Re: Oops after register_netdev() failure in 2.6.3-bk5

From: viro
Date: Tue Feb 24 2004 - 15:49:33 EST


On Tue, Feb 24, 2004 at 03:04:23PM -0500, Pavel Roskin wrote:
> The version in the Linux source doesn't crash because it doesn't call
> netif_carrier_off(). The CVS version of the Orinoco driver calls
> netif_carrier_off() after the device is allocated. The idea is to set
> carrier to on only when the firmware associates and indicates it by
> passing an informational frame to the driver.
>
> The second version of the dummy patch is attached. It models the problem
> much better.

I have an even better model for you:

dev = alloc_netdev(<whatever>);
netif_carrier_off(dev);
free_netdev(dev);

That leaves a scheduled work (by linkwatch_fire_event()) with pointer to
freed dev.

*NOTE*: dev_hold() provides protection only to devices that had been
registered. So netif_carrier_off() is safe for those (dev_hold() will
hold unregister_netdev() from from finishing and since the caller of
unregister_netdev() is still holding a reference, device won't go away).

IOW, Don't Do It, Then. netif_carrier_off() is not safe for devices
that are not registered.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html