On Thursday 2010-04-08 13:33, Patrick McHardy wrote: >Adam Nielsen wrote: >>>> I also noticed one another thing: you don't increase the refcount while >>>> xt_led_mutex is held. That means it is theoretically possible that you >>>> do a lookup, then a destructor runs and frees the object, leading to >>>> ++ledinternal->refcnt dereference an illegal ledinternal. >> >> Thanks both for your comments and explanations. I've attached an updated >> patch, I hope this one addresses these issues. >> >>> Indeed, I also noticed this. Basically, you need to make sure that >>> >>> - the lookup and refcnt increase is atomic, >>> - the refcnt decrease and list deletion is atomic >>> - the lookup and list insertion is atomic (in case no trigger exists) >> >> I've moved the mutex around so that hopefully all these operations are now atomic. >> >>> The remaining parts look fine to me, thanks. >> >> Great, I hope you're happy with this one! > >Looks good to me, thanks. Jan, any further issues from your side? None at this time. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
