diff options
| author | Lars-Peter Clausen <lars@metafoo.de> | 2010-05-11 20:10:54 -0400 |
|---|---|---|
| committer | Samuel Ortiz <sameo@linux.intel.com> | 2010-05-27 19:37:49 -0400 |
| commit | 6438a694b670cd188c2fd2f75e0cd6b0ae21bea9 (patch) | |
| tree | dd53c02d505042d8ff6cedbd48f7f84a49d8878f | |
| parent | 0aeee5d4f6aa9bd28373907727937b7935d0434c (diff) | |
mfd: pcf50633-adc: Fix potential race in pcf50633_adc_sync_read
Currently it's not guaranteed that request struct is not already freed when
reading from it. Fix this by moving synced request related fields from the
pcf50633_adc_request struct to its own struct and store it on the functions
stack.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| -rw-r--r-- | drivers/mfd/pcf50633-adc.c | 39 |
1 files changed, 15 insertions, 24 deletions
diff --git a/drivers/mfd/pcf50633-adc.c b/drivers/mfd/pcf50633-adc.c index fe8f922f6654..aed0d2a9b032 100644 --- a/drivers/mfd/pcf50633-adc.c +++ b/drivers/mfd/pcf50633-adc.c | |||
| @@ -30,13 +30,13 @@ | |||
| 30 | struct pcf50633_adc_request { | 30 | struct pcf50633_adc_request { |
| 31 | int mux; | 31 | int mux; |
| 32 | int avg; | 32 | int avg; |
| 33 | int result; | ||
| 34 | void (*callback)(struct pcf50633 *, void *, int); | 33 | void (*callback)(struct pcf50633 *, void *, int); |
| 35 | void *callback_param; | 34 | void *callback_param; |
| 35 | }; | ||
| 36 | 36 | ||
| 37 | /* Used in case of sync requests */ | 37 | struct pcf50633_adc_sync_request { |
| 38 | int result; | ||
| 38 | struct completion completion; | 39 | struct completion completion; |
| 39 | |||
| 40 | }; | 40 | }; |
| 41 | 41 | ||
| 42 | #define PCF50633_MAX_ADC_FIFO_DEPTH 8 | 42 | #define PCF50633_MAX_ADC_FIFO_DEPTH 8 |
| @@ -109,10 +109,10 @@ adc_enqueue_request(struct pcf50633 *pcf, struct pcf50633_adc_request *req) | |||
| 109 | return 0; | 109 | return 0; |
| 110 | } | 110 | } |
| 111 | 111 | ||
| 112 | static void | 112 | static void pcf50633_adc_sync_read_callback(struct pcf50633 *pcf, void *param, |
| 113 | pcf50633_adc_sync_read_callback(struct pcf50633 *pcf, void *param, int result) | 113 | int result) |
| 114 | { | 114 | { |
| 115 | struct pcf50633_adc_request *req = param; | 115 | struct pcf50633_adc_sync_request *req = param; |
| 116 | 116 | ||
| 117 | req->result = result; | 117 | req->result = result; |
| 118 | complete(&req->completion); | 118 | complete(&req->completion); |
| @@ -120,28 +120,19 @@ pcf50633_adc_sync_read_callback(struct pcf50633 *pcf, void *param, int result) | |||
| 120 | 120 | ||
| 121 | int pcf50633_adc_sync_read(struct pcf50633 *pcf, int mux, int avg) | 121 | int pcf50633_adc_sync_read(struct pcf50633 *pcf, int mux, int avg) |
| 122 | { | 122 | { |
| 123 | struct pcf50633_adc_request *req; | 123 | struct pcf50633_adc_sync_request req; |
| 124 | int err; | 124 | int ret; |
| 125 | 125 | ||
| 126 | /* req is freed when the result is ready, in interrupt handler */ | 126 | init_completion(&req.completion); |
| 127 | req = kzalloc(sizeof(*req), GFP_KERNEL); | ||
| 128 | if (!req) | ||
| 129 | return -ENOMEM; | ||
| 130 | |||
| 131 | req->mux = mux; | ||
| 132 | req->avg = avg; | ||
| 133 | req->callback = pcf50633_adc_sync_read_callback; | ||
| 134 | req->callback_param = req; | ||
| 135 | 127 | ||
| 136 | init_completion(&req->completion); | 128 | ret = pcf50633_adc_async_read(pcf, mux, avg, |
| 137 | err = adc_enqueue_request(pcf, req); | 129 | pcf50633_adc_sync_read_callback, &req); |
| 138 | if (err) | 130 | if (ret) |
| 139 | return err; | 131 | return ret; |
| 140 | 132 | ||
| 141 | wait_for_completion(&req->completion); | 133 | wait_for_completion(&req.completion); |
| 142 | 134 | ||
| 143 | /* FIXME by this time req might be already freed */ | 135 | return req.result; |
| 144 | return req->result; | ||
| 145 | } | 136 | } |
| 146 | EXPORT_SYMBOL_GPL(pcf50633_adc_sync_read); | 137 | EXPORT_SYMBOL_GPL(pcf50633_adc_sync_read); |
| 147 | 138 | ||