On Sunday 29 May 2016 22:33:39 Sven Eckelmann wrote: > The tt_req_node is added and removed from a list inside a spinlock. But the > locking is sometimes removed even when the object is still referenced and > will be used later via this reference. For example batadv_send_tt_request > can create a new tt_req_node (including add to a list) and later > re-acquires the lock to remove it from the list and to free it. But at > this time another context could have already removed this tt_req_node from > the list and freed it. > > This can only be solved via reference counting to allow multiple contexts > to handle the list manipulation while making sure that only the last > context frees the list.
Marek please replace the "frees the list" with "frees the object". I can also
resent the patch if you want to.
I will not resent it today because maybe Antonio or someone else still has
some problems with the current version.
Kind regards,
Sven
signature.asc
Description: This is a digitally signed message part.
