lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sun, 31 May 2009 14:43:42 +0800
From:	"Xu, Dongxiao" <dongxiao.xu@...el.com>
To:	"greg@...ah.com" <greg@...ah.com>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"Nashif, Anas" <anas.nashif@...el.com>,
	"Obara, Marcin" <marcin.obara@...el.com>
Subject: [Patch 03/08] Staging: heci - fix spinlock order mess of
 device_lock and read_io_lock

>From 9b174f63f42bb53dc8813e379196130c7fc19012 Mon Sep 17 00:00:00 2001
From: Dongxiao Xu <dongxiao.xu@...el.com>
Date: Sun, 31 May 2009 22:45:20 +0800
Subject: [PATCH] heci: fix spinlock order mess of device_lock and read_io_lock.

In orginal code, the device_lock and read_io_lock is mess order when nested,
which may bring dead lock. This patch unify the spinlock order of device_lock
and read_io_lock. First acquire device_lock, then read_io_lock.

Signed-off-by: Dongxiao Xu <dongxiao.xu@...el.com>
---
 drivers/staging/heci/heci_main.c |    2 +-
 drivers/staging/heci/io_heci.c   |   17 +++++++++++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/heci/heci_main.c b/drivers/staging/heci/heci_main.c
index ad62550..5494ab5 100644
--- a/drivers/staging/heci/heci_main.c
+++ b/drivers/staging/heci/heci_main.c
@@ -954,8 +954,8 @@ static ssize_t heci_read(struct file *file, char __user *ubuf,
 		goto out;
 	}
 
-	spin_lock(&file_ext->read_io_lock);
 	err = heci_start_read(dev, if_num, file_ext);
+	spin_lock(&file_ext->read_io_lock);
 	if (err != 0 && err != -EBUSY) {
 		DBG("heci start read failure with status = %d\n", err);
 		spin_unlock(&file_ext->read_io_lock);
diff --git a/drivers/staging/heci/io_heci.c b/drivers/staging/heci/io_heci.c
index 26882a2..8a44fd5 100644
--- a/drivers/staging/heci/io_heci.c
+++ b/drivers/staging/heci/io_heci.c
@@ -637,8 +637,9 @@ int heci_start_read(struct iamt_heci_device *dev, int if_num,
 		DBG("received wrong function input param.\n");
 		return -ENODEV;
 	}
-	if (file_ext->state != HECI_FILE_CONNECTED)
+	if (file_ext->state != HECI_FILE_CONNECTED) {
 		return -ENODEV;
+	}
 
 	spin_lock_bh(&dev->device_lock);
 	if (dev->heci_state != HECI_ENABLED) {
@@ -647,18 +648,26 @@ int heci_start_read(struct iamt_heci_device *dev, int if_num,
 	}
 	spin_unlock_bh(&dev->device_lock);
 	DBG("check if read is pending.\n");
+	spin_lock(&file_ext->read_io_lock);
 	if ((file_ext->read_pending) || (file_ext->read_cb != NULL)) {
 		DBG("read is pending.\n");
+		spin_unlock(&file_ext->read_io_lock);
 		return -EBUSY;
 	}
+	spin_unlock(&file_ext->read_io_lock);
+
 	priv_cb = kzalloc(sizeof(struct heci_cb_private), GFP_KERNEL);
 	if (!priv_cb)
 		return -ENOMEM;
 
+	spin_lock(&file_ext->read_io_lock);
 	DBG("allocation call back success\n"
 	    "host client = %d, ME client = %d\n",
 	    file_ext->host_client_id, file_ext->me_client_id);
+	spin_unlock(&file_ext->read_io_lock);
+
 	spin_lock_bh(&dev->device_lock);
+	spin_lock(&file_ext->read_io_lock);
 	for (i = 0; i < dev->num_heci_me_clients; i++) {
 		if (dev->me_clients[i].client_id == file_ext->me_client_id)
 			break;
@@ -666,6 +675,7 @@ int heci_start_read(struct iamt_heci_device *dev, int if_num,
 	}
 
 	BUG_ON(dev->me_clients[i].client_id != file_ext->me_client_id);
+	spin_unlock(&file_ext->read_io_lock);
 	if (i == dev->num_heci_me_clients) {
 		rets = -ENODEV;
 		goto unlock;
@@ -684,12 +694,14 @@ int heci_start_read(struct iamt_heci_device *dev, int if_num,
 	/* make sure information is zero before we start */
 	priv_cb->information = 0;
 	priv_cb->file_private = (void *) file_ext;
-	file_ext->read_cb = priv_cb;
 	spin_lock_bh(&dev->device_lock);
+	spin_lock(&file_ext->read_io_lock);
+	file_ext->read_cb = priv_cb;
 	if (dev->host_buffer_is_empty) {
 		dev->host_buffer_is_empty = 0;
 		if (!heci_send_flow_control(dev, file_ext)) {
 			rets = -ENODEV;
+			spin_unlock(&file_ext->read_io_lock);
 			goto unlock;
 		} else {
 			list_add_tail(&priv_cb->cb_list,
@@ -699,6 +711,7 @@ int heci_start_read(struct iamt_heci_device *dev, int if_num,
 		list_add_tail(&priv_cb->cb_list,
 			      &dev->ctrl_wr_list.heci_cb.cb_list);
 	}
+	spin_unlock(&file_ext->read_io_lock);
 	spin_unlock_bh(&dev->device_lock);
 	return rets;
 unlock:
-- 
1.6.0.rc1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