af_packet: block BH in prb_shutdown_retire_blk_timer()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Currently we're using plain spin_lock() in prb_shutdown_retire_blk_timer(),
however the timer might fire right in the middle and thus try to re-aquire
the same spinlock, leaving us in a endless loop.

To fix that, use the spin_lock_bh() to block it.

Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
CC: "David S. Miller" <davem@davemloft.net>
CC: Daniel Borkmann <dborkman@redhat.com>
CC: Willem de Bruijn <willemb@google.com>
CC: Phil Sutter <phil@nwl.cc>
CC: Eric Dumazet <edumazet@google.com>
Reported-by: Jan Stancek <jstancek@redhat.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Veaceslav Falico and committed by

David S. Miller 12 years ago ec6f809f 006da7b0

+2 -2

1 changed file

expand all

net

packet

af_packet.c

+2 -2

net/packet/af_packet.c

··· 439 439 440 440 pkc = tx_ring ? &po->tx_ring.prb_bdqc : &po->rx_ring.prb_bdqc; 441 441 442 - spin_lock(&rb_queue->lock); 442 + spin_lock_bh(&rb_queue->lock); 443 443 pkc->delete_blk_timer = 1; 444 - spin_unlock(&rb_queue->lock); 444 + spin_unlock_bh(&rb_queue->lock); 445 445 446 446 prb_del_retire_blk_timer(pkc); 447 447 }