github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
1541d27bdb
linux/include
History
Ming Lei 5b05ac638c usbnet: fix skb traversing races during unlink(v2) 
commit 5b6e9bcdeb upstream.

Commit 4231d47e6fe69f061f96c98c30eaf9fb4c14b96d(net/usbnet: avoid
recursive locking in usbnet_stop()) fixes the recursive locking
problem by releasing the skb queue lock before unlink, but may
cause skb traversing races:
	- after URB is unlinked and the queue lock is released,
	the refered skb and skb->next may be moved to done queue,
	even be released
	- in skb_queue_walk_safe, the next skb is still obtained
	by next pointer of the last skb
	- so maybe trigger oops or other problems

This patch extends the usage of entry->state to describe 'start_unlink'
state, so always holding the queue(rx/tx) lock to change the state if
the referd skb is in rx or tx queue because we need to know if the
refered urb has been started unlinking in unlink_urbs.

The other part of this patch is based on Huajun's patch:
always traverse from head of the tx/rx queue to get skb which is
to be unlinked but not been started unlinking.

Signed-off-by: Huajun Li <huajun.li.lee@gmail.com>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Cc: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-05-21 09:40:01 -07:00
..
acpi ACPI: Store SRAT table revision 2012-01-25 17:24:57 -08:00
asm-generic asm-generic: Use __BITS_PER_LONG in statfs.h 2012-05-21 09:39:58 -07:00
crypto
drm drm: Fix authentication kernel crash 2012-02-03 09:18:52 -08:00
keys
linux usbnet: fix skb traversing races during unlink(v2) 2012-05-21 09:40:01 -07:00
math-emu
media [media] tuner-core/v4l2-subdev: document that the type field has to be filled in 2011-07-07 15:04:23 -03:00
mtd
net Bluetooth: hci_core: fix NULL-pointer dereference at unregister 2012-04-22 16:21:42 -07:00
pcmcia pcmcia: Make declaration and uses of struct pcmcia_device_id const 2011-05-06 07:46:15 +02:00
rdma Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2011-05-26 12:13:57 -07:00
rxrpc
scsi [SCSI] libsas: Add option for SATA soft reset 2011-05-26 22:49:33 -05:00
sound ALSA: sb16 - Fix build errors on MIPS and others with 13bit ioctl size 2011-06-30 15:33:57 +02:00
target target: Set additional sense length field in sense data 2012-01-25 17:25:00 -08:00
trace writeback: fix dereferencing NULL bdi->dev on trace_writeback_queue 2012-02-20 12:48:11 -08:00
video OMAPDSS: HDMI: PHY burnout fix 2012-03-12 10:32:59 -07:00
xen xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. 2012-01-25 17:24:41 -08:00
Kbuild