From: "Randy.Dunlap" <[EMAIL PROTECTED]>
> It _looks_ to me like it's having a problem with this loop in
> copy_files, but I could be a bit off:
>
> for (i = open_files; i != 0; i--) {
> struct file *f = *old_fds++;
> if (f)
> get_file(f);
> *new_fds++ = f;
> }
>
> and that <f> in "if (f)" is -1. Even if that much is correct, I don't
> know how that would happen.
> But since you a testing this many times anyway, how about changing that
to:
> if (!IS_ERR(f))
> and see what happens. That will just skip calling get_file() if
> f is -1 (or any negative value between -1000 and -1).
I didn't get to testing the IS_ERR fix above, since I found the
problem. I think. The race I posted about earlier today seems to cause
this, when I "fix" the race this goes away.
The race involves possibly decrementing a semaphore in memory that is
no longer legal, which is how I think the f came to be -1.
..Stu
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
