Re: x86: fix race in create_irq_nr on irq_desc

From: Yinghai Lu
Date: Wed Feb 03 2010 - 05:25:32 EST

Next message: Jens Axboe: "Re: [RFC GIT PULL] perf/trace/lock optimization/scalabilityimprovements"
Previous message: Dan Carpenter: "Re: Re: [RFC] Dell activity led WMI driver"
In reply to: Brandon Philips: "x86: fix race in create_irq_nr on irq_desc"
Next in thread: Brandon Philips: "Re: x86: fix race in create_irq_nr on irq_desc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/02/2010 07:31 PM, Brandon Philips wrote:
> Race in create_irq_nr():
>
> - Thread 1 loops through and calls irq_to_desc_alloc_node with new=0x66.
>
> - Thread 2 has exited the loop with irq=0x66 and calls dynamic_irq_init(0x66)
> setting desc->chip_data = NULL
>
> - Thread 1 then dereferences NULL via desc_new->chip_data->vector

two threads get same irq?

YH
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jens Axboe: "Re: [RFC GIT PULL] perf/trace/lock optimization/scalabilityimprovements"
Previous message: Dan Carpenter: "Re: Re: [RFC] Dell activity led WMI driver"
In reply to: Brandon Philips: "x86: fix race in create_irq_nr on irq_desc"
Next in thread: Brandon Philips: "Re: x86: fix race in create_irq_nr on irq_desc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]