On 01/11/2017 08:19 PM, Parthasarathy Bhuvaragan wrote:
> Until now, the generic server framework maintains the connection
> id's per subscriber in server's conn_idr. At tipc_close_conn, we
> remove the connection id from the server list, but the connection is
> valid until we call the refcount cleanup. Hence we have a window
> where the server allocates the same connection to an new subscriber
> leading to inconsistent reference count.
>
> In this commit, we remove the connection from the server list at
> recount cleanup.
>
> Signed-off-by: Parthasarathy Bhuvaragan
> <parthasarathy.bhuvara...@ericsson.com>
Acked-by: Ying Xue <ying....@windriver.com>
> ---
> net/tipc/server.c | 15 +++++++--------
> 1 file changed, 7 insertions(+), 8 deletions(-)
>
> diff --git a/net/tipc/server.c b/net/tipc/server.c
> index 215849ce453d..e178d41e1a68 100644
> --- a/net/tipc/server.c
> +++ b/net/tipc/server.c
> @@ -91,7 +91,8 @@ static void tipc_sock_release(struct tipc_conn *con);
> static void tipc_conn_kref_release(struct kref *kref)
> {
> struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
> - struct sockaddr_tipc *saddr = con->server->saddr;
> + struct tipc_server *s = con->server;
> + struct sockaddr_tipc *saddr = s->saddr;
> struct socket *sock = con->sock;
> struct sock *sk;
>
> @@ -106,6 +107,11 @@ static void tipc_conn_kref_release(struct kref *kref)
> tipc_sock_release(con);
> sock_release(sock);
> con->sock = NULL;
> +
> + spin_lock_bh(&s->idr_lock);
> + idr_remove(&s->conn_idr, con->conid);
> + s->idr_in_use--;
> + spin_unlock_bh(&s->idr_lock);
> }
>
> tipc_clean_outqueues(con);
> @@ -198,15 +204,8 @@ static void tipc_sock_release(struct tipc_conn *con)
>
> static void tipc_close_conn(struct tipc_conn *con)
> {
> - struct tipc_server *s = con->server;
> -
> if (test_and_clear_bit(CF_CONNECTED, &con->flags)) {
>
> - spin_lock_bh(&s->idr_lock);
> - idr_remove(&s->conn_idr, con->conid);
> - s->idr_in_use--;
> - spin_unlock_bh(&s->idr_lock);
> -
> /* We shouldn't flush pending works as we may be in the
> * thread. In fact the races with pending rx/tx work structs
> * are harmless for us here as we have already deleted this
>
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
