Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 9778c14b4ca2c81e437fc2fd2b1f3d676937db27^! / . / drivers / pci
commit9778c14b4ca2c81e437fc2fd2b1f3d676937db27[log] [tgz]
authorTaku Izumi <izumi.taku@jp.fujitsu.com>Fri Oct 17 13:48:36 2008 +0900
committerJesse Barnes <jbarnes@virtuousgeek.org>Wed Oct 22 16:42:33 2008 -0700
treeecd32dcf1fae311e7caaa400f492051aeb2c66a1
parent2515ddc6db8eb49a79f0fe5e67ff09ac7c81eab4 [diff]
ACPI/PCI: Fix possible race condition on _OSC evaluation

Fix possible race condition on _OSC evaluation.

Current _OSC evaluation code has possible race condition because it
maniputes osc_data linked list or its contents without any lock
mechanism.

Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>

diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c
index 89a2f0f..14848bf 100644
--- a/drivers/pci/pci-acpi.c
+++ b/drivers/pci/pci-acpi.c

@@ -35,6 +35,8 @@
 	u32 query_result;
 };
 
+static DEFINE_MUTEX(pci_acpi_lock);
+
 static struct acpi_osc_data *acpi_get_osc_data(acpi_handle handle)
 {
 	struct acpi_osc_data *data;
@@ -131,10 +133,12 @@
 	if (ACPI_FAILURE(status))
 		return status;
 
+	mutex_lock(&pci_acpi_lock);
 	osc_data = acpi_get_osc_data(handle);
 	if (!osc_data) {
 		printk(KERN_ERR "acpi osc data array is full\n");
-		return AE_ERROR;
+		status = AE_ERROR;
+		goto out;
 	}
 
 	/* do _OSC query for all possible controls */
@@ -149,7 +153,8 @@
 		osc_data->query_result = osc_args.query_result;
 		osc_data->is_queried = 1;
 	}
-
+out:
+	mutex_unlock(&pci_acpi_lock);
 	return status;
 }
 
@@ -190,19 +195,25 @@
 	if (ACPI_FAILURE(status))
 		return status;
 
+	mutex_lock(&pci_acpi_lock);
 	osc_data = acpi_get_osc_data(handle);
 	if (!osc_data) {
 		printk(KERN_ERR "acpi osc data array is full\n");
-		return AE_ERROR;
+		status = AE_ERROR;
+		goto out;
 	}
 
 	ctrlset = (flags & OSC_CONTROL_MASKS);
-	if (!ctrlset)
-		return AE_TYPE;
+	if (!ctrlset) {
+		status = AE_TYPE;
+		goto out;
+	}
 
 	if (osc_data->is_queried &&
-	    ((osc_data->query_result & ctrlset) != ctrlset))
-		return AE_SUPPORT;
+	    ((osc_data->query_result & ctrlset) != ctrlset)) {
+		status = AE_SUPPORT;
+		goto out;
+	}
 
 	control_set = osc_data->control_set | ctrlset;
 	osc_args.capbuf[OSC_QUERY_TYPE] = 0;
@@ -211,7 +222,8 @@
 	status = acpi_run_osc(handle, &osc_args);
 	if (ACPI_SUCCESS(status))
 		osc_data->control_set = control_set;
-
+out:
+	mutex_unlock(&pci_acpi_lock);
 	return status;
 }
 EXPORT_SYMBOL(pci_osc_control_set);