> Hello!
>
> > Except that unix_destroy_timer() can kfree() it at any moment. And
> > *that* is not protected by kernel_lock.
>
> No. The things are much simpler. If socket is on timer,
> it means that someone refers to it. Until this someone will release
> it (and it can be made only under kernel lock),
> timer will not able to destroy it.
Yes. Already found it. I'm still not sure that we always do proper
unix_lock()/unix_unlock(), but that's another story. But I'm really
mistified by tsk->dead test in unix_accept(). The only functions setting
it are unix_release_sock() and unix_destroy_sock(). None of them can be
called on sock passed in MSG_SYN packet, so...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/