On Tue, 27 Mar 2007 01:05:22 +0200, Johannes Berg wrote: > Isn't there a race there when you remove interfaces and at the same time > __ieee80211_rx is running? I don't see anything that should stop that, > and if it happens we'll probably blow up pretty spectacularly with > accesses to a freed netdev, or even sending it frames... Yes, there is a race. - sta_info should be holding a reference to a net_device in its dev field (sta_info_add). - walking through the local->sub_if_list in __ieee80211_rx should happen under a lock - while invoking rx handlers in the list_for_each_entry loop (they shouldn't be called under the lock above - hm, another thing that makes locking in mac80211 hard) we should hold a reference to the appropriate net_device Jiri -- Jiri Benc SUSE Labs - To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
