Re: race in usbnet.c in full RT

On Wed, Jun 08, 2005 at 02:21:39PM +0400, Eugeny S. Mints wrote:
> in non-RT case spin_lock_irqsave (&dev->txq.lock, flags) disables 
> interrupts and thus code from usb_submit_urb() call upto 
> __skb_queue_tail (&dev->txq, skb) executes atomically. But in RT case 
> interrupts are not disabled and usb_submit_urb() triggers an interrupt 
> which may cause tx_complete() execution before __skb_queue_tail () call. 
> And since skb->list gets initialized just at __skb_queue_tail(), call to 
> tx_complete() (via defer_bh() which thus executes before 
> __skb_queue_tail) dereferences NULL (skb->list) pointer.
> 
> Thus looks tx_complete() and usbnet_start_xmit() require a 
> serialization. Please find proposed fix attached though not sure the 
> patch will apply cleanly to the latest kernel.

Please fix whatever patch you use for "full RT mode" to not break valid
assupmtions in drivers.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- race in usbnet.c in full RT
  - From: "Eugeny S. Mints" <[email protected]>

Prev by Date: race in usbnet.c in full RT
Next by Date: Re: oops on using io_submit
Previous by thread: race in usbnet.c in full RT
Next by thread: Re: race in usbnet.c in full RT
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]