|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] linux-2.6.18: netback: take net_schedule_list_lock when removing entry from net_schedule_list
>>> On 04.11.10 at 12:09, Laszlo Ersek <lersek@xxxxxxxxxx> wrote: > I can't find a net_tx_build_mops() function in 2.6.18. I believe I can > see what the patch does (*), but for 2.6.18, I think the consequences of > popping one from an empty list differ from the above. > > Therefore, can somebody please describe how to reproduce this bug? What > steps did lead to the NULL dereference in the original 2.6.32 environment? > > (*) It takes the locking out of remove_from_net_schedule_list() and > moves that reponsibility to the callers of > remove_from_net_schedule_list(). This is justified by the difference > between call sites: netif_deschedule_work() follows the old behavior, > but poll_net_schedule_list() (and transitively, net_tx_action()) needs > to lock the following together: > - checking for non-emptiness, > - modifying the first element, > - removing the first element from the list. > > I think without the patch the race could result in memory corruption > (even if with different consequences than above), but how can one > trigger the race? You'll need to get timing right: netif_deschedule_work() (called from __netif_down()) and net_tx_action() (a tasklet) aren't necessarily running on the same thread, and hence their attempts to remove an entry from the list may collide. With __netif_down() involved I think it's pretty clear how you would go about increasing the chances of reproducing the problem. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |