Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / d11a6e4495ee1fbb38b59bc88d49d050d3736929
commitd11a6e4495ee1fbb38b59bc88d49d050d3736929[log] [tgz]
authorPrasanna S. Panchamukhi <prasannax.s.panchamukhi@intel.com>Tue Apr 13 16:35:58 2010 -0700
committerInaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>Tue May 11 14:08:23 2010 -0700
tree08afc7d7909dc451878f2ec04747071e2999e6e4
parentded0fd62a8a7cb3b12bb007079bff2b858a12d2b [diff]
wimax i2400m: fix race condition while accessing rx_roq by using kref count

This patch fixes the race condition when one thread tries to destroy
the memory allocated for rx_roq, while another thread still happen
to access rx_roq.
Such a race condition occurs when i2400m-sdio kernel module gets
unloaded, destroying the memory allocated for rx_roq while rx_roq
is accessed by i2400m_rx_edata(), as explained below:
$thread1                                $thread2
$ void i2400m_rx_edata()                $
$Access rx_roq[]                        $
$roq = &i2400m->rx_roq[ro_cin]          $
$ i2400m_roq_[reset/queue/update_ws]    $
$                                       $ void i2400m_rx_release();
$                                       $kfree(rx->roq);
$                                       $rx->roq = NULL;
$Oops! rx_roq is NULL

This patch fixes the race condition using refcount approach.

Signed-off-by: Prasanna S. Panchamukhi <prasannax.s.panchamukhi@intel.com>
2 files changed
tree: 08afc7d7909dc451878f2ec04747071e2999e6e4
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS