netdev
[Top] [All Lists]

Re: [1/1] connector/CBUS: new messaging subsystem. Revision number next.

To: dtor_core@xxxxxxxxxxxxx
Subject: Re: [1/1] connector/CBUS: new messaging subsystem. Revision number next.
From: Evgeniy Polyakov <johnpol@xxxxxxxxxxx>
Date: Tue, 26 Apr 2005 22:07:13 +0400
Cc: dmitry.torokhov@xxxxxxxxx, netdev@xxxxxxxxxxx, Greg KH <greg@xxxxxxxxx>, Jamal Hadi Salim <hadi@xxxxxxxxxx>, Kay Sievers <kay.sievers@xxxxxxxx>, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxxx>, Guillaume Thouvenin <guillaume.thouvenin@xxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, Andrew Morton <akpm@xxxxxxxx>, Thomas Graf <tgraf@xxxxxxx>, Jay Lan <jlan@xxxxxxxxxxxx>
In-reply-to: <d120d50005042610342368cd72@xxxxxxxxxxxxxx>
Organization: MIPT
References: <20050411125932.GA19538@xxxxxxxxxxxxxxxxxxxxxxxx> <d120d5000504260857cb5f99e@xxxxxxxxxxxxxx> <20050426202437.234e7d45@xxxxxxxxxxxxxxxxxxxx> <20050426203023.378e4831@xxxxxxxxxxxxxxxxxxxx> <d120d50005042610342368cd72@xxxxxxxxxxxxxx>
Reply-to: johnpol@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
On Tue, 26 Apr 2005 12:34:13 -0500
Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx> wrote:

> On 4/26/05, Evgeniy Polyakov <johnpol@xxxxxxxxxxx> wrote:
> > 
> > --- orig/drivers/connector/connector.c
> > +++ mod/drivers/connector/connector.c
> > @@ -151,8 +151,8 @@
> >                        __cbq->ddata = data;
> >                        __cbq->destruct_data = destruct_data;
> > 
> > -                       queue_work(dev->cbdev->cn_queue, &__cbq->work);
> > -                       found = 1;
> > +                       if (queue_work(dev->cbdev->cn_queue, &__cbq->work))
> > +                               found = 1;
> >                        break;
> 
> What does it help exactly? By the time you checked result of
> queue_work you have already corrupted work structure wuth the new data
> (and probably destructor).
> 
> Also, where is the rest of the code? Should we notify caller that
> cn_netlink_send has dropped the message? And how do we do that?

Yes, I found it too.
Following patch should be the solution:

--- orig/drivers/connector/connector.c
+++ mod/drivers/connector/connector.c
@@ -146,13 +146,16 @@
        spin_lock_bh(&dev->cbdev->queue_lock);
        list_for_each_entry(__cbq, &dev->cbdev->queue_list, callback_entry) {
                if (cn_cb_equal(&__cbq->cb->id, &msg->id)) {
-                       __cbq->cb->priv = msg;
+       
+                       if (!test_bit(0, &work->pending)) {
+                               __cbq->cb->priv = msg;
 
-                       __cbq->ddata = data;
-                       __cbq->destruct_data = destruct_data;
+                               __cbq->ddata = data;
+                               __cbq->destruct_data = destruct_data;
 
-                       if (queue_work(dev->cbdev->cn_queue, &__cbq->work))
-                               found = 1;
+                               if (queue_work(dev->cbdev->cn_queue, 
&__cbq->work))
+                                       found = 1;
+                       }
                        break;
                }
        }


 
> -- 
> Dmitry
> 


        Evgeniy Polyakov

Only failure makes us experts. -- Theo de Raadt

<Prev in Thread] Current Thread [Next in Thread>