2.2.16 SMP race condition in net/core/dev.c

From: Steve Cooper (scoop@consensys.com)
Date: Mon Aug 14 2000 - 13:12:08 EST

Next message: Christer Weinigel: "Re: NTFS-like streams?"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH] drivers/char/pc_keyb.c: checking resource allocation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

BUG FIX: 2.2.16 kernel

FILE : net/core/dev.c
ROUTINE: net_bh()

There is an SMP race condition in file net/core/dev.c routine net_bh() that can
result in skb_dequeue(&backlog) returning NULL.

It's pretty straight forward and goes like this...

0: dev_close() calls dev_clear_backlog() for the device it is closing
0: dev_clear_backlog() gets skb_queue_lock.
1: net_bh() tests skb_queue_empty(&backlog) == false WITHOUT skb_queue_lock
1: tries to get skb_queue_lock and waits...
0: empties the backlog queue for dev. backlog queue now completely empty.
0: releases skb_queue_lock
1: acquires skb_queue_lock
1: backlog queue is now empty, skb == NULL!

Attached is the obvious 2 line patch:

if (skb == NULL)
break;

Regards,
Steve Cooper
Consensys Computers Inc.

application/octet-stream attachment: kernel-2.2.16-dev.patch

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christer Weinigel: "Re: NTFS-like streams?"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH] drivers/char/pc_keyb.c: checking resource allocation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:34 EST