Hello everyone, whilst reading tipc_socket.c (1.7.3) I noticed that that TIPC calls functions which might sleep with the sk lock hold. Examples:
- recv_msg and recv_stream calling copy_to_user() after lock_sock(sk) - send_msg calling dest_name_check (which calls copy_from_user) dest_name_check() looks even worse becuase this seems to be some kind of security check, but the actual data read is discarded after evaluation. If this check passes -- is there any guarantee that the userdata is still the same when we call tipc_msg_build()? I don't think there is, but maybe i misinterpret things. Comments? Thanks, Florian ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ tipc-discussion mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tipc-discussion
