summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGao feng <gaofeng@cn.fujitsu.com>2012-07-04 23:28:40 +0000
committerDavid S. Miller <davem@davemloft.net>2012-07-09 00:18:04 -0700
commitb761c9b1f4f69eb53fb6147547a1ab25237a93b3 (patch)
tree914b20a973bbffca5fd4e524d2858ff708b56bba
parentb93984c9afacd4fe32b785d52a93660d91202b10 (diff)
downloadlwn-b761c9b1f4f69eb53fb6147547a1ab25237a93b3.tar.gz
lwn-b761c9b1f4f69eb53fb6147547a1ab25237a93b3.zip
cgroup: fix panic in netprio_cgroup
we set max_prioidx to the first zero bit index of prioidx_map in function get_prioidx. So when we delete the low index netprio cgroup and adding a new netprio cgroup again,the max_prioidx will be set to the low index. when we set the high index cgroup's net_prio.ifpriomap,the function write_priomap will call update_netdev_tables to alloc memory which size is sizeof(struct netprio_map) + sizeof(u32) * (max_prioidx + 1), so the size of array that map->priomap point to is max_prioidx +1, which is low than what we actually need. fix this by adding check in get_prioidx,only set max_prioidx when max_prioidx low than the new prioidx. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/core/netprio_cgroup.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c
index 5b8aa2fae48b..aa907ed466ea 100644
--- a/net/core/netprio_cgroup.c
+++ b/net/core/netprio_cgroup.c
@@ -49,8 +49,9 @@ static int get_prioidx(u32 *prio)
return -ENOSPC;
}
set_bit(prioidx, prioidx_map);
+ if (atomic_read(&max_prioidx) < prioidx)
+ atomic_set(&max_prioidx, prioidx);
spin_unlock_irqrestore(&prioidx_map_lock, flags);
- atomic_set(&max_prioidx, prioidx);
*prio = prioidx;
return 0;
}