From 01d7dd0e9f8c5f1888619d2649c7da389232b408 Mon Sep 17 00:00:00 2001 From: Ralf Baechle Date: Tue, 23 Aug 2005 10:11:45 -0700 Subject: [AX25]: UID fixes o Brown paperbag bug - ax25_findbyuid() was always returning a NULL pointer as the result. Breaks ROSE completly and AX.25 if UID policy set to deny. o While the list structure of AX.25's UID to callsign mapping table was properly protected by a spinlock, it's elements were not refcounted resulting in a race between removal and usage of an element. Signed-off-by: Ralf Baechle DL5RB Signed-off-by: David S. Miller --- include/net/ax25.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'include/net') diff --git a/include/net/ax25.h b/include/net/ax25.h index 828a3a93dda..3696f988a9f 100644 --- a/include/net/ax25.h +++ b/include/net/ax25.h @@ -139,11 +139,25 @@ enum { #define AX25_DEF_DS_TIMEOUT (3 * 60 * HZ) /* DAMA timeout 3 minutes */ typedef struct ax25_uid_assoc { - struct ax25_uid_assoc *next; + struct hlist_node uid_node; + atomic_t refcount; uid_t uid; ax25_address call; } ax25_uid_assoc; +#define ax25_uid_for_each(__ax25, node, list) \ + hlist_for_each_entry(__ax25, node, list, uid_node) + +#define ax25_uid_hold(ax25) \ + atomic_inc(&((ax25)->refcount)) + +static inline void ax25_uid_put(ax25_uid_assoc *assoc) +{ + if (atomic_dec_and_test(&assoc->refcount)) { + kfree(assoc); + } +} + typedef struct { ax25_address calls[AX25_MAX_DIGIS]; unsigned char repeated[AX25_MAX_DIGIS]; @@ -376,7 +390,7 @@ extern unsigned long ax25_display_timer(struct timer_list *); /* ax25_uid.c */ extern int ax25_uid_policy; -extern ax25_address *ax25_findbyuid(uid_t); +extern ax25_uid_assoc *ax25_findbyuid(uid_t); extern int ax25_uid_ioctl(int, struct sockaddr_ax25 *); extern struct file_operations ax25_uid_fops; extern void ax25_uid_free(void); -- cgit v1.2.3-70-g09d2