kevin/linux
1
Fork 0
Code
3a24934f06
linux/drivers/net/wimax/i2400m
History
Inaky Perez-Gonzalez 3a24934f06 wimax/i2400m: fix bad race condition check in RX path 
The i2400m->rx_roq data structure is protected against race conditions
with a reference count (i2400m->rx_roq_refcount); the pointer can be
read-referenced under the i2400m->rx_lock spinlock.

The code in i2400m_rx_edata() wasn't properly following access
protocol, performing an invalid check on i2400m->rx_roq (which is
cleared to NULL when the refcount drops to zero). As such, it was
missing to detect when the data structure is no longer valid and
oopsing with a NULL pointer dereference.

This commit fixes said check by verifying, under the rx_lock spinlock,
that i2400m->rx_roq is non-NULL and then increasing the reference
count before dropping the spinlock.

Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
2010-05-20 12:27:58 -07:00
..
control.c wimax/i2400m: Move module params to other file so they can be static 2010-05-11 14:10:24 -07:00
debug-levels.h
debugfs.c
driver.c wimax/i2400m: Move module params to other file so they can be static 2010-05-11 14:10:24 -07:00
fw.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
i2400m-sdio.h wimax/i2400m: fix the race condition for accessing TX queue 2010-05-11 14:04:46 -07:00
i2400m-usb.h
i2400m.h wimax/i2400m: Move module params to other file so they can be static 2010-05-11 14:10:24 -07:00
Kconfig
Makefile
netdev.c wimax/i2400m: increase tx queue length from 5 to 20 [v1] 2010-05-11 14:08:12 -07:00
op-rfkill.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rx.c wimax/i2400m: fix bad race condition check in RX path 2010-05-20 12:27:58 -07:00
sdio-debug-levels.h
sdio-fw.c
sdio-rx.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sdio-tx.c wimax/i2400m: add the error recovery mechanism on TX path 2010-05-11 14:05:39 -07:00
sdio.c wimax/i2400m: SDIO specific TX queue's minimum buffer room for new message 2010-05-11 14:08:58 -07:00
sysfs.c
tx.c wimax/i2400m: reserve additional space in the TX queue's buffer while allocating space for a new message header 2010-05-11 14:08:50 -07:00
usb-debug-levels.h
usb-fw.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
usb-notif.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
usb-rx.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
usb-tx.c
usb.c wimax/i2400m: driver defaults to firmware v1.5 for i6x60 devices 2010-05-11 15:00:49 -07:00