bonding: Fix race condition between bond_enslave() and bond_3ad_update_lacp_rate()

port->slave can be NULL since it's being initialized in bond_enslave
thus dereferencing a NULL pointer in bond_3ad_update_lacp_rate()
Also fix a minor bug, which could cause a port not to have
AD_STATE_LACP_TIMEOUT since there's no sync between
bond_3ad_update_lacp_rate() and bond_3ad_bind_slave(), by changing
the read_lock to a write_lock_bh in bond_3ad_update_lacp_rate().

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/bonding/bond_3ad.c b/drivers/net/bonding/bond_3ad.c
index 84fabd6..0e45b40 100644 (file)
--- a/drivers/net/bonding/bond_3ad.c
+++ b/drivers/net/bonding/bond_3ad.c
@@ -2494,11 +2494,13 @@ void bond_3ad_update_lacp_rate(struct bonding *bond)
        struct port *port = NULL;
        int lacp_fast;
 
-       read_lock(&bond->lock);
+       write_lock_bh(&bond->lock);
        lacp_fast = bond->params.lacp_fast;
 
        bond_for_each_slave(bond, slave, i) {
                port = &(SLAVE_AD_INFO(slave).port);
+               if (port->slave == NULL)
+                       continue;
                __get_state_machine_lock(port);
                if (lacp_fast)
                        port->actor_oper_port_state |= AD_STATE_LACP_TIMEOUT;
@@ -2507,5 +2509,5 @@ void bond_3ad_update_lacp_rate(struct bonding *bond)
                __release_state_machine_lock(port);
        }
 
-       read_unlock(&bond->lock);
+       write_unlock_bh(&bond->lock);
 }