[PATCH] heci: fix the problem that file_ext->state should be protected by device_lock.

From: Dongxiao Xu
Date: Sun May 31 2009 - 10:53:21 EST

Next message: Jiri Slaby: "broken ide-tape"
Previous message: tom . leiming: "[PATCH 8/8] kernel:lockdep:add statistics info for max bfs queue depth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While access file_ext->state, we should use device_lock to protect it. The
original codes miss this in some places.

Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>
---
drivers/staging/heci/heci_init.c | 9 +++++++--
drivers/staging/heci/heci_main.c | 15 ++++++++++++---
drivers/staging/heci/io_heci.c | 8 +++++++-
3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/drivers/staging/heci/heci_init.c b/drivers/staging/heci/heci_init.c
index 427f55d..31fd891 100644
--- a/drivers/staging/heci/heci_init.c
+++ b/drivers/staging/heci/heci_init.c
@@ -998,8 +998,12 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev,
if ((!dev) || (!file_ext))
return -ENODEV;

- if (file_ext->state != HECI_FILE_DISCONNECTING)
+ spin_lock_bh(&dev->device_lock);
+ if (file_ext->state != HECI_FILE_DISCONNECTING) {
+ spin_unlock_bh(&dev->device_lock);
return 0;
+ }
+ spin_unlock_bh(&dev->device_lock);

priv_cb = kzalloc(sizeof(struct heci_cb_private), GFP_KERNEL);
if (!priv_cb)
@@ -1031,6 +1035,8 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev,
err = wait_event_timeout(dev->wait_recvd_msg,
(HECI_FILE_DISCONNECTED == file_ext->state),
timeout * HZ);
+
+ spin_lock_bh(&dev->device_lock);
if (HECI_FILE_DISCONNECTED == file_ext->state) {
rets = 0;
DBG("successfully disconnected from fw client.\n");
@@ -1045,7 +1051,6 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev,
DBG("failed to disconnect from fw client.\n");
}

- spin_lock_bh(&dev->device_lock);
heci_flush_list(&dev->ctrl_rd_list, file_ext);
heci_flush_list(&dev->ctrl_wr_list, file_ext);
spin_unlock_bh(&dev->device_lock);
diff --git a/drivers/staging/heci/heci_main.c b/drivers/staging/heci/heci_main.c
index 1e2f3db..b58e7e3 100644
--- a/drivers/staging/heci/heci_main.c
+++ b/drivers/staging/heci/heci_main.c
@@ -751,7 +751,9 @@ static int heci_open(struct inode *inode, struct file *file)
(1 << (file_ext->host_client_id % 8));
spin_unlock_bh(&dev->device_lock);
spin_lock(&file_ext->file_lock);
+ spin_lock_bh(&dev->device_lock);
file_ext->state = HECI_FILE_INITIALIZING;
+ spin_unlock_bh(&dev->device_lock);
file_ext->sm_state = 0;

file->private_data = file_ext;
@@ -785,8 +787,10 @@ static int heci_release(struct inode *inode, struct file *file)

if (file_ext != &dev->iamthif_file_ext) {
spin_lock(&file_ext->file_lock);
+ spin_lock_bh(&dev->device_lock);
if (file_ext->state == HECI_FILE_CONNECTED) {
file_ext->state = HECI_FILE_DISCONNECTING;
+ spin_unlock_bh(&dev->device_lock);
spin_unlock(&file_ext->file_lock);
DBG("disconnecting client host client = %d, "
"ME client = %d\n",
@@ -794,8 +798,8 @@ static int heci_release(struct inode *inode, struct file *file)
file_ext->me_client_id);
rets = heci_disconnect_host_client(dev, file_ext);
spin_lock(&file_ext->file_lock);
+ spin_lock_bh(&dev->device_lock);
}
- spin_lock_bh(&dev->device_lock);
heci_flush_queues(dev, file_ext);
DBG("remove client host client = %d, ME client = %d\n",
file_ext->host_client_id,
@@ -983,12 +987,15 @@ static ssize_t heci_read(struct file *file, char __user *ubuf,
return -ERESTARTSYS;
}

