[eepro100] Possible race condition

[Alexander Gdalevich]

Greetings!

May be I am just being picky, but there seems to be a possible race 
condition in the receive handler in the gnu eepro100 driver.

In speedo_rx() routine, after removing filled rx buffers it proceeds to 
refill the queue.  The function inserts a new buffer in the queue, updates 
link on the previous one, and then clears the suspend&last bits in the 
status feild of the previous RFD.  The exact line in the code is
sp->last_rxf->status &= cpu_to_le32(~0xC0000000);

There is a tiny possibility that this will happen just as device is about to 
update the status bits.  If this happens the driver will overwrite the 
status bits with the old value.

On transmit side this possibility, however insignificant, is accounted for.  
Both speedo_resume() and speedo_start_xmit() functions use clear_suspend() 
macro that modifies only one byte rather than an entire word.

What do you think?

Best wishes,
                       Alex.



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp