Re: [PATCH] xprt.c use after free of work_structs

From: Zwane Mwaikambo
Date: Mon May 02 2005 - 22:22:58 EST

Next message: Randy.Dunlap: "Re: Empty partition nodes not created (was device node issues withrecent mm's and udev)"
Previous message: Andrew Morton: "Re: 2.6.12-rc3-mm2 - /proc/ide/sr0/model: No such file or directory"
In reply to: Trond Myklebust: "Re: [PATCH] xprt.c use after free of work_structs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2 May 2005, Trond Myklebust wrote:

> su den 01.05.2005 Klokka 00:02 (-0600) skreiv Zwane Mwaikambo:
> > This bug was first observed in 2.6.11-rc1-mm2 but i couldn't find the
> > exact patch which would unmask it. The work_structs embedded in rpc_xprt
> > are freed in xprt_destroy without waiting for all scheduled work to be
> > completed, resulting in quite a kerfuffle. Since xprt->timer callback can
> > schedule new work, flush the workqueue after killing the timer.
>
> Hi Zwane,
>
> Thanks, I fully agree that this is needed.
>
> Chuck proposed a similar patch to me a couple of days ago, however he
> also pointed out that we need to call cancel_delayed_work() on
> xprt->sock_connect in the same code section in order to avoid trouble
> with the TCP reconnect code causing the same type of race. I've attached
> his mail.

Yes i wasn't sure i had caught all the cases.

Takk!
Zwane
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Randy.Dunlap: "Re: Empty partition nodes not created (was device node issues withrecent mm's and udev)"
Previous message: Andrew Morton: "Re: 2.6.12-rc3-mm2 - /proc/ide/sr0/model: No such file or directory"
In reply to: Trond Myklebust: "Re: [PATCH] xprt.c use after free of work_structs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]