Re: race in usbnet.c in full RT
From: Christoph Hellwig
Date: Wed Jun 08 2005 - 05:18:37 EST
On Wed, Jun 08, 2005 at 02:21:39PM +0400, Eugeny S. Mints wrote:
> in non-RT case spin_lock_irqsave (&dev->txq.lock, flags) disables
> interrupts and thus code from usb_submit_urb() call upto
> __skb_queue_tail (&dev->txq, skb) executes atomically. But in RT case
> interrupts are not disabled and usb_submit_urb() triggers an interrupt
> which may cause tx_complete() execution before __skb_queue_tail () call.
> And since skb->list gets initialized just at __skb_queue_tail(), call to
> tx_complete() (via defer_bh() which thus executes before
> __skb_queue_tail) dereferences NULL (skb->list) pointer.
>
> Thus looks tx_complete() and usbnet_start_xmit() require a
> serialization. Please find proposed fix attached though not sure the
> patch will apply cleanly to the latest kernel.
Please fix whatever patch you use for "full RT mode" to not break valid
assupmtions in drivers.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/