tipc: any name table member must be protected under name table lock

As tipc_nametbl_lock is used to protect name_table structure, the lock
must be held while all members of name_table structure are accessed.
However, the lock is not obtained while a member of name_table
structure - local_publ_count is read in tipc_nametbl_publish(), as
a consequence, an inconsistent value of local_publ_count might be got.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/tipc/name_table.c b/net/tipc/name_table.c
index 0d61f582640701d5795947aad97638af6d6dbfb1..93bac40292c13c27751df163777a52bd9a39f50f 100644 (file)
--- a/net/tipc/name_table.c
+++ b/net/tipc/name_table.c
@@ -656,13 +656,14 @@ struct publication *tipc_nametbl_publish(u32 type, u32 lower, u32 upper,
        struct publication *publ;
        struct sk_buff *buf = NULL;
 
+       write_lock_bh(&tipc_nametbl_lock);
        if (tipc_nametbl->local_publ_count >= TIPC_MAX_PUBLICATIONS) {
                pr_warn("Publication failed, local publication limit reached (%u)\n",
                        TIPC_MAX_PUBLICATIONS);
+               write_unlock_bh(&tipc_nametbl_lock);
                return NULL;
        }
 
-       write_lock_bh(&tipc_nametbl_lock);
        publ = tipc_nametbl_insert_publ(type, lower, upper, scope,
                                   tipc_own_addr, port_ref, key);
        if (likely(publ)) {