This race occurs on UP (not SMP) systems. socket.c must
not continue using net_family after sock_unregister(net_family)
has returned. Here is a scenario for this to occur: go to sleep in
the following call:
if ((i = net_families[family]->create(sock, protocol)) < 0)
While sleeping, a task calls sock_unregister(family), which
succeeds since on UP there is currently no locking of any kind.
Duncan.
Patches against 2.4.19 and 2.5.45 attached. 2.4.19 patch:
--- linux/net/socket.c.orig 2002-08-03 02:39:46.000000000 +0200
+++ linux/net/socket.c 2002-10-31 09:16:50.000000000 +0100
@@ -132,7 +132,6 @@
static struct net_proto_family *net_families[NPROTO];
-#ifdef CONFIG_SMP
static atomic_t net_family_lockct = ATOMIC_INIT(0);
static spinlock_t net_family_lock = SPIN_LOCK_UNLOCKED;
@@ -170,13 +169,6 @@
atomic_dec(&net_family_lockct);
}
-#else
-#define net_family_write_lock() do { } while(0)
-#define net_family_write_unlock() do { } while(0)
-#define net_family_read_lock() do { } while(0)
-#define net_family_read_unlock() do { } while(0)
-#endif
-
/*
* Statistics counters of the socket lists