From afcf462a1fd78cc372aefd9fe352e2dc2f237937 Mon Sep 17 00:00:00 2001 From: Dongxiao Xu Date: Sun, 31 May 2009 14:44:01 +0800 Subject: [PATCH] Staging: heci: fix the problem that file_ext->state should be protected by device_lock While access file_ext->state, we should use device_lock to protect it. The original codes miss this in some places. Signed-off-by: Dongxiao Xu Signed-off-by: Greg Kroah-Hartman --- drivers/staging/heci/heci_init.c | 9 +++++++-- drivers/staging/heci/heci_main.c | 15 ++++++++++++--- drivers/staging/heci/io_heci.c | 8 +++++++- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/drivers/staging/heci/heci_init.c b/drivers/staging/heci/heci_init.c index 427f55d7b262..31fd891c099d 100644 --- a/drivers/staging/heci/heci_init.c +++ b/drivers/staging/heci/heci_init.c @@ -998,8 +998,12 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev, if ((!dev) || (!file_ext)) return -ENODEV; - if (file_ext->state != HECI_FILE_DISCONNECTING) + spin_lock_bh(&dev->device_lock); + if (file_ext->state != HECI_FILE_DISCONNECTING) { + spin_unlock_bh(&dev->device_lock); return 0; + } + spin_unlock_bh(&dev->device_lock); priv_cb = kzalloc(sizeof(struct heci_cb_private), GFP_KERNEL); if (!priv_cb) @@ -1031,6 +1035,8 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev, err = wait_event_timeout(dev->wait_recvd_msg, (HECI_FILE_DISCONNECTED == file_ext->state), timeout * HZ); + + spin_lock_bh(&dev->device_lock); if (HECI_FILE_DISCONNECTED == file_ext->state) { rets = 0; DBG("successfully disconnected from fw client.\n"); @@ -1045,7 +1051,6 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev, DBG("failed to disconnect from fw client.\n"); } - spin_lock_bh(&dev->device_lock); heci_flush_list(&dev->ctrl_rd_list, file_ext); heci_flush_list(&dev->ctrl_wr_list, file_ext); spin_unlock_bh(&dev->device_lock); diff --git a/drivers/staging/heci/heci_main.c b/drivers/staging/heci/heci_main.c index 1197803fda85..ddf48227e358 100644 --- a/drivers/staging/heci/heci_main.c +++ b/drivers/staging/heci/heci_main.c @@ -751,7 +751,9 @@ static int heci_open(struct inode *inode, struct file *file) (1 << (file_ext->host_client_id % 8)); spin_unlock_bh(&dev->device_lock); spin_lock(&file_ext->file_lock); + spin_lock_bh(&dev->device_lock); file_ext->state = HECI_FILE_INITIALIZING; + spin_unlock_bh(&dev->device_lock); file_ext->sm_state = 0; file->private_data = file_ext; @@ -785,8 +787,10 @@ static int heci_release(struct inode *inode, struct file *file) if (file_ext != &dev->iamthif_file_ext) { spin_lock(&file_ext->file_lock); + spin_lock_bh(&dev->device_lock); if (file_ext->state == HECI_FILE_CONNECTED) { file_ext->state = HECI_FILE_DISCONNECTING; + spin_unlock_bh(&dev->device_lock); spin_unlock(&file_ext->file_lock); DBG("disconnecting client host client = %d, " "ME client = %d\n", @@ -794,8 +798,8 @@ static int heci_release(struct inode *inode, struct file *file) file_ext->me_client_id); rets = heci_disconnect_host_client(dev, file_ext); spin_lock(&file_ext->file_lock); + spin_lock_bh(&dev->device_lock); } - spin_lock_bh(&dev->device_lock); heci_flush_queues(dev, file_ext); DBG("remove client host client = %d, ME client = %d\n", file_ext->host_client_id, @@ -983,12 +987,15 @@ static ssize_t heci_read(struct file *file, char __user *ubuf, return -ERESTARTSYS; } + spin_lock_bh(&dev->device_lock); if (HECI_FILE_INITIALIZING == file_ext->state || HECI_FILE_DISCONNECTED == file_ext->state || HECI_FILE_DISCONNECTING == file_ext->state) { + spin_unlock_bh(&dev->device_lock); rets = -EBUSY; goto out; } + spin_unlock_bh(&dev->device_lock); spin_lock_bh(&file_ext->read_io_lock); } @@ -1225,6 +1232,7 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf, priv_write_cb->request_buffer.size = length; spin_lock(&file_ext->write_io_lock); + spin_lock_bh(&dev->device_lock); DBG("host client = %d, ME client = %d\n", file_ext->host_client_id, file_ext->me_client_id); if (file_ext->state != HECI_FILE_CONNECTED) { @@ -1232,7 +1240,7 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf, DBG("host client = %d, is not connected to ME client = %d", file_ext->host_client_id, file_ext->me_client_id); - + spin_unlock_bh(&dev->device_lock); goto unlock; } for (i = 0; i < dev->num_heci_me_clients; i++) { @@ -1243,15 +1251,16 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf, BUG_ON(dev->me_clients[i].client_id != file_ext->me_client_id); if (i == dev->num_heci_me_clients) { rets = -ENODEV; + spin_unlock_bh(&dev->device_lock); goto unlock; } if (length > dev->me_clients[i].props.max_msg_length || length <= 0) { rets = -EINVAL; + spin_unlock_bh(&dev->device_lock); goto unlock; } priv_write_cb->file_private = file_ext; - spin_lock_bh(&dev->device_lock); if (flow_ctrl_creds(dev, file_ext) && dev->host_buffer_is_empty) { spin_unlock_bh(&dev->device_lock); diff --git a/drivers/staging/heci/io_heci.c b/drivers/staging/heci/io_heci.c index 0d7f31bed566..1a6faf88e16c 100644 --- a/drivers/staging/heci/io_heci.c +++ b/drivers/staging/heci/io_heci.c @@ -297,6 +297,7 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num, if (!heci_connect(dev, file_ext)) { rets = -ENODEV; spin_unlock_bh(&dev->device_lock); + spin_unlock(&file_ext->file_lock); goto end; } else { file_ext->timer_count = HECI_CONNECT_TIMEOUT; @@ -320,7 +321,9 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num, || HECI_FILE_DISCONNECTED == file_ext->state), timeout * HZ); + spin_lock_bh(&dev->device_lock); if (HECI_FILE_CONNECTED == file_ext->state) { + spin_unlock_bh(&dev->device_lock); DBG("successfully connected to FW client.\n"); rets = file_ext->status; /* now copy the data to user space */ @@ -337,6 +340,7 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num, } else { DBG("failed to connect to FW client.file_ext->state = %d.\n", file_ext->state); + spin_unlock_bh(&dev->device_lock); if (!err) { DBG("wait_event_interruptible_timeout failed on client" " connect message fw response message.\n"); @@ -637,11 +641,13 @@ int heci_start_read(struct iamt_heci_device *dev, int if_num, DBG("received wrong function input param.\n"); return -ENODEV; } + + spin_lock_bh(&dev->device_lock); if (file_ext->state != HECI_FILE_CONNECTED) { + spin_unlock_bh(&dev->device_lock); return -ENODEV; } - spin_lock_bh(&dev->device_lock); if (dev->heci_state != HECI_ENABLED) { spin_unlock_bh(&dev->device_lock); return -ENODEV; -- 2.30.2