diff options
author | Rasesh Mody <rmody@brocade.com> | 2011-09-16 19:06:48 +0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-09-17 08:47:57 +0400 |
commit | b9fa1fbf98178c8bbda23ff1d3ed0731bb3c0bd1 (patch) | |
tree | 7562913799f3ec165d2e0befb43e7e5463dac7c2 | |
parent | 3fb9852f98ffb4cdd3bad6eb50b1a6d58cee1298 (diff) | |
download | linux-b9fa1fbf98178c8bbda23ff1d3ed0731bb3c0bd1.tar.xz |
bna: Eliminate Small Race Condition Window in RX Path
Change details:
- In a continuous sequence of ifconfig up/down operations, there is a small
window of race between bnad_set_rx_mode() and bnad_cleanup_rx() while the
former tries to access rx_info->rx & the latter sets it to NULL. This race
could lead to bna_rx_mode_set() being called with a NULL (rx_info->rx)
pointer and a crash.
- Hold bnad->bna_lock while setting / unsetting rx_info->rx in bnad_setup_rx()
& bnad_cleanup_rx(), thereby eliminating the race described above.
Signed-off-by: Gurunatha Karaje <gkaraje@brocade.com>
Signed-off-by: Rasesh Mody <rmody@brocade.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/ethernet/brocade/bna/bnad.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c index 33ab1f81c1c2..abca1399fe51 100644 --- a/drivers/net/ethernet/brocade/bna/bnad.c +++ b/drivers/net/ethernet/brocade/bna/bnad.c @@ -1875,10 +1875,10 @@ bnad_cleanup_rx(struct bnad *bnad, u32 rx_id) spin_lock_irqsave(&bnad->bna_lock, flags); bna_rx_destroy(rx_info->rx); - spin_unlock_irqrestore(&bnad->bna_lock, flags); rx_info->rx = NULL; rx_info->rx_id = 0; + spin_unlock_irqrestore(&bnad->bna_lock, flags); bnad_rx_res_free(bnad, res_info); } @@ -1932,12 +1932,13 @@ bnad_setup_rx(struct bnad *bnad, u32 rx_id) spin_lock_irqsave(&bnad->bna_lock, flags); rx = bna_rx_create(&bnad->bna, bnad, rx_config, &rx_cbfn, res_info, rx_info); - spin_unlock_irqrestore(&bnad->bna_lock, flags); if (!rx) { err = -ENOMEM; + spin_unlock_irqrestore(&bnad->bna_lock, flags); goto err_return; } rx_info->rx = rx; + spin_unlock_irqrestore(&bnad->bna_lock, flags); /* * Init NAPI, so that state is set to NAPI_STATE_SCHED, |