Re: [PATCH] xprt.c use after free of work_structs

On Mon, 2 May 2005, Trond Myklebust wrote:

> su den 01.05.2005 Klokka 00:02 (-0600) skreiv Zwane Mwaikambo:
> > This bug was first observed in 2.6.11-rc1-mm2 but i couldn't find the 
> > exact patch which would unmask it. The work_structs embedded in rpc_xprt 
> > are freed in xprt_destroy without waiting for all scheduled work to be 
> > completed, resulting in quite a kerfuffle. Since xprt->timer callback can 
> > schedule new work, flush the workqueue after killing the timer.
> 
> Hi Zwane,
> 
>   Thanks, I fully agree that this is needed.
> 
>  Chuck proposed a similar patch to me a couple of days ago, however he
> also pointed out that we need to call cancel_delayed_work() on
> xprt->sock_connect in the same code section in order to avoid trouble
> with the TCP reconnect code causing the same type of race. I've attached
> his mail.

Yes i wasn't sure i had caught all the cases.

Takk!
	Zwane
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- [PATCH] xprt.c use after free of work_structs
  - From: Zwane Mwaikambo <[email protected]>
- Re: [PATCH] xprt.c use after free of work_structs
  - From: Trond Myklebust <[email protected]>

Prev by Date: Re: 2.6.12-rc3-mm2 - /proc/ide/sr0/model: No such file or directory
Next by Date: Re: Empty partition nodes not created (was device node issues with recent mm's and udev)
Previous by thread: Re: [PATCH] xprt.c use after free of work_structs
Next by thread: Can NFS map different clients to different uid/gid?
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]