[PATCH v1 13/17] j1939: transport: better protect j1939_session_insert with lock

Oleksij Rempel <o.rempel@xxxxxxxxxxxxxx> · Thu, 23 May 2019 11:41:35 +0200

By stress testing socket session queue I detected a racecondition
in this function. For example two concurrent socket fighting for same
session place in the active list would inject two concurrent session
to it.

Signed-off-by: Oleksij Rempel <o.rempel@xxxxxxxxxxxxxx>
---
 net/can/j1939/transport.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c
index 5152b5518613..e2343978f695 100644
--- a/net/can/j1939/transport.c
+++ b/net/can/j1939/transport.c
@@ -1141,17 +1141,18 @@ static int j1939_session_insert(struct j1939_session *session)
 	struct j1939_session *pending;
 	int ret = 0;
 
-	pending = j1939_session_get_by_skcb(priv, &session->skcb, false);
+	j1939_session_list_lock(priv);
+	pending = j1939_session_get_by_skcb_locked(priv, &priv->tp_sessionq,
+						   &session->skcb, false);
 	if (pending) {
 		j1939_session_put(pending);
 		ret = -EAGAIN;
 	} else {
-		j1939_session_list_lock(priv);
 		WARN_ON_ONCE(session->state != J1939_SESSION_NEW);
 		j1939_session_list_add(session);
 		session->state = J1939_SESSION_ACTIVE;
-		j1939_session_list_unlock(priv);
 	}
+	j1939_session_list_unlock(priv);
 
 	return ret;
 }
-- 
2.20.1







