recvmsg() even if AF_IUCV puts incoming
messages onto the message queue.

The race can be avoided if the message queue spinlock in the
message_pending callback is spreaded across the entire callback
function.

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/iucv/af_iucv.c

index 9cfdaaddc5b2756bfb6d2d859b4c6008347545d0..b51c9187c3476652b2e4f1f01c4e7c52dc637e07 100644 (file)
@@ -1124,6 +1124,8 @@ static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg)
                return;
        }
 
+       spin_lock(&iucv->message_q.lock);
+
        if (!list_empty(&iucv->message_q.list) ||
            !skb_queue_empty(&iucv->backlog_skb_q))
                goto save_message;
@@ -1137,9 +1139,8 @@ static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg)
        if (!skb)
                goto save_message;
 
-       spin_lock(&iucv->message_q.lock);
        iucv_process_message(sk, skb, path, msg);
-       spin_unlock(&iucv->message_q.lock);
+       goto out_unlock;
 
        return;
 
@@ -1150,8 +1151,9 @@ save_message:
        save_msg->path = path;
        save_msg->msg = *msg;
 
-       spin_lock(&iucv->message_q.lock);
        list_add_tail(&save_msg->list, &iucv->message_q.list);
+
+out_unlock:
        spin_unlock(&iucv->message_q.lock);
 }