diff options
| author | Simon Guinot <simon.guinot@sequanux.org> | 2015-09-09 18:15:18 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-02-20 11:57:52 -0500 |
| commit | 59ceeaaf355fa0fb16558ef7c24413c804932ada (patch) | |
| tree | f44384241bd98a08194039f112bd8f1e22c417cb /kernel/resource.c | |
| parent | 020ecbba0548cefc91c3c5de32c28a62bcf37ed9 (diff) | |
kernel/resource.c: fix muxed resource handling in __request_region()
In __request_region, if a conflict with a BUSY and MUXED resource is
detected, then the caller goes to sleep and waits for the resource to be
released. A pointer on the conflicting resource is kept. At wake-up
this pointer is used as a parent to retry to request the region.
A first problem is that this pointer might well be invalid (if for
example the conflicting resource have already been freed). Another
problem is that the next call to __request_region() fails to detect a
remaining conflict. The previously conflicting resource is passed as a
parameter and __request_region() will look for a conflict among the
children of this resource and not at the resource itself. It is likely
to succeed anyway, even if there is still a conflict.
Instead, the parent of the conflicting resource should be passed to
__request_region().
As a fix, this patch doesn't update the parent resource pointer in the
case we have to wait for a muxed region right after.
Reported-and-tested-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Simon Guinot <simon.guinot@sequanux.org>
Tested-by: Vincent Donnefort <vdonnefort@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/resource.c')
| -rw-r--r-- | kernel/resource.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/resource.c b/kernel/resource.c index 09c0597840b0..3669d1bfc425 100644 --- a/kernel/resource.c +++ b/kernel/resource.c | |||
| @@ -1083,9 +1083,10 @@ struct resource * __request_region(struct resource *parent, | |||
| 1083 | if (!conflict) | 1083 | if (!conflict) |
| 1084 | break; | 1084 | break; |
| 1085 | if (conflict != parent) { | 1085 | if (conflict != parent) { |
| 1086 | parent = conflict; | 1086 | if (!(conflict->flags & IORESOURCE_BUSY)) { |
| 1087 | if (!(conflict->flags & IORESOURCE_BUSY)) | 1087 | parent = conflict; |
| 1088 | continue; | 1088 | continue; |
| 1089 | } | ||
| 1089 | } | 1090 | } |
| 1090 | if (conflict->flags & flags & IORESOURCE_MUXED) { | 1091 | if (conflict->flags & flags & IORESOURCE_MUXED) { |
| 1091 | add_wait_queue(&muxed_resource_wait, &wait); | 1092 | add_wait_queue(&muxed_resource_wait, &wait); |