[IPV6]: Lost locking in fl6_sock_lookup

[safe/jmp/linux-2.6] / net / ipv6 / ip6_flowlabel.c

diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index c206a15..f40a086 100644 (file)
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -21,6 +21,7 @@
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
 
+#include <net/net_namespace.h>
 #include <net/sock.h>
 
 #include <net/ipv6.h>
@@ -189,14 +190,17 @@ struct ip6_flowlabel * fl6_sock_lookup(struct sock *sk, __be32 label)
 
        label &= IPV6_FLOWLABEL_MASK;
 
+       read_lock_bh(&ip6_sk_fl_lock);
        for (sfl=np->ipv6_fl_list; sfl; sfl = sfl->next) {
                struct ip6_flowlabel *fl = sfl->fl;
                if (fl->label == label) {
+                       read_unlock_bh(&ip6_sk_fl_lock);
                        fl->lastuse = jiffies;
                        atomic_inc(&fl->users);
                        return fl;
                }
        }
+       read_unlock_bh(&ip6_sk_fl_lock);
        return NULL;
 }
 
@@ -408,6 +412,16 @@ static int ipv6_opt_cmp(struct ipv6_txoptions *o1, struct ipv6_txoptions *o2)
        return 0;
 }
 
+static inline void fl_link(struct ipv6_pinfo *np, struct ipv6_fl_socklist *sfl,
+               struct ip6_flowlabel *fl)
+{
+       write_lock_bh(&ip6_sk_fl_lock);
+       sfl->fl = fl;
+       sfl->next = np->ipv6_fl_list;
+       np->ipv6_fl_list = sfl;
+       write_unlock_bh(&ip6_sk_fl_lock);
+}
+
 int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
 {
        int err;
@@ -512,11 +526,7 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
                                        fl1->linger = fl->linger;
                                if ((long)(fl->expires - fl1->expires) > 0)
                                        fl1->expires = fl->expires;
-                               write_lock_bh(&ip6_sk_fl_lock);
-                               sfl1->fl = fl1;
-                               sfl1->next = np->ipv6_fl_list;
-                               np->ipv6_fl_list = sfl1;
-                               write_unlock_bh(&ip6_sk_fl_lock);
+                               fl_link(np, sfl1, fl1);
                                fl_free(fl);
                                return 0;
 
@@ -544,9 +554,7 @@ release:
                        }
                }
 
-               sfl1->fl = fl;
-               sfl1->next = np->ipv6_fl_list;
-               np->ipv6_fl_list = sfl1;
+               fl_link(np, sfl1, fl);
                return 0;
 
        default:
@@ -648,7 +656,7 @@ static int ip6fl_seq_show(struct seq_file *seq, void *v)
        return 0;
 }
 
-static struct seq_operations ip6fl_seq_ops = {
+static const struct seq_operations ip6fl_seq_ops = {
        .start  =       ip6fl_seq_start,
        .next   =       ip6fl_seq_next,
        .stop   =       ip6fl_seq_stop,
@@ -657,24 +665,8 @@ static struct seq_operations ip6fl_seq_ops = {
 
 static int ip6fl_seq_open(struct inode *inode, struct file *file)
 {
-       struct seq_file *seq;
-       int rc = -ENOMEM;
-       struct ip6fl_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
-
-       if (!s)
-               goto out;
-
-       rc = seq_open(file, &ip6fl_seq_ops);
-       if (rc)
-               goto out_kfree;
-
-       seq = file->private_data;
-       seq->private = s;
-out:
-       return rc;
-out_kfree:
-       kfree(s);
-       goto out;
+       return seq_open_private(file, &ip6fl_seq_ops,
+                       sizeof(struct ip6fl_iter_state));
 }
 
 static const struct file_operations ip6fl_seq_fops = {
@@ -690,7 +682,7 @@ static const struct file_operations ip6fl_seq_fops = {
 void ip6_flowlabel_init(void)
 {
 #ifdef CONFIG_PROC_FS
-       proc_net_fops_create("ip6_flowlabel", S_IRUGO, &ip6fl_seq_fops);
+       proc_net_fops_create(&init_net, "ip6_flowlabel", S_IRUGO, &ip6fl_seq_fops);
 #endif
 }
 
@@ -698,6 +690,6 @@ void ip6_flowlabel_cleanup(void)
 {
        del_timer(&ip6_fl_gc_timer);
 #ifdef CONFIG_PROC_FS
-       proc_net_remove("ip6_flowlabel");
+       proc_net_remove(&init_net, "ip6_flowlabel");
 #endif
 }