Re: [PATCH v2 3/3] pppoatm: protect against freeing of vcc

From: David Woodhouse
Date: Thu Nov 29 2012 - 20:56:57 EST

Next message: Minchan Kim: "Re: [PATCH 1/2] zsmalloc: add function to query object size"
Previous message: Alan Ott: "[PATCH] 6lowpan: consider checksum bytes in fragmentation threshold"
In reply to: Chas Williams (CONTRACTOR): "Re: [PATCH v2 3/3] pppoatm: protect against freeing of vcc"
Next in thread: David Woodhouse: "Re: [PATCH v2 3/3] pppoatm: protect against freeing of vcc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2012-11-29 at 20:38 -0500, Chas Williams (CONTRACTOR) wrote:
> it isnt clear to me that fixes the race entirely either.
> vcc_destroy_socket() and any of the push()/sends()'s are not
> serialized.
> while you may clear the ATM_VF_READY flag, you might not clear it soon
> enough for any particular push() that is already running. so it still
> seems like you are racing close() against push() at this point. the
> window is greatly reduced, but it still exists.

I think it's actually fixed for pppoatm by the bh_lock_sock() and the
sock_owned_by_user() check. As soon as vcc_release() calls lock_sock(),
pppoatm stops accepting packets.

It should be simple enough to do the same in br2684.

--
dwmw2

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Minchan Kim: "Re: [PATCH 1/2] zsmalloc: add function to query object size"
Previous message: Alan Ott: "[PATCH] 6lowpan: consider checksum bytes in fragmentation threshold"
In reply to: Chas Williams (CONTRACTOR): "Re: [PATCH v2 3/3] pppoatm: protect against freeing of vcc"
Next in thread: David Woodhouse: "Re: [PATCH v2 3/3] pppoatm: protect against freeing of vcc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]