On Wed, Apr 15, 2009 at 06:35:58AM -0700, Eric W. Biederman wrote: > > Because as far as I can tell we would just leak that refcount. > > The poll code does not appear to call back into any of the file > methods when it frees itself from the wait queue.
OK my suggestion was stupid. But I still don't see how this race is possible at all. So process A has a tun fd open and is spinning in poll(2). Now process B comes along and deletes that tun device. Process A's fd should have a netdev reference that keeps the device and associated structures alive. Oh I see what's going on. We're automatically detaching the device in uninit. This is just wrong. Just because process B deleted the netdev, process A should not be involutarily detached. Does anything actually rely on this behaviour? If not we should just change it to not do that. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[email protected]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt _______________________________________________ Lguest mailing list [email protected] https://ozlabs.org/mailman/listinfo/lguest
