pkt_sched: Change misleading code in class delete. - openslx/kernel-qcow2-linux.git

diff options

author	Jarek Poplawski	2009-03-16 04:00:19 +0100
committer	David S. Miller	2009-03-16 04:00:19 +0100
commit	7cd0a63872ac6ef97265f07adc367ca4f984468e (patch)
tree	44265aa422b3133b07eee87280cca3c89225437a /net/ipv4/tcp_input.c
parent	net: reorder fields of struct socket (diff)
download	kernel-qcow2-linux-7cd0a63872ac6ef97265f07adc367ca4f984468e.tar.gz kernel-qcow2-linux-7cd0a63872ac6ef97265f07adc367ca4f984468e.tar.xz kernel-qcow2-linux-7cd0a63872ac6ef97265f07adc367ca4f984468e.zip

pkt_sched: Change misleading code in class delete.

While looking for a possible reason of bugzilla report on HTB oops: http://bugzilla.kernel.org/show_bug.cgi?id=12858 I found the code in htb_delete calling htb_destroy_class on zero refcount is very misleading: it can suggest this is a common path, and destroy is called under sch_tree_lock. Actually, this can never happen like this because before deletion cops->get() is done, and after delete a class is still used by tclass_notify. The class destroy is always called from cops->put(), so without sch_tree_lock. This doesn't mean much now (since 2.6.27) because all vulnerable calls were moved from htb_destroy_class to htb_delete, but there was a bug in older kernels. The same change is done for other classful scheds, which, it seems, didn't have similar locking problems here. Reported-by: m0sia <m0sia@m0sia.ru> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/ipv4/tcp_input.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: