Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 208d8984 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller
Browse files

[IPV4]: Fix BUG() in 2.6.x, udp_poll(), fragments + CONFIG_HIGHMEM 



Steven Hand <Steven.Hand@cl.cam.ac.uk> wrote:
> 
> Reconstructed forward trace: 
> 
>   net/ipv4/udp.c:1334   spin_lock_irq() 
>   net/ipv4/udp.c:1336   udp_checksum_complete() 
> net/core/skbuff.c:1069   skb_shinfo(skb)->nr_frags > 1
> net/core/skbuff.c:1086   kunmap_skb_frag()
> net/core/skbuff.h:1087   local_bh_enable()
> kernel/softirq.c:0140   WARN_ON(irqs_disabled());

The receive queue lock is never taken in IRQs (and should never be) so
we can simply substitute bh for irq.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9bb7bc94

net/ipv4/udp.c

+6 −6
Original line number Diff line number Diff line
@@ -738,7 +738,7 @@ int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) 
			unsigned long amount;



			amount = 0;

			spin_lock_irq(&sk->sk_receive_queue.lock);

			spin_lock_bh(&sk->sk_receive_queue.lock);

			skb = skb_peek(&sk->sk_receive_queue);

			if (skb != NULL) {

				/*
@@ -748,7 +748,7 @@ int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) 
				 */

				amount = skb->len - sizeof(struct udphdr);

			}

			spin_unlock_irq(&sk->sk_receive_queue.lock);

			spin_unlock_bh(&sk->sk_receive_queue.lock);

			return put_user(amount, (int __user *)arg);

		}
@@ -848,12 +848,12 @@ static int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 
	/* Clear queue. */

	if (flags&MSG_PEEK) {

		int clear = 0;

		spin_lock_irq(&sk->sk_receive_queue.lock);

		spin_lock_bh(&sk->sk_receive_queue.lock);

		if (skb == skb_peek(&sk->sk_receive_queue)) {

			__skb_unlink(skb, &sk->sk_receive_queue);

			clear = 1;

		}

		spin_unlock_irq(&sk->sk_receive_queue.lock);

		spin_unlock_bh(&sk->sk_receive_queue.lock);

		if (clear)

			kfree_skb(skb);

	}
@@ -1334,7 +1334,7 @@ unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait) 
		struct sk_buff_head *rcvq = &sk->sk_receive_queue;

		struct sk_buff *skb;



		spin_lock_irq(&rcvq->lock);

		spin_lock_bh(&rcvq->lock);

		while ((skb = skb_peek(rcvq)) != NULL) {

			if (udp_checksum_complete(skb)) {

				UDP_INC_STATS_BH(UDP_MIB_INERRORS);
@@ -1345,7 +1345,7 @@ unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait) 
				break;

			}

		}

		spin_unlock_irq(&rcvq->lock);

		spin_unlock_bh(&rcvq->lock);



		/* nothing to see, move along */

		if (skb == NULL)