Hi. I am reporting two suspected race bug related to atomic operations
while I read net/netfilter/ipvs of Linux 2.6.30.4.
(1) In net/netfilter/ipvs/ip_vs_core.c, ip_vs_in() first increments &cp->in_pkts
and then reads variable for condition checking at line 1346-1351.
However, these two atomic operations may not be executed atomically.
For this reason, it may result race with other concurrent executions
which manipulates &cp->in_pkts.
(2) In net/netfilter/ipvs/ip_vs_wrr.c, ip_vs_wrr_max_weight() first
checks &dest->weight
and then reads the variable again to assign its value to a local variable.
For the similar reason above, it seems that two atomic_read() operations
may result different values so that it may result race condition.
Please examine the code and let me know your opinion. Thanks.
Sincerely
Shin Hong
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
