Re: Fw: memory corruption in tcp bind hash buckets on SMP?

• Next message: svetljo: "compiling Linux 2.5.5-dj2 + console_8.diff"
• Previous message: Jurriaan on Alpha: "compiling 2.5.6pre1 on Alpha bombs"
• Next in thread: Raghu Angadi: "Re: Fw: memory corruption in tcp bind hash buckets on SMP?"
• Reply: Raghu Angadi: "Re: Fw: memory corruption in tcp bind hash buckets on SMP?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

> I think his analysis is alright but he patch is questionable.

Yes. "if (tb) tcp_tw_put(tw)" cannot be right, no doubts.

Seems, it is enough to remove from bind hash _before_ established.

The idea was that bind hash is pure slave of another state, so that
it need not refcounting at all. Note that adding the second increment
does not help: when we verify that leakage (the situation, when
bucket is in bind hash, but has no timer running) is impossible
we immediately arrive to elimination of the refcount.

Raghu, could you check the variant with inverted order of removal?
Do you see holes? From my side... I need to think more. :-)

Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: svetljo: "compiling Linux 2.5.5-dj2 + console_8.diff"
• Previous message: Jurriaan on Alpha: "compiling 2.5.6pre1 on Alpha bombs"
• Next in thread: Raghu Angadi: "Re: Fw: memory corruption in tcp bind hash buckets on SMP?"
• Reply: Raghu Angadi: "Re: Fw: memory corruption in tcp bind hash buckets on SMP?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Feb 28 2002 - 21:00:38 EST