2007-02-10 21:51:15

by Oleg Nesterov

Subject: [PATCH 3/3] ipvs: flush defense_work before module unload

net/ipv4/ipvs/ip_vs_core.c

module_exit
ip_vs_cleanup
ip_vs_control_cleanup
cancel_rearming_delayed_work
// done

This is unsafe. The module may be unloaded and the memory may be freed while
defense_work's handler is still running/preempted.

Do flush_work(&defense_work.work) after cancel_rearming_delayed_work().

Alternatively, we could add flush_work() to cancel_rearming_delayed_work(),
but note that we can't change cancel_delayed_work() in the same manner because
it may be called from atomic context.

Signed-off-by: Oleg Nesterov <[email protected]>

--- 6.20-rc6-mm3/net/ipv4/ipvs/ip_vs_ctl.c~3_ipvs 2007-02-03 20:41:11.000000000 +0300
+++ 6.20-rc6-mm3/net/ipv4/ipvs/ip_vs_ctl.c 2007-02-10 23:14:41.000000000 +0300
@@ -2387,6 +2387,7 @@ void ip_vs_control_cleanup(void)
EnterFunction(2);
ip_vs_trash_cleanup();
cancel_rearming_delayed_work(&defense_work);
+ flush_work_keventd(&defense_work.work);
ip_vs_kill_estimator(&ip_vs_stats);
unregister_sysctl_table(sysctl_header);
proc_net_remove("ip_vs_stats");