Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he

RX/close vcc race with solos/atmtcp/usbatm/he · David Woodhouse <dwmw2@infradead.org> · 2010-05-26
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · Stanislaw Gruszka <stf_xl@wp.pl> · 2010-05-26
Re: RX/close vcc race with solos/atmtcp/usbatm/he · David Miller <davem@davemloft.net> · 2010-05-28
Re: RX/close vcc race with solos/atmtcp/usbatm/he · David Woodhouse <dwmw2@infradead.org> · 2010-05-28
Re: RX/close vcc race with solos/atmtcp/usbatm/he · David Woodhouse <dwmw2@infradead.org> · 2010-06-07
Re: RX/close vcc race with solos/atmtcp/usbatm/he · Nathan Williams <hidden> · 2010-06-16
Re: RX/close vcc race with solos/atmtcp/usbatm/he · Nathan Williams <hidden> · 2010-07-27
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · Chas Williams (CONTRACTOR) <hidden> · 2010-06-07
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · David Woodhouse <dwmw2@infradead.org> · 2010-06-07
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · Chas Williams (CONTRACTOR) <hidden> · 2010-06-07
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · David Woodhouse <dwmw2@infradead.org> · 2010-06-07
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · Chas Williams (CONTRACTOR) <hidden> · 2010-06-07
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · David Woodhouse <dwmw2@infradead.org> · 2010-06-07
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · Chas Williams (CONTRACTOR) <hidden> · 2010-06-08
Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he · David Woodhouse <dwmw2@infradead.org> · 2010-06-08
[PATCH] solos-pci: Fix race condition in tasklet RX handling · David Woodhouse <dwmw2@infradead.org> · 2010-08-06
Re: [PATCH] solos-pci: Fix race condition in tasklet RX handling · David Miller <davem@davemloft.net> · 2010-08-08

From: David Woodhouse <dwmw2@infradead.org>
Date: 2010-06-07 20:49:54

On Mon, 2010-06-07 at 12:37 -0400, Chas Williams (CONTRACTOR) wrote:

i dont understand.  if you do a sock_hold() in find_vcc(), and then call
vcc->push() you should be able to call vcc->push() and then sock_put().

Holding the reference doesn't stop the problem. The problem is

 vcc_release()
 --> vcc_destroy_socket()
   --> br2684_push(vcc, NULL)
         sets vcc->user_back = NULL
         (which it what causes the oops when try try to feed it any
          subsequent packets).

 Only _later_ does vcc_release() call sock_put().

It doesn't _matter_ that the tasklet is holding a reference on the
socket, because it's not the sk_free() which is causing the problem. 

Just making dev->ops->close() wait for the tasklet is perfectly
sufficient. That call happens from vcc_destroy_socket() before the call
to br2684_push(), and all is well.

-- 
dwmw2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help