Skip to content
Snippets Groups Projects
Select Git revision
  • 5b6e9bcdeb65634b4ad604eb4536404bbfc62cfa
  • vme-testing default
  • ci-test
  • master
  • remoteproc
  • am625-sk-ov5640
  • pcal6534-upstreaming
  • lps22df-upstreaming
  • msc-upstreaming
  • imx8mp
  • iio/noa1305
  • vme-next
  • vme-next-4.14-rc4
  • v4.14-rc4
  • v4.14-rc3
  • v4.14-rc2
  • v4.14-rc1
  • v4.13
  • vme-next-4.13-rc7
  • v4.13-rc7
  • v4.13-rc6
  • v4.13-rc5
  • v4.13-rc4
  • v4.13-rc3
  • v4.13-rc2
  • v4.13-rc1
  • v4.12
  • v4.12-rc7
  • v4.12-rc6
  • v4.12-rc5
  • v4.12-rc4
  • v4.12-rc3
32 results

usbnet.c

Blame
    • Ming Lei's avatar
      5b6e9bcd
      usbnet: fix skb traversing races during unlink(v2) · 5b6e9bcd
      Ming Lei authored
      
      Commit 4231d47e(net/usbnet: avoid
      recursive locking in usbnet_stop()) fixes the recursive locking
      problem by releasing the skb queue lock before unlink, but may
      cause skb traversing races:
      	- after URB is unlinked and the queue lock is released,
      	the refered skb and skb->next may be moved to done queue,
      	even be released
      	- in skb_queue_walk_safe, the next skb is still obtained
      	by next pointer of the last skb
      	- so maybe trigger oops or other problems
      
      This patch extends the usage of entry->state to describe 'start_unlink'
      state, so always holding the queue(rx/tx) lock to change the state if
      the referd skb is in rx or tx queue because we need to know if the
      refered urb has been started unlinking in unlink_urbs.
      
      The other part of this patch is based on Huajun's patch:
      always traverse from head of the tx/rx queue to get skb which is
      to be unlinked but not been started unlinking.
      
      Signed-off-by: default avatarHuajun Li <huajun.li.lee@gmail.com>
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: Oliver Neukum <oneukum@suse.de>
      Cc: stable@kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5b6e9bcd
      History
      usbnet: fix skb traversing races during unlink(v2)
      Ming Lei authored
      
      Commit 4231d47e(net/usbnet: avoid
      recursive locking in usbnet_stop()) fixes the recursive locking
      problem by releasing the skb queue lock before unlink, but may
      cause skb traversing races:
      	- after URB is unlinked and the queue lock is released,
      	the refered skb and skb->next may be moved to done queue,
      	even be released
      	- in skb_queue_walk_safe, the next skb is still obtained
      	by next pointer of the last skb
      	- so maybe trigger oops or other problems
      
      This patch extends the usage of entry->state to describe 'start_unlink'
      state, so always holding the queue(rx/tx) lock to change the state if
      the referd skb is in rx or tx queue because we need to know if the
      refered urb has been started unlinking in unlink_urbs.
      
      The other part of this patch is based on Huajun's patch:
      always traverse from head of the tx/rx queue to get skb which is
      to be unlinked but not been started unlinking.
      
      Signed-off-by: default avatarHuajun Li <huajun.li.lee@gmail.com>
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: Oliver Neukum <oneukum@suse.de>
      Cc: stable@kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    generic_mpih-add1.c 1.98 KiB
    /* mpihelp-add_1.c  -  MPI helper functions
     * Copyright (C) 1994, 1996, 1997, 1998,
     *               2000 Free Software Foundation, Inc.
     *
     * This file is part of GnuPG.
     *
     * GnuPG is free software; you can redistribute it and/or modify
     * it under the terms of the GNU General Public License as published by
     * the Free Software Foundation; either version 2 of the License, or
     * (at your option) any later version.
     *
     * GnuPG is distributed in the hope that it will be useful,
     * but WITHOUT ANY WARRANTY; without even the implied warranty of
     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     * GNU General Public License for more details.
     *
     * You should have received a copy of the GNU General Public License
     * along with this program; if not, write to the Free Software
     * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
     *
     * Note: This code is heavily based on the GNU MP Library.
     *	 Actually it's the same code with only minor changes in the
     *	 way the data is stored; this is to support the abstraction
     *	 of an optional secure memory allocation which may be used
     *	 to avoid revealing of sensitive data due to paging etc.
     *	 The GNU MP Library itself is published under the LGPL;
     *	 however I decided to publish this code under the plain GPL.
     */
    
    #include "mpi-internal.h"
    #include "longlong.h"
    
    mpi_limb_t
    mpihelp_add_n(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
    	      mpi_ptr_t s2_ptr, mpi_size_t size)
    {
    	mpi_limb_t x, y, cy;
    	mpi_size_t j;
    
    	/* The loop counter and index J goes from -SIZE to -1.  This way
    	   the loop becomes faster.  */
    	j = -size;
    
    	/* Offset the base pointers to compensate for the negative indices. */
    	s1_ptr -= j;
    	s2_ptr -= j;
    	res_ptr -= j;
    
    	cy = 0;
    	do {
    		y = s2_ptr[j];
    		x = s1_ptr[j];
    		y += cy;	/* add previous carry to one addend */
    		cy = y < cy;	/* get out carry from that addition */
    		y += x;		/* add other addend */
    		cy += y < x;	/* get out carry from that add, combine */
    		res_ptr[j] = y;
    	} while (++j);
    
    	return cy;
    }