platform/kernel/linux-3.10 - Domain: System / Kernel;

diff options

author	Prasanna S. Panchamukhi <prasannax.s.panchamukhi@intel.com>	2010-04-13 16:35:58 -0700
committer	Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>	2010-05-11 14:08:23 -0700
commit	d11a6e4495ee1fbb38b59bc88d49d050d3736929 (patch)
tree	08afc7d7909dc451878f2ec04747071e2999e6e4 /fs
parent	ded0fd62a8a7cb3b12bb007079bff2b858a12d2b (diff)
download	linux-3.10-d11a6e4495ee1fbb38b59bc88d49d050d3736929.tar.gz linux-3.10-d11a6e4495ee1fbb38b59bc88d49d050d3736929.tar.bz2 linux-3.10-d11a6e4495ee1fbb38b59bc88d49d050d3736929.zip

wimax i2400m: fix race condition while accessing rx_roq by using kref count

This patch fixes the race condition when one thread tries to destroy the memory allocated for rx_roq, while another thread still happen to access rx_roq. Such a race condition occurs when i2400m-sdio kernel module gets unloaded, destroying the memory allocated for rx_roq while rx_roq is accessed by i2400m_rx_edata(), as explained below: $thread1 $thread2 $ void i2400m_rx_edata() $ $Access rx_roq[] $ $roq = &i2400m->rx_roq[ro_cin] $ $ i2400m_roq_[reset/queue/update_ws] $ $ $ void i2400m_rx_release(); $ $kfree(rx->roq); $ $rx->roq = NULL; $Oops! rx_roq is NULL This patch fixes the race condition using refcount approach. Signed-off-by: Prasanna S. Panchamukhi <prasannax.s.panchamukhi@intel.com>

Diffstat (limited to 'fs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: