On Mon, Sep 24, 2007 at 08:54:07AM +0200, Jarek Poplawski wrote: > After rethinking, this scenario seems to be wrong or very unprobable > (I'm not sure of all ways "if (--container...)" could be compiled), > so there should be no such risk - double kfree/vfree is more probable, > so no danger. More likely is such refcount abuse: ipc_rcu_getref() in > do_msgsnd() done a bit after ipc_rcu_putref() in freeque() (msq > pointer acquired by do_msgsend() before freeque() started); then, > after schedule(), do_msgsnd() can work with kfreed msq_queue structure > (at least considering classic RCU).
I see this scenario is even more impossible, so you were right, it's all right at this point. Jarek P. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
