sis190.ko

Pavel Andrianov Mon, 15 Aug 2016 06:01:49 -0700

Hi!

There is a potential data race in drivers/net/ethernet/sis/sis190.ko.


Regard such situation:

CPU 1                           CPU 2

...
->sis190_open
- registers interrupts
...
->sis190_tx_timeout
- is called at some point
   ->sis190_tx_clear
      skb = tp->Tx_skbuff[i]
      [skb != null]

               an interrupt comes to CPU 2

                                -> sis190_irq
                                  -> sis190_tx_interrupt
                                    skb = tp->Tx_skbuff[entry];
      ...
      -> dev_kfree_skb_irq(skb)
        ->dev_kfree_skb(skb)

In this case the skb is freed twice. Likely, in the interrupt handlerthe same spinlock should be acquired as in

sis190_tx_timeout.

--
Pavel Andrianov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: andria...@ispras.ru

Potential data race in drivers/net/ethernet/sis/sis190.ko

Reply via email to