diff options
author | Prasanna S. Panchamukhi <prasannax.s.panchamukhi@intel.com> | 2010-04-13 16:35:58 -0700 |
---|---|---|
committer | Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com> | 2010-05-11 14:08:23 -0700 |
commit | d11a6e4495ee1fbb38b59bc88d49d050d3736929 (patch) | |
tree | 08afc7d7909dc451878f2ec04747071e2999e6e4 /drivers/nubus | |
parent | ded0fd62a8a7cb3b12bb007079bff2b858a12d2b (diff) | |
download | op-kernel-dev-d11a6e4495ee1fbb38b59bc88d49d050d3736929.zip op-kernel-dev-d11a6e4495ee1fbb38b59bc88d49d050d3736929.tar.gz |
wimax i2400m: fix race condition while accessing rx_roq by using kref count
This patch fixes the race condition when one thread tries to destroy
the memory allocated for rx_roq, while another thread still happen
to access rx_roq.
Such a race condition occurs when i2400m-sdio kernel module gets
unloaded, destroying the memory allocated for rx_roq while rx_roq
is accessed by i2400m_rx_edata(), as explained below:
$thread1 $thread2
$ void i2400m_rx_edata() $
$Access rx_roq[] $
$roq = &i2400m->rx_roq[ro_cin] $
$ i2400m_roq_[reset/queue/update_ws] $
$ $ void i2400m_rx_release();
$ $kfree(rx->roq);
$ $rx->roq = NULL;
$Oops! rx_roq is NULL
This patch fixes the race condition using refcount approach.
Signed-off-by: Prasanna S. Panchamukhi <prasannax.s.panchamukhi@intel.com>
Diffstat (limited to 'drivers/nubus')
0 files changed, 0 insertions, 0 deletions