Re: connector: Bugfix for cn_call_callback()
On Wed, Mar 07, 2007 at 12:26:12PM +0100, Philipp Reisner ([EMAIL PROTECTED]) wrote: > Hi Evgeniy, Hi Philipp. > When one stresses the connector code, with sending many messages > from userspace to kernel, one could get in the "unlikely()" > part in cn_call_callback(). > > There a new __cbq gets allocated, and a NULL pointer got assigned > to the callback by dereferencing __cbq. This is the bug. The right > thing is the dereference the original __cbq. Therefore the bugfix > is to use a new variable for the newly allocated __cbq. > > This is tested, and it fixes the issue. Yes, your patch is correct. > Signed-off-by: Philipp Reisner <[EMAIL PROTECTED]> > Signed-off-by: Lars Ellenberg <[EMAIL PROTECTED]> I will push it, thanks a lot. -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: connector: Bugfix for cn_call_callback()
On Wed, Mar 07, 2007 at 12:26:12PM +0100, Philipp Reisner ([EMAIL PROTECTED]) wrote: Hi Evgeniy, Hi Philipp. When one stresses the connector code, with sending many messages from userspace to kernel, one could get in the unlikely() part in cn_call_callback(). There a new __cbq gets allocated, and a NULL pointer got assigned to the callback by dereferencing __cbq. This is the bug. The right thing is the dereference the original __cbq. Therefore the bugfix is to use a new variable for the newly allocated __cbq. This is tested, and it fixes the issue. Yes, your patch is correct. Signed-off-by: Philipp Reisner [EMAIL PROTECTED] Signed-off-by: Lars Ellenberg [EMAIL PROTECTED] I will push it, thanks a lot. -- Evgeniy Polyakov - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/