subject:"Potential data race in drivers\/net\/ethernet\/sis\/sis190.ko"

Potential data race in drivers/net/ethernet/sis/sis190.ko

2016-08-15 Thread Pavel Andrianov


Hi!

There is a potential data race in drivers/net/ethernet/sis/sis190.ko.

Regard such situation:

CPU 1   CPU 2

...
->sis190_open
- registers interrupts
...
->sis190_tx_timeout
- is called at some point
   ->sis190_tx_clear
  skb = tp->Tx_skbuff[i]
  [skb != null]

   an interrupt comes to CPU 2

-> sis190_irq
  -> sis190_tx_interrupt
skb = tp->Tx_skbuff[entry];
  ...
  -> dev_kfree_skb_irq(skb)
->dev_kfree_skb(skb)

In this case the skb is freed twice. Likely, in the interrupt handler 
the same spinlock should be acquired as in

sis190_tx_timeout.

--
Pavel Andrianov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: andria...@ispras.ru

Potential data race in drivers/net/ethernet/sis/sis190.ko

2016-08-15 Thread Pavel Andrianov


Hi!

There is a potential data race in drivers/net/ethernet/sis/sis190.ko.

Regard such situation:

CPU 1   CPU 2

...
->sis190_open
- registers interrupts
...
->sis190_tx_timeout
- is called at some point
   ->sis190_tx_clear
  skb = tp->Tx_skbuff[i]
  [skb != null]

   an interrupt comes to CPU 2

-> sis190_irq
  -> sis190_tx_interrupt
skb = tp->Tx_skbuff[entry];
  ...
  -> dev_kfree_skb_irq(skb)
->dev_kfree_skb(skb)

In this case the skb is freed twice. Likely, in the interrupt handler 
the same spinlock should be acquired as in

sis190_tx_timeout.

--
Pavel Andrianov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: andria...@ispras.ru

Potential data race in drivers/net/ethernet/sis/sis190.ko

Potential data race in drivers/net/ethernet/sis/sis190.ko

2 matches

Site Navigation

Mail list logo

Footer information