ipvs: Fix possible deadlock in estimator code
There is a slight chance for a deadlock in the estimator code. We can't call
del_timer_sync() while holding our lock, as the timer might be active and
spinning for the lock on another cpu. Work around this issue by using
try_to_del_timer_sync() and releasing the lock. We could actually delete the
timer outside of our lock, as the add and kill functions are only every called
from userspace via [gs]etsockopt() and are serialized by a mutex, but better
make this explicit.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Cc: stable <stable@kernel.org>
Acked-by: Simon Horman <horms@verge.net.au>
diff --git a/net/ipv4/ipvs/ip_vs_est.c b/net/ipv4/ipvs/ip_vs_est.c
index bc04eed..1d6e58e 100644
--- a/net/ipv4/ipvs/ip_vs_est.c
+++ b/net/ipv4/ipvs/ip_vs_est.c
@@ -170,8 +170,11 @@
kfree(est);
killed++;
}
- if (killed && est_list == NULL)
- del_timer_sync(&est_timer);
+ while (killed && !est_list && try_to_del_timer_sync(&est_timer) < 0) {
+ write_unlock_bh(&est_lock);
+ cpu_relax();
+ write_lock_bh(&est_lock);
+ }
write_unlock_bh(&est_lock);
}
