diff options
| author |   Prasanna S. Panchamukhi <prasannax.s.panchamukhi@intel.com> | 2010-04-13 16:35:58 -0700 |
|---|---|---|
| committer |   Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com> | 2010-05-11 14:08:23 -0700 |
| commit | d11a6e4495ee1fbb38b59bc88d49d050d3736929 (patch) | |
| tree | 08afc7d7909dc451878f2ec04747071e2999e6e4 /mm/mm_init.c | |
| parent | wimax/i2400m: increase tx queue length from 5 to 20 [v1] (diff) | |
| download | linux-rng-d11a6e4495ee1fbb38b59bc88d49d050d3736929.tar.xz linux-rng-d11a6e4495ee1fbb38b59bc88d49d050d3736929.zip | |
wimax i2400m: fix race condition while accessing rx_roq by using kref count
This patch fixes the race condition when one thread tries to destroy
the memory allocated for rx_roq, while another thread still happen
to access rx_roq.
Such a race condition occurs when i2400m-sdio kernel module gets
unloaded, destroying the memory allocated for rx_roq while rx_roq
is accessed by i2400m_rx_edata(), as explained below:
$thread1 $thread2
$ void i2400m_rx_edata() $
$Access rx_roq[] $
$roq = &i2400m->rx_roq[ro_cin] $
$ i2400m_roq_[reset/queue/update_ws] $
$ $ void i2400m_rx_release();
$ $kfree(rx->roq);
$ $rx->roq = NULL;
$Oops! rx_roq is NULL
This patch fixes the race condition using refcount approach.
Signed-off-by: Prasanna S. Panchamukhi <prasannax.s.panchamukhi@intel.com>
Diffstat (limited to 'mm/mm_init.c')
0 files changed, 0 insertions, 0 deletions