From: Eric Dumazet Date: Mon, 27 Sep 2010 04:18:27 +0000 (+0000) Subject: fib: use atomic_inc_not_zero() in fib_rules_lookup X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7fa7cb7109d07;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git fib: use atomic_inc_not_zero() in fib_rules_lookup It seems we dont use appropriate refcount increment in an rcu_read_lock() protected section. fib_rule_get() might increment a null refcount and bad things could happen. While fib_nl_delrule() respects an rcu grace period before calling fib_rule_put(), fib_rules_cleanup_ops() calls fib_rule_put() without a grace period. Note : after this patch, we might avoid the synchronize_rcu() call done in fib_nl_delrule() Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c index 42e84e08a1be..d0787284cb07 100644 --- a/net/core/fib_rules.c +++ b/net/core/fib_rules.c @@ -225,9 +225,11 @@ jumped: err = ops->action(rule, fl, flags, arg); if (err != -EAGAIN) { - fib_rule_get(rule); - arg->rule = rule; - goto out; + if (likely(atomic_inc_not_zero(&rule->refcnt))) { + arg->rule = rule; + goto out; + } + break; } }