linux-hardened/drivers/atm
David Woodhouse 1f6ea6e511 solos-pci: Fix race condition in tasklet RX handling
We were seeing faults in the solos-pci receive tasklet when packets
arrived for a VCC which was currently being closed:

[18842.727906] EIP: [<e082f490>] br2684_push+0x19/0x234 [br2684] SS:ESP 0068:dfb89d14 

[18845.090712] [<c13ecff3>] ? do_page_fault+0x0/0x2e1 
[18845.120042] [<e082f490>] ? br2684_push+0x19/0x234 [br2684] 
[18845.153530] [<e084fa13>] solos_bh+0x28b/0x7c8 [solos_pci] 
[18845.186488] [<e084f711>] ? solos_irq+0x2d/0x51 [solos_pci] 
[18845.219960] [<c100387b>] ? handle_irq+0x3b/0x48 
[18845.247732] [<c10265cb>] ? irq_exit+0x34/0x57 
[18845.274437] [<c1025720>] tasklet_action+0x42/0x69 
[18845.303247] [<c102643f>] __do_softirq+0x8e/0x129 
[18845.331540] [<c10264ff>] do_softirq+0x25/0x2a 
[18845.358274] [<c102664c>] _local_bh_enable_ip+0x5e/0x6a 
[18845.389677] [<c102666d>] local_bh_enable+0xb/0xe 
[18845.417944] [<e08490a8>] ppp_unregister_channel+0x32/0xbb [ppp_generic] 
[18845.458193] [<e08731ad>] pppox_unbind_sock+0x18/0x1f [pppox] 

This patch uses an RCU-inspired approach to fix it. In the RX tasklet's
find_vcc() function we first refuse to use a VCC which already has the
ATM_VF_READY bit cleared. And in the VCC close function, we synchronise
with the tasklet to ensure that it can't still be using the VCC before
we continue and allow the VCC to be destroyed.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Nathan Williams <nathan@traverse.com.au>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-07 23:02:59 -07:00
..
.gitignore [ATM]: Ignore generated file pca200e_ecd.bin2 2006-12-11 14:34:35 -08:00
adummy.c atm/adummy: add syfs DEVICE_ATTR to change signal 2010-07-09 00:09:21 -07:00
ambassador.c atm: Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used) 2010-07-15 19:05:18 -07:00
ambassador.h firmware: convert Ambassador ATM driver to request_firmware() 2008-07-10 14:49:39 +01:00
atmtcp.c net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
eni.c atm: Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used) 2010-07-15 19:05:18 -07:00
eni.h drivers/atm/eni.h: remove unused macro KERNEL_OFFSET 2008-06-10 12:46:52 -07:00
firestream.c atm: Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used) 2010-07-15 19:05:19 -07:00
firestream.h
fore200e.c of: Remove duplicate fields from of_platform_driver 2010-05-22 00:10:40 -06:00
fore200e.h fore200e: Convert over to pure OF driver. 2008-08-29 02:14:59 -07:00
he.c atm: Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used) 2010-07-15 19:05:19 -07:00
he.h atm: [he] rewrite buffer handling in receive path 2010-05-31 00:27:47 -07:00
horizon.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
horizon.h long vs. unsigned long - low-hanging fruits in drivers 2007-10-14 12:41:51 -07:00
idt77105.c atm/idt77105.c: call atm_dev_signal_change() when signal changes. 2010-07-09 00:09:22 -07:00
idt77105.h [ATM]: [idt77105] should be __devinit not __init 2006-06-29 16:58:12 -07:00
idt77252.c atm: Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used) 2010-07-15 19:05:20 -07:00
idt77252.h atm: idt77252: Use generic SKB queue management instead of home-grown scheme. 2008-09-21 21:38:26 -07:00
idt77252_tables.h
iphase.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
iphase.h iphase: Fix 64bit warning. 2008-05-14 23:28:47 -07:00
Kconfig atm: [nicstar] remove virt_to_bus() and support 64-bit platforms 2010-05-31 00:27:46 -07:00
lanai.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
Makefile atm: Driver for Solos PCI ADSL2+ card. 2008-12-26 01:26:11 -08:00
midway.h
nicstar.c drivers: atm: don't use private copy of hex_to_bin() 2010-07-23 12:50:49 -07:00
nicstar.h atm: [nicstar] remove virt_to_bus() and support 64-bit platforms 2010-05-31 00:27:46 -07:00
nicstarmac.c atm: [nicstar] reformatted with Lindent 2010-05-31 00:27:46 -07:00
nicstarmac.copyright drivers/atm/: remove CVS keywords 2008-05-20 14:52:25 -07:00
solos-attrlist.c solos: Show Interleaving details for ADSL2 and 2+ 2009-05-07 19:49:44 +01:00
solos-pci.c solos-pci: Fix race condition in tasklet RX handling 2010-08-07 23:02:59 -07:00
suni.c atm/suni.c: call atm_dev_signal_change() when signal changes. 2010-07-09 00:09:23 -07:00
suni.h atm: [suni] add support for setting loopback and framing modes 2008-06-17 16:19:24 -07:00
tonga.h
uPD98401.h
uPD98402.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
uPD98402.h
zatm.c atm: Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used) 2010-07-15 19:05:21 -07:00
zatm.h Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
zeprom.h