net/802/mrp: fix possible race condition when calling mrp_pdu_queue()
authorDavid Ward <david.ward@ll.mit.edu>
Thu, 11 Apr 2013 13:47:15 +0000 (13:47 +0000)
committerDavid S. Miller <davem@davemloft.net>
Fri, 12 Apr 2013 19:10:48 +0000 (15:10 -0400)
commitfb745e9a037895321781d066aa24757ceabf9df9
tree1166ef2a488b5e1afbd1ee71df493fb593adf167
parent3be8fbab18fbc06b6ff94a56f9c225e29ea64a73
net/802/mrp: fix possible race condition when calling mrp_pdu_queue()

(Adapted from a very similar change to net/802/garp.c by Cong Wang.)

mrp_pdu_queue() should ways be called with the applicant spin lock.
mrp_uninit_applicant() only holds the rtnl lock which is not enough;
a race is possible because mrp_rcv() is called in BH context:

mrp_rcv()
  |->mrp_pdu_parse_msg()
    |->mrp_pdu_parse_vecattr()
      |->mrp_pdu_parse_vecattr_event()
        |-> mrp_attr_event()
          |-> mrp_pdu_append_vecattr_event()
            |-> mrp_pdu_queue()

Cc: Cong Wang <amwang@redhat.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Acked-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/802/mrp.c