From: sjur.brandeland@stericsson.com <sjur.brandeland@stericsson.com>
Date: Thu, 2 Feb 2012 01:21:02 +0000 (+0000)
Subject: caif: Bugfix list_del_rcu race in cfmuxl_ctrlcmd.
X-Git-Tag: v3.3-rc4~34^2~50
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b01377a4200d0dfc7b04a8daabb4739727353703;p=pandora-kernel.git

caif: Bugfix list_del_rcu race in cfmuxl_ctrlcmd.

Always use cfmuxl_remove_uplayer when removing a up-layer.
cfmuxl_ctrlcmd() can be called independently and in parallel with
cfmuxl_remove_uplayer(). The race between them could cause list_del_rcu
to be called on a node which has been already taken out from the list.
That lead to a (rare) crash on accessing poisoned node->prev inside
list_del_rcu.

This fix ensures that deletion are done holding the same lock.

Reported-by: Dmitry Tarnyagin <dmitry.tarnyagin@stericsson.com>
Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed