From: Ming Lei <tom.leiming@xxxxxxxxx> Date: Thu, 3 May 2012 09:04:50 +0800 >>From a87ff961f0a5d50223bd084dfac4fe5ce84f3913 Mon Sep 17 00:00:00 2001 > From: Ming Lei <tom.leiming@xxxxxxxxx> > Date: Thu, 26 Apr 2012 11:33:46 +0800 > Subject: [PATCH] usbnet: fix skb traversing races during unlink(v2) > > Commit 4231d47e6fe69f061f96c98c30eaf9fb4c14b96d(net/usbnet: avoid > recursive locking in usbnet_stop()) fixes the recursive locking > problem by releasing the skb queue lock before unlink, but may > cause skb traversing races: > - after URB is unlinked and the queue lock is released, > the refered skb and skb->next may be moved to done queue, > even be released > - in skb_queue_walk_safe, the next skb is still obtained > by next pointer of the last skb > - so maybe trigger oops or other problems > > This patch extends the usage of entry->state to describe 'start_unlink' > state, so always holding the queue(rx/tx) lock to change the state if > the referd skb is in rx or tx queue because we need to know if the > refered urb has been started unlinking in unlink_urbs. > > The other part of this patch is based on Huajun's patch: > always traverse from head of the tx/rx queue to get skb which is > to be unlinked but not been started unlinking. > > Signed-off-by: Huajun Li <huajun.li.lee@xxxxxxxxx> > Signed-off-by: Ming Lei <tom.leiming@xxxxxxxxx> Applied. -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
