From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Thu, 3 Dec 2009 00:49:01 +0000 (+0000)
Subject: tcp: fix a timewait refcnt race
X-Git-Tag: v2.6.33-rc1~388^2~3
X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47e1c323069bcef0acb8a2b48921688573f5ca63;p=pandora-kernel.git

tcp: fix a timewait refcnt race

After TCP RCU conversion, tw->tw_refcnt should not be set to 1 in
inet_twsk_alloc(). It allows a RCU reader to get this timewait socket,
while we not yet stabilized it.

Only choice we have is to set tw_refcnt to 0 in inet_twsk_alloc(),
then atomic_add() it later, once everything is done.

Location of this atomic_add() is tricky, because we dont want another
writer to find this timewait in ehash, while tw_refcnt is still zero !

Thanks to Kapil Dakhane tests and reports.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed