Re: frequent slab corruption (since a long time)

From: Alan Cox
Date: Thu Aug 03 2006 - 13:19:31 EST

Next message: Theodore Tso: "Re: [PATCH -rt DO NOT APPLY] Fix for tg3 networking lockup"
Previous message: Theodore Tso: "Re: [PATCH -rt DO NOT APPLY] Fix for tg3 networking lockup"
In reply to: David Miller: "Re: frequent slab corruption (since a long time)"
Next in thread: Dave Jones: "Re: frequent slab corruption (since a long time)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ar Mer, 2006-08-02 am 15:49 -0700, ysgrifennodd David Miller:
> > None of the code manipulating tty->count seems to be under
> > the tty_mutex. Should it be ?
> > Or is this protected through some other means?
>
> It is in the primary code paths at least, all callers of init_dev()
> (which increments tty->count) grab the mutex and also release_dev()
> grabs the mutex around tty->count manipulations.

I've been auditing tty code and its joyously bad but only in harmless
places so far except for one.

init_dev (and caller) relies on tty_mutex to ensure that the
driver->ttys list is protected from things going away.

release_mem() removes stuff from the said list and frees memory. It is
not always called under tty_mutex and that appears very dubious to me at
the moment although tty->closing and the BKL *might* be sufficient.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Theodore Tso: "Re: [PATCH -rt DO NOT APPLY] Fix for tg3 networking lockup"
Previous message: Theodore Tso: "Re: [PATCH -rt DO NOT APPLY] Fix for tg3 networking lockup"
In reply to: David Miller: "Re: frequent slab corruption (since a long time)"
Next in thread: Dave Jones: "Re: frequent slab corruption (since a long time)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]