review.tizen.org Git - platform/adaptation/renesas_rcar/renesas

author	Vlad Yasevich <vyasevich@gmail.com>
	Mon, 22 Sep 2014 20:34:17 +0000 (16:34 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 15 Oct 2014 06:36:42 +0000 (08:36 +0200)
commit	e714dac8b95bd553a0d2d5709e4c200af5bc4184
tree	3f9fd420817d5f7406e3d29ee7576b597ed57633	tree \| snapshot
parent	8f20fcf03cdb5d5ee7e14373409a7a3eae2163fd	commit \| diff

macvtap: Fix race between device delete and open.

[ Upstream commit 40b8fe45d1f094e3babe7b2dc2b71557ab71401d ]

In macvtap device delete and open calls can race and
this causes a list curruption of the vlan queue_list.

The race intself is triggered by the idr accessors
that located the vlan device.  The device is stored
into and removed from the idr under both an rtnl and
a mutex.  However, when attempting to locate the device
in idr, only a mutex is taken.  As a result, once cpu
perfoming a delete may take an rtnl and wait for the mutex,
while another cput doing an open() will take the idr
mutex first to fetch the device pointer and later take
an rtnl to add a queue for the device which may have
just gotten deleted.

With this patch, we now hold the rtnl for the duration
of the macvtap_open() call thus making sure that
open will not race with delete.

CC: Michael S. Tsirkin <mst@redhat.com>
CC: Jason Wang <jasowang@redhat.com>
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>