I am reading the TCP/IP code of kernel 2.2.15 and doing some development
based on it(yes, I know it's an old version, but I have to). I got a
little confused about the synchronization between net_bh and user-context,
and hope someone can help me out.
Specifically, why the following is impossible?
destroy_sock is called on CPU1, and a little bit later net_bh() is
executed on CPU2, which will grab the pointer to the socket just before
it's destroyed, and its later access becomes invalid.
CPU 1 CPU2
destroy_sock()
lock_sock()
sk->sock_readers++
synchronize_bh(), no bh is running
now net_bh() get called
=>tcp_v4_rcv()
sk = __tcp_v4_lookup(...)
sk has not been destroyed
tcp_v4_destroy_sock()
kill_sk_now() free sk
now sk has been destroyed
if (!atomic_read(&sk->sock_readers))
<-- sk become invalid
ronghua
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
