diff options
author | sjur.brandeland@stericsson.com <sjur.brandeland@stericsson.com> | 2012-02-02 01:21:02 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-02-02 14:35:12 -0500 |
commit | b01377a4200d0dfc7b04a8daabb4739727353703 (patch) | |
tree | 2c1eef3ae76495872c2b55459c318e9a905c479f /net/caif/caif_socket.c | |
parent | c31c151b1c4a29da4dc92212aa8648fb4f8557b9 (diff) |
caif: Bugfix list_del_rcu race in cfmuxl_ctrlcmd.
Always use cfmuxl_remove_uplayer when removing a up-layer.
cfmuxl_ctrlcmd() can be called independently and in parallel with
cfmuxl_remove_uplayer(). The race between them could cause list_del_rcu
to be called on a node which has been already taken out from the list.
That lead to a (rare) crash on accessing poisoned node->prev inside
list_del_rcu.
This fix ensures that deletion are done holding the same lock.
Reported-by: Dmitry Tarnyagin <dmitry.tarnyagin@stericsson.com>
Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/caif/caif_socket.c')
0 files changed, 0 insertions, 0 deletions