+ spin_lock_bh(&dev->device_lock);
if (HECI_FILE_INITIALIZING == file_ext->state ||
HECI_FILE_DISCONNECTED == file_ext->state ||
HECI_FILE_DISCONNECTING == file_ext->state) {
+ spin_unlock_bh(&dev->device_lock);
rets = -EBUSY;
goto out;
}
+ spin_unlock_bh(&dev->device_lock);
spin_lock_bh(&file_ext->read_io_lock);
}

@@ -1225,6 +1232,7 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf,
priv_write_cb->request_buffer.size = length;

spin_lock(&file_ext->write_io_lock);
+ spin_lock_bh(&dev->device_lock);
DBG("host client = %d, ME client = %d\n",
file_ext->host_client_id, file_ext->me_client_id);
if (file_ext->state != HECI_FILE_CONNECTED) {
@@ -1232,7 +1240,7 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf,
DBG("host client = %d, is not connected to ME client = %d",
file_ext->host_client_id,
file_ext->me_client_id);
-
+ spin_unlock_bh(&dev->device_lock);
goto unlock;
}
for (i = 0; i < dev->num_heci_me_clients; i++) {
@@ -1243,15 +1251,16 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf,
BUG_ON(dev->me_clients[i].client_id != file_ext->me_client_id);
if (i == dev->num_heci_me_clients) {
rets = -ENODEV;
+ spin_unlock_bh(&dev->device_lock);
goto unlock;
}
if (length > dev->me_clients[i].props.max_msg_length || length <= 0) {
rets = -EINVAL;
+ spin_unlock_bh(&dev->device_lock);
goto unlock;
}
priv_write_cb->file_private = file_ext;

- spin_lock_bh(&dev->device_lock);
if (flow_ctrl_creds(dev, file_ext) &&
dev->host_buffer_is_empty) {
spin_unlock_bh(&dev->device_lock);
diff --git a/drivers/staging/heci/io_heci.c b/drivers/staging/heci/io_heci.c
index 8131470..dadbee3 100644
--- a/drivers/staging/heci/io_heci.c
+++ b/drivers/staging/heci/io_heci.c
@@ -297,6 +297,7 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num,
if (!heci_connect(dev, file_ext)) {
rets = -ENODEV;
spin_unlock_bh(&dev->device_lock);
+ spin_unlock(&file_ext->file_lock);
goto end;
} else {
file_ext->timer_count = HECI_CONNECT_TIMEOUT;
@@ -320,7 +321,9 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num,
|| HECI_FILE_DISCONNECTED == file_ext->state),
timeout * HZ);

+ spin_lock_bh(&dev->device_lock);
if (HECI_FILE_CONNECTED == file_ext->state) {
+ spin_unlock_bh(&dev->device_lock);
DBG("successfully connected to FW client.\n");
rets = file_ext->status;
/* now copy the data to user space */
@@ -337,6 +340,7 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num,
} else {
DBG("failed to connect to FW client.file_ext->state = %d.\n",
file_ext->state);
+ spin_unlock_bh(&dev->device_lock);
if (!err) {
DBG("wait_event_interruptible_timeout failed on client"
" connect message fw response message.\n");
@@ -637,11 +641,13 @@ int heci_start_read(struct iamt_heci_device *dev, int if_num,
DBG("received wrong function input param.\n");
return -ENODEV;
}
+
+ spin_lock_bh(&dev->device_lock);
if (file_ext->state != HECI_FILE_CONNECTED) {
+ spin_unlock_bh(&dev->device_lock);
return -ENODEV;
}

- spin_lock_bh(&dev->device_lock);
if (dev->heci_state != HECI_ENABLED) {
spin_unlock_bh(&dev->device_lock);
return -ENODEV;
--
1.6.0.rc1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Slaby: "broken ide-tape"
Previous message: tom . leiming: "[PATCH 8/8] kernel:lockdep:add statistics info for max bfs queue depth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]