Prev: PCMCIA: resource, fix lock imbalance
Next: SCSI: lpfc, fix lock imbalances
From: Daniel Borkmann on 18 Mar 2010 11:00
Matt Mackall wrote:
> On Tue, 2010-03-16 at 18:22 +0100, Jiri Slaby wrote:
>> On 03/16/2010 06:12 PM, Matt Mackall wrote:
>>> I don't get it. The source of the branch tests for !ndev->npinfo and the
>>> original destination of the branch also tests for !ndev->npinfo. I don't
>>> see how it gets dereferenced.
>> Let's look at more of the context:
>> if (!ndev->npinfo) {
>> npinfo = kmalloc(sizeof(*npinfo), GFP_KERNEL);
>> if (!npinfo) { // npinfo is NULL
>> err = -ENOMEM;
>> goto release;
>> }
>> ...
>> release: // npinfo is still NULL
>> if (!ndev->npinfo) { // condition is the same (holds)
>> // dereference below: vvvvvvvvvvvvvvv
>> spin_lock_irqsave(&npinfo->rx_lock, flags);
>> list_for_each_entry_safe(npe, tmp, &npinfo->rx_np, rx) {
>> npe->dev = NULL;
>> }
>> spin_unlock_irqrestore(&npinfo->rx_lock, flags);
>>
>> kfree(npinfo);
>> }
>
> Ok, you're correct, I read the second test backwards.
>
> Acked-by: Matt Mackall <mpm(a)selenic.com>
>

Thanks for fixing this and sorry for not being responsive, obviously it
sucks when you have a broken leg and German hospitals do not really have
Internet access ... ;)

Thanks,
Daniel

First  |  Prev  | 
Pages: 1 2
Prev: PCMCIA: resource, fix lock imbalance
Next: SCSI: lpfc, fix lock imbalances