aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Weinhuber <wein@de.ibm.com>2010-05-12 03:32:11 -0400
committerMartin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com>2010-05-12 03:32:26 -0400
commit1c1e093cbf6d3a7576ba0bd10363362a1c5c74ee (patch)
treea3970653539aa4a9b71536a204efbe7d5ba8ff07
parentcea0d767c29669bf89f86e4aee46ef462d2ebae8 (diff)
[S390] dasd: fix race between tasklet and dasd_sleep_on
The various dasd_sleep_on functions use a global wait queue when waiting for a cqr. The wait condition checks the status and devlist fields of the cqr to determine if it is safe to continue. This evaluation may return true, although the tasklet has not finished processing of the cqr and the callback function has not been called yet. When the callback is finally called, the data in the cqr may already be invalid. The sleep_on wait condition needs a safe way to determine if the tasklet has finished processing. Use the callback_data field of the cqr to store a token, which is set by the callback function itself. Cc: <stable@kernel.org> Signed-off-by: Stefan Weinhuber <wein@de.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r--drivers/s390/block/dasd.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/drivers/s390/block/dasd.c b/drivers/s390/block/dasd.c
index acf222f91f5a..fa2339cb1681 100644
--- a/drivers/s390/block/dasd.c
+++ b/drivers/s390/block/dasd.c
@@ -37,6 +37,9 @@
37 */ 37 */
38#define DASD_CHANQ_MAX_SIZE 4 38#define DASD_CHANQ_MAX_SIZE 4
39 39
40#define DASD_SLEEPON_START_TAG (void *) 1
41#define DASD_SLEEPON_END_TAG (void *) 2
42
40/* 43/*
41 * SECTION: exported variables of dasd.c 44 * SECTION: exported variables of dasd.c
42 */ 45 */
@@ -1472,7 +1475,10 @@ void dasd_add_request_tail(struct dasd_ccw_req *cqr)
1472 */ 1475 */
1473static void dasd_wakeup_cb(struct dasd_ccw_req *cqr, void *data) 1476static void dasd_wakeup_cb(struct dasd_ccw_req *cqr, void *data)
1474{ 1477{
1475 wake_up((wait_queue_head_t *) data); 1478 spin_lock_irq(get_ccwdev_lock(cqr->startdev->cdev));
1479 cqr->callback_data = DASD_SLEEPON_END_TAG;
1480 spin_unlock_irq(get_ccwdev_lock(cqr->startdev->cdev));
1481 wake_up(&generic_waitq);
1476} 1482}
1477 1483
1478static inline int _wait_for_wakeup(struct dasd_ccw_req *cqr) 1484static inline int _wait_for_wakeup(struct dasd_ccw_req *cqr)
@@ -1482,10 +1488,7 @@ static inline int _wait_for_wakeup(struct dasd_ccw_req *cqr)
1482 1488
1483 device = cqr->startdev; 1489 device = cqr->startdev;
1484 spin_lock_irq(get_ccwdev_lock(device->cdev)); 1490 spin_lock_irq(get_ccwdev_lock(device->cdev));
1485 rc = ((cqr->status == DASD_CQR_DONE || 1491 rc = (cqr->callback_data == DASD_SLEEPON_END_TAG);
1486 cqr->status == DASD_CQR_NEED_ERP ||
1487 cqr->status == DASD_CQR_TERMINATED) &&
1488 list_empty(&cqr->devlist));
1489 spin_unlock_irq(get_ccwdev_lock(device->cdev)); 1492 spin_unlock_irq(get_ccwdev_lock(device->cdev));
1490 return rc; 1493 return rc;
1491} 1494}
@@ -1573,7 +1576,7 @@ static int _dasd_sleep_on(struct dasd_ccw_req *maincqr, int interruptible)
1573 wait_event(generic_waitq, !(device->stopped)); 1576 wait_event(generic_waitq, !(device->stopped));
1574 1577
1575 cqr->callback = dasd_wakeup_cb; 1578 cqr->callback = dasd_wakeup_cb;
1576 cqr->callback_data = (void *) &generic_waitq; 1579 cqr->callback_data = DASD_SLEEPON_START_TAG;
1577 dasd_add_request_tail(cqr); 1580 dasd_add_request_tail(cqr);
1578 if (interruptible) { 1581 if (interruptible) {
1579 rc = wait_event_interruptible( 1582 rc = wait_event_interruptible(
@@ -1652,7 +1655,7 @@ int dasd_sleep_on_immediatly(struct dasd_ccw_req *cqr)
1652 } 1655 }
1653 1656
1654 cqr->callback = dasd_wakeup_cb; 1657 cqr->callback = dasd_wakeup_cb;
1655 cqr->callback_data = (void *) &generic_waitq; 1658 cqr->callback_data = DASD_SLEEPON_START_TAG;
1656 cqr->status = DASD_CQR_QUEUED; 1659 cqr->status = DASD_CQR_QUEUED;
1657 list_add(&cqr->devlist, &device->ccw_queue); 1660 list_add(&cqr->devlist, &device->ccw_queue);
1658 1661