The atomic_dec on delpol->refcnt looks a bit sus. For an otherwise unused
policy, this could mean that it will stay in the system forever as the
refcnt would be zero before it hits the final pol_put. For others it means
that last user will have it pulled from underneath them.
Am I missing something obvious here?
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--- xfrm_policy.c.orig 2003-06-01 09:16:38.000000000 +1000
+++ net/xfrm/xfrm_policy.c 2003-06-01 09:16:40.000000000 +1000
@@ -287,7 +287,6 @@
write_unlock_bh(&xfrm_policy_lock);
if (delpol) {
- atomic_dec(&delpol->refcnt);
xfrm_policy_kill(delpol);
xfrm_pol_put(delpol);
}
