Arthur Kepner writes:
> There's a race in pktgen which can lead to a double
> free of a pktgen_dev's skb. If a worker thread is in
> the midst of doing fill_packet(), and the controlling
> thread gets a "stop" message, the already freed skb
> can be freed once again in pktgen_stop_device().
Hello!
A device can only belong to one CPU/thread and to avoid races control
messages are posted to the thread. In the case you mention most pktgen_stop
is called from the same CPU/thread.
pktgen_stop_all_threads_ifs is an exception it should be possible
set running in struct pktgen_dev to false for all devs in the thread
and have the pktgen_thread_worker to do pktgen_stop to avoid races.
The same trick could be used in the case we get NETDEV_UNREGISTER
So in __pktgen_NN_threads instead of removing the device we set
running false and the pktgen_thread_worker do the remove job. It
might need some syncing. Anything you could try?
Cheers.
--ro
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
