Re: [1/1] connector/CBUS: new messaging subsystem. Revision number next.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 26 Apr 2005 13:20:08 -0500
Dmitry Torokhov <[email protected]> wrote:

> On 4/26/05, Evgeniy Polyakov <[email protected]> wrote:
> > Yes, I found it too.
> > Following patch should be the solution:
> > 
> > --- orig/drivers/connector/connector.c
> > +++ mod/drivers/connector/connector.c
> > @@ -146,13 +146,16 @@
> >        spin_lock_bh(&dev->cbdev->queue_lock);
> >        list_for_each_entry(__cbq, &dev->cbdev->queue_list, callback_entry) {
> >                if (cn_cb_equal(&__cbq->cb->id, &msg->id)) {
> > -                       __cbq->cb->priv = msg;
> > +
> > +                       if (!test_bit(0, &work->pending)) {
> > +                               __cbq->cb->priv = msg;
> > 
> > -                       __cbq->ddata = data;
> > -                       __cbq->destruct_data = destruct_data;
> > +                               __cbq->ddata = data;
> > +                               __cbq->destruct_data = destruct_data;
> > 
> 
> Still not good enough - work->pending bit gets cleared when work has
> been scheduled, but before executing payload. You still have the race.

Data pointer is copied before bit is set, 
but I forget that it is not data, but another pointer
which may be overwritten.

I think we may finish it by setting skb as data,
and call kfree_skb() as destructor.

Thank you for your analysis.
 
> -- 
> Dmitry


	Evgeniy Polyakov

Only failure makes us experts. -- Theo de Raadt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux