Re: [PATCH]drivers/net/wan/lmc/lmc_main.c

Linus Torvalds (torvalds@transmeta.com)
Tue, 22 May 2001 09:50:48 -0700 (PDT)


On Mon, 21 May 2001, Akash Jain wrote:
>
> Sorry if this is reposted, previous one seemed to get tied up.
> Here is a patch to the drivers/net/wan/lmc/lmc_main.c file.

I got the previous one, here's a copy of my reply to the people who
weren't cc'd on that one.

Linus

--- in a previous email, Linus wrote ---

lmc_main.c is _soo_ broken than this patch only scratches the surface and
only hides a small small part of the offenders.

In particular, the fact that it does allocations with GFP_KERNEL while
holding a spinlock is the _least_ of its troubles: it also does a
"copy_from/to_user()" while holding the same spinlock (and has timeouts
of up to half a second with interrupts disabled from the same spinlock).

The kmalloc() is likely to succeed: a copy_from_user() can be trivially
made to cause IO every time by a wily user.

In short, the whole locking strategy is broken, and there's no way to fix
it with small micro-patches. So not applied.

(And it also looks like your sanity checker doesn't trap "copy to/from
user space with spinlocks held or irq's disabled", hint hint ;).

Btw, what's the right address to send this kind of feedback to the
stanford group?

Good work by the checker, btw. it's not your fault that the problem goes
deeper than what you found.

Thanks,

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/