| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] [PATCH] linux-2.6.18: netback: take net_schedule_list_lo
>>> On 04.11.10 at 12:09, Laszlo Ersek <lersek@xxxxxxxxxx> wrote:
> I can't find a net_tx_build_mops() function in 2.6.18. I believe I can
> see what the patch does (*), but for 2.6.18, I think the consequences of
> popping one from an empty list differ from the above.
>
> Therefore, can somebody please describe how to reproduce this bug? What
> steps did lead to the NULL dereference in the original 2.6.32 environment?
>
> (*) It takes the locking out of remove_from_net_schedule_list() and
> moves that reponsibility to the callers of
> remove_from_net_schedule_list(). This is justified by the difference
> between call sites: netif_deschedule_work() follows the old behavior,
> but poll_net_schedule_list() (and transitively, net_tx_action()) needs
> to lock the following together:
> - checking for non-emptiness,
> - modifying the first element,
> - removing the first element from the list.
>
> I think without the patch the race could result in memory corruption
> (even if with different consequences than above), but how can one
> trigger the race?
You'll need to get timing right: netif_deschedule_work() (called
from __netif_down()) and net_tx_action() (a tasklet) aren't
necessarily running on the same thread, and hence their
attempts to remove an entry from the list may collide. With
__netif_down() involved I think it's pretty clear how you would
go about increasing the chances of reproducing the problem.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home