[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20100123.015511.83860202.davem@davemloft.net>
Date: Sat, 23 Jan 2010 01:55:11 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: jchapman@...alix.com
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH] l2tp: Fix a UDP socket reference count bug in the
pppol2tp driver
From: James Chapman <jchapman@...alix.com>
Date: Thu, 21 Jan 2010 16:10:09 +0000
> The bug can cause a kernel stack trace when a tunnel socket is closed.
>
> WARNING: at include/net/sock.h:435 udp_lib_unhash+0x117/0x120()
> Pid: 1086, comm: openl2tpd Not tainted 2.6.33-rc1 #8
> Call Trace:
This fix doesn't look right at all.
You grab one reference in connect() and then drop a reference
every single recvmsg() call.
recvmsg() calls to connect() would be many to one, so I can't
see how this reference counting scheme could possibly work.
Why don't you describe the exact sequence of events that lead
to the trace, so we can figure out how to correct this
properly?
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists