macvtap: fix a possible race between queue selection and changing queues
authorJason Wang <jasowang@redhat.com>
Wed, 5 Jun 2013 23:54:33 +0000 (23:54 +0000)
committerDavid S. Miller <davem@davemloft.net>
Sat, 8 Jun 2013 06:49:08 +0000 (23:49 -0700)
Complier may generate codes that re-read the vlan->numvtaps during
macvtap_get_queue(). This may lead a race if vlan->numvtaps were changed in the
same time and which can lead unexpected result (e.g. very huge value).

We need prevent the compiler from generating such codes by adding an
ACCESS_ONCE() to make sure vlan->numvtaps were only read once.

Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/macvtap.c

index 68efb91a56335b66552868a93ddb643ef8c33bc6..5e485e30742414337e2f5d98b7aaf16a2bd4eda9 100644 (file)
@@ -172,7 +172,7 @@ static struct macvtap_queue *macvtap_get_queue(struct net_device *dev,
 {
        struct macvlan_dev *vlan = netdev_priv(dev);
        struct macvtap_queue *tap = NULL;
-       int numvtaps = vlan->numvtaps;
+       int numvtaps = ACCESS_ONCE(vlan->numvtaps);
        __u32 rxq;
 
        if (!numvtaps)