diff options
author | Taku Izumi <izumi.taku@jp.fujitsu.com> | 2008-10-17 13:48:36 +0900 |
---|---|---|
committer | Jesse Barnes <jbarnes@virtuousgeek.org> | 2008-10-22 16:42:33 -0700 |
commit | 9778c14b4ca2c81e437fc2fd2b1f3d676937db27 (patch) | |
tree | ecd32dcf1fae311e7caaa400f492051aeb2c66a1 | |
parent | 2515ddc6db8eb49a79f0fe5e67ff09ac7c81eab4 (diff) | |
download | op-kernel-dev-9778c14b4ca2c81e437fc2fd2b1f3d676937db27.zip op-kernel-dev-9778c14b4ca2c81e437fc2fd2b1f3d676937db27.tar.gz |
ACPI/PCI: Fix possible race condition on _OSC evaluation
Fix possible race condition on _OSC evaluation.
Current _OSC evaluation code has possible race condition because it
maniputes osc_data linked list or its contents without any lock
mechanism.
Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
-rw-r--r-- | drivers/pci/pci-acpi.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c index 89a2f0f..14848bf 100644 --- a/drivers/pci/pci-acpi.c +++ b/drivers/pci/pci-acpi.c @@ -35,6 +35,8 @@ struct acpi_osc_args { u32 query_result; }; +static DEFINE_MUTEX(pci_acpi_lock); + static struct acpi_osc_data *acpi_get_osc_data(acpi_handle handle) { struct acpi_osc_data *data; @@ -131,10 +133,12 @@ static acpi_status acpi_query_osc(acpi_handle handle, if (ACPI_FAILURE(status)) return status; + mutex_lock(&pci_acpi_lock); osc_data = acpi_get_osc_data(handle); if (!osc_data) { printk(KERN_ERR "acpi osc data array is full\n"); - return AE_ERROR; + status = AE_ERROR; + goto out; } /* do _OSC query for all possible controls */ @@ -149,7 +153,8 @@ static acpi_status acpi_query_osc(acpi_handle handle, osc_data->query_result = osc_args.query_result; osc_data->is_queried = 1; } - +out: + mutex_unlock(&pci_acpi_lock); return status; } @@ -190,19 +195,25 @@ acpi_status pci_osc_control_set(acpi_handle handle, u32 flags) if (ACPI_FAILURE(status)) return status; + mutex_lock(&pci_acpi_lock); osc_data = acpi_get_osc_data(handle); if (!osc_data) { printk(KERN_ERR "acpi osc data array is full\n"); - return AE_ERROR; + status = AE_ERROR; + goto out; } ctrlset = (flags & OSC_CONTROL_MASKS); - if (!ctrlset) - return AE_TYPE; + if (!ctrlset) { + status = AE_TYPE; + goto out; + } if (osc_data->is_queried && - ((osc_data->query_result & ctrlset) != ctrlset)) - return AE_SUPPORT; + ((osc_data->query_result & ctrlset) != ctrlset)) { + status = AE_SUPPORT; + goto out; + } control_set = osc_data->control_set | ctrlset; osc_args.capbuf[OSC_QUERY_TYPE] = 0; @@ -211,7 +222,8 @@ acpi_status pci_osc_control_set(acpi_handle handle, u32 flags) status = acpi_run_osc(handle, &osc_args); if (ACPI_SUCCESS(status)) osc_data->control_set = control_set; - +out: + mutex_unlock(&pci_acpi_lock); return status; } EXPORT_SYMBOL(pci_osc_control_set); |