22 Feb
2022
22 Feb
'22
3:35 p.m.
Hi!
syzbot reported that two threads might write over agg_select_timer at the same time. Make agg_select_timer atomic to fix the races.
Ok, but:
--- a/drivers/net/bonding/bond_3ad.c +++ b/drivers/net/bonding/bond_3ad.c @@ -249,7 +249,7 @@ static inline int __check_agg_selection_ if (bond == NULL) return 0;
- return BOND_AD_INFO(bond).agg_select_timer ? 1 : 0;
- return atomic_read(&BOND_AD_INFO(bond).agg_select_timer) ? 1 : 0;
}
This could probably use !!.
+static bool bond_agg_timer_advance(struct bonding *bond) +{
- int val, nval;
- while (1) {
val = atomic_read(&BOND_AD_INFO(bond).agg_select_timer);if (!val)return false;nval = val - 1;if (atomic_cmpxchg(&BOND_AD_INFO(bond).agg_select_timer,val, nval) == val)break;- }
- return nval == 0;
+}
This should really be atomic_dec_if_positive, no?
Best regards, Pavel