[PATCH] ibmasm driver: fix race in command refcount logic
This patch fixes a race in the command reference counting logic by putting
spinlocks around kobject_put() in the command_put function.
- Also added debug messages.
- Changed a memcpy to memcpy_fromio since we are reading from io space.
Signed-off-by: Max Asbock <masbock@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/drivers/misc/ibmasm/dot_command.c b/drivers/misc/ibmasm/dot_command.c
index 478a8d8..13c52f8 100644
--- a/drivers/misc/ibmasm/dot_command.c
+++ b/drivers/misc/ibmasm/dot_command.c
@@ -33,7 +33,13 @@
u32 size;
struct dot_command_header *header = (struct dot_command_header *)message;
+ if (message_size == 0)
+ return;
+
size = get_dot_command_size(message);
+ if (size == 0)
+ return;
+
if (size > message_size)
size = message_size;
@@ -67,7 +73,7 @@
u8 *vpd_data;
int result = 0;
- command = ibmasm_new_command(INIT_BUFFER_SIZE);
+ command = ibmasm_new_command(sp, INIT_BUFFER_SIZE);
if (command == NULL)
return -ENOMEM;
@@ -121,7 +127,7 @@
struct os_state_command *os_state_cmd;
int result = 0;
- cmd = ibmasm_new_command(sizeof(struct os_state_command));
+ cmd = ibmasm_new_command(sp, sizeof(struct os_state_command));
if (cmd == NULL)
return -ENOMEM;