On Tue, 26 Apr 2005 12:34:13 -0500
Dmitry Torokhov <[email protected]> wrote:
> On 4/26/05, Evgeniy Polyakov <[email protected]> wrote:
> >
> > --- orig/drivers/connector/connector.c
> > +++ mod/drivers/connector/connector.c
> > @@ -151,8 +151,8 @@
> > __cbq->ddata = data;
> > __cbq->destruct_data = destruct_data;
> >
> > - queue_work(dev->cbdev->cn_queue, &__cbq->work);
> > - found = 1;
> > + if (queue_work(dev->cbdev->cn_queue, &__cbq->work))
> > + found = 1;
> > break;
>
> What does it help exactly? By the time you checked result of
> queue_work you have already corrupted work structure wuth the new data
> (and probably destructor).
>
> Also, where is the rest of the code? Should we notify caller that
> cn_netlink_send has dropped the message? And how do we do that?
Yes, I found it too.
Following patch should be the solution:
--- orig/drivers/connector/connector.c
+++ mod/drivers/connector/connector.c
@@ -146,13 +146,16 @@
spin_lock_bh(&dev->cbdev->queue_lock);
list_for_each_entry(__cbq, &dev->cbdev->queue_list, callback_entry) {
if (cn_cb_equal(&__cbq->cb->id, &msg->id)) {
- __cbq->cb->priv = msg;
+
+ if (!test_bit(0, &work->pending)) {
+ __cbq->cb->priv = msg;
- __cbq->ddata = data;
- __cbq->destruct_data = destruct_data;
+ __cbq->ddata = data;
+ __cbq->destruct_data = destruct_data;
- if (queue_work(dev->cbdev->cn_queue, &__cbq->work))
- found = 1;
+ if (queue_work(dev->cbdev->cn_queue, &__cbq->work))
+ found = 1;
+ }
break;
}
}
> --
> Dmitry
>
Evgeniy Polyakov
Only failure makes us experts. -- Theo de Raadt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
