diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2010-10-24 04:27:10 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-10-24 16:25:39 -0700 |
commit | 5c398dc8f5a58b5417d8ae0d474704feb6e12a12 (patch) | |
tree | f4305312340df1ebeae5de3896d3fb4c3da3c6e8 /kernel/hrtimer.c | |
parent | 7f8a688e1e319fcc94dbed83a6ec82cea13f10b9 (diff) | |
download | kernel_samsung_espresso10-5c398dc8f5a58b5417d8ae0d474704feb6e12a12.zip kernel_samsung_espresso10-5c398dc8f5a58b5417d8ae0d474704feb6e12a12.tar.gz kernel_samsung_espresso10-5c398dc8f5a58b5417d8ae0d474704feb6e12a12.tar.bz2 |
netlink: fix netlink_change_ngroups()
commit 6c04bb18ddd633 (netlink: use call_rcu for netlink_change_ngroups)
used a somewhat convoluted and racy way to perform call_rcu().
The old block of memory is freed after a grace period, but the rcu_head
used to track it is located in new block.
This can clash if we call two times or more netlink_change_ngroups(),
and a block is freed before another. call_rcu() called on different cpus
makes no guarantee in order of callbacks.
Fix this using a more standard way of handling this : Each block of
memory contains its own rcu_head, so that no 'use after free' can
happens.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Johannes Berg <johannes@sipsolutions.net>
CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/hrtimer.c')
0 files changed, 0 insertions, 0 deletions