Re: [Linux-ATM-General] RX/close vcc race with solos/atmtcp/usbatm/he

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Mon, 2010-06-07 at 12:37 -0400, Chas Williams (CONTRACTOR) wrote:
> i dont understand.  if you do a sock_hold() in find_vcc(), and then call
> vcc->push() you should be able to call vcc->push() and then sock_put(). 

Holding the reference doesn't stop the problem. The problem is

 vcc_release()
 --> vcc_destroy_socket()
   --> br2684_push(vcc, NULL)
         sets vcc->user_back = NULL
         (which it what causes the oops when try try to feed it any
          subsequent packets).

 Only _later_ does vcc_release() call sock_put().

It doesn't _matter_ that the tasklet is holding a reference on the
socket, because it's not the sk_free() which is causing the problem. 

Just making dev->ops->close() wait for the tasklet is perfectly
sufficient. That call happens from vcc_destroy_socket() before the call
to br2684_push(), and all is well.

-- 
dwmw2