Re: [PATCH v2] net: alx: fix race condition in alx_remove

From: David Miller
Date: Mon Jun 15 2020 - 16:20:34 EST

Next message: Nitesh Narayan Lal: "[Patch v1] i40e: limit the msix vectors based on housekeeping CPUs"
Previous message: Jarkko Sakkinen: "Re: [PATCH v2] Documentation: tee: Document TEE kernel interface"
In reply to: Zekun Shen: "[PATCH v2] net: alx: fix race condition in alx_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Zekun Shen <bruceshenzk@xxxxxxxxx>
Date: Mon, 15 Jun 2020 11:50:29 -0400

> There is a race condition exist during termination. The path is
> alx_stop and then alx_remove. An alx_schedule_link_check could be called
> before alx_stop by interrupt handler and invoke alx_link_check later.
> Alx_stop frees the napis, and alx_remove cancels any pending works.
> If any of the work is scheduled before termination and invoked before
> alx_remove, a null-ptr-deref occurs because both expect alx->napis[i].
>
> This patch fix the race condition by moving cancel_work_sync functions
> before alx_free_napis inside alx_stop. Because interrupt handler can call
> alx_schedule_link_check again, alx_free_irq is moved before
> cancel_work_sync calls too.
>
> Signed-off-by: Zekun Shen <bruceshenzk@xxxxxxxxx>

Applied, thank you.

Next message: Nitesh Narayan Lal: "[Patch v1] i40e: limit the msix vectors based on housekeeping CPUs"
Previous message: Jarkko Sakkinen: "Re: [PATCH v2] Documentation: tee: Document TEE kernel interface"
In reply to: Zekun Shen: "[PATCH v2] net: alx: fix race condition in alx_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]