[GENETLINK]: Fix race in genl_unregister_mc_groups()
authorThomas Graf <tgraf@suug.ch>
Tue, 24 Jul 2007 22:32:46 +0000 (15:32 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 24 Jul 2007 22:32:46 +0000 (15:32 -0700)
family->mcast_groups is protected by genl_lock so it must
be held while accessing the list in genl_unregister_mc_groups().
Requires adding a non-locking variant of genl_unregister_mc_group().

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netlink/genetlink.c

index e146531faf1d349434c89306eafc7968f506baa1..61d65569e2bee365585b4b9d9551e3d1956b7e19 100644 (file)
@@ -200,6 +200,18 @@ int genl_register_mc_group(struct genl_family *family,
 }
 EXPORT_SYMBOL(genl_register_mc_group);
 
+static void __genl_unregister_mc_group(struct genl_family *family,
+                                      struct genl_multicast_group *grp)
+{
+       BUG_ON(grp->family != family);
+       netlink_clear_multicast_users(genl_sock, grp->id);
+       clear_bit(grp->id, mc_groups);
+       list_del(&grp->list);
+       genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, grp);
+       grp->id = 0;
+       grp->family = NULL;
+}
+
 /**
  * genl_unregister_mc_group - unregister a multicast group
  *
@@ -217,14 +229,8 @@ EXPORT_SYMBOL(genl_register_mc_group);
 void genl_unregister_mc_group(struct genl_family *family,
                              struct genl_multicast_group *grp)
 {
-       BUG_ON(grp->family != family);
        genl_lock();
-       netlink_clear_multicast_users(genl_sock, grp->id);
-       clear_bit(grp->id, mc_groups);
-       list_del(&grp->list);
-       genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, grp);
-       grp->id = 0;
-       grp->family = NULL;
+       __genl_unregister_mc_group(family, grp);
        genl_unlock();
 }
 
@@ -232,8 +238,10 @@ static void genl_unregister_mc_groups(struct genl_family *family)
 {
        struct genl_multicast_group *grp, *tmp;
 
+       genl_lock();
        list_for_each_entry_safe(grp, tmp, &family->mcast_groups, list)
-               genl_unregister_mc_group(family, grp);
+               __genl_unregister_mc_group(family, grp);
+       genl_unlock();
 }
 
 /**