From: Wei Wang <weiwan@google.com>
Date: Sat, 17 Jun 2017 10:42:44 -0700
Subject: net: add debug atomic_inc_not_zero() in dst_hold()
Patch-mainline: v4.13-rc1
Git-commit: 44ebe79149ff415e810529bf192faa5c38d4a0de
References: bsc#1061739

This patch is meant to add a debug warning on the situation where dst is
being held during its destroy phase. This could potentially cause double
free issue on the dst.

Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Michal Kubecek <mkubecek@suse.cz>

---
 include/net/dst.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/net/dst.h b/include/net/dst.h
index 892f21e83470..fdb5cb225f6d 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -251,7 +251,7 @@ static inline void dst_hold(struct dst_entry *dst)
 	 * __pad_to_align_refcnt declaration in struct dst_entry
 	 */
 	BUILD_BUG_ON(offsetof(struct dst_entry, __refcnt) & 63);
-	atomic_inc(&dst->__refcnt);
+	WARN_ON(atomic_inc_not_zero(&dst->__refcnt) == 0);
 }
 
 static inline void dst_use(struct dst_entry *dst, unsigned long time)
-- 
2.14.2