Re: 3.9-rc1 NULL pointer crash at find_pid_ns

From: Eric Dumazet
Date: Thu Mar 07 2013 - 13:18:50 EST

Next message: Tejun Heo: "Re: lockdep trace from prepare_bprm_creds"
Previous message: Paul E. McKenney: "Re: 3.9-rc1 NULL pointer crash at find_pid_ns"
In reply to: Sasha Levin: "Re: 3.9-rc1 NULL pointer crash at find_pid_ns"
Next in thread: Eric W. Biederman: "Re: 3.9-rc1 NULL pointer crash at find_pid_ns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2013-03-07 at 13:14 -0500, Sasha Levin wrote:

> Okay, I'm even more confused now.
>
> The expression in question is:
>
> hlist_entry_safe(rcu_dereference_bh(hlist_first_rcu(head)))
>
> You're saying that "rcu_dereference_bh(hlist_first_rcu(head))" can change between
> the two evaluations we do. That would mean that 'head' has changed in between, right?
>
> In that case, the list itself has changed - which means that RCU has changed the
> list underneath us.
>
> hlist_first_rcu() doesn't have any side-effects, it doesn't modify the list whatsoever,
> so the only thing that can change is 'head'. Why is it allowed to change if the list
> is protected by RCU?

Thats the point of RCU ;)

Things can change under us.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: lockdep trace from prepare_bprm_creds"
Previous message: Paul E. McKenney: "Re: 3.9-rc1 NULL pointer crash at find_pid_ns"
In reply to: Sasha Levin: "Re: 3.9-rc1 NULL pointer crash at find_pid_ns"
Next in thread: Eric W. Biederman: "Re: 3.9-rc1 NULL pointer crash at find_pid_ns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]