inetpeer: fix RCU lookup()
authorEric Dumazet <edumazet@google.com>
Fri, 1 Sep 2017 21:03:32 +0000 (14:03 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sat, 2 Sep 2017 00:33:17 +0000 (17:33 -0700)
Excess of seafood or something happened while I cooked the commit
adding RB tree to inetpeer.

Of course, RCU rules need to be respected or bad things can happen.

In this particular loop, we need to read *pp once per iteration, not
twice.

Fixes: b145425f269a ("inetpeer: remove AVL implementation in favor of RB tree")
Reported-by: John Sperbeck <jsperbeck@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/inetpeer.c

index 337ad41bb80a5fcd3db7ac674292c5b5d462982e..e7eb590c86ce2b33654c17c61619de74ff07bfd1 100644 (file)
@@ -102,15 +102,18 @@ static struct inet_peer *lookup(const struct inetpeer_addr *daddr,
                                struct rb_node **parent_p,
                                struct rb_node ***pp_p)
 {
-       struct rb_node **pp, *parent;
+       struct rb_node **pp, *parent, *next;
        struct inet_peer *p;
 
        pp = &base->rb_root.rb_node;
        parent = NULL;
-       while (*pp) {
+       while (1) {
                int cmp;
 
-               parent = rcu_dereference_raw(*pp);
+               next = rcu_dereference_raw(*pp);
+               if (!next)
+                       break;
+               parent = next;
                p = rb_entry(parent, struct inet_peer, rb_node);
                cmp = inetpeer_addr_cmp(daddr, &p->daddr);
                if (cmp == 0) {