aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/misc/ibmasm/command.c
diff options
context:
space:
mode:
authorMax Asbock <masbock@us.ibm.com>2005-06-21 20:16:36 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-06-21 22:07:35 -0400
commit8818760512424f60ad9fafb7a087b007a9274eb3 (patch)
treefb49ce398750f42803d4631a24e4a2ffe35d79d7 /drivers/misc/ibmasm/command.c
parent278d72ae8803ffcd16070c95fe1d53f4466dc741 (diff)
[PATCH] ibmasm driver: fix race in command refcount logic
This patch fixes a race in the command reference counting logic by putting spinlocks around kobject_put() in the command_put function. - Also added debug messages. - Changed a memcpy to memcpy_fromio since we are reading from io space. Signed-off-by: Max Asbock <masbock@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'drivers/misc/ibmasm/command.c')
-rw-r--r--drivers/misc/ibmasm/command.c30
1 files changed, 24 insertions, 6 deletions
diff --git a/drivers/misc/ibmasm/command.c b/drivers/misc/ibmasm/command.c
index 245b0058381d..07a085ccbd5b 100644
--- a/drivers/misc/ibmasm/command.c
+++ b/drivers/misc/ibmasm/command.c
@@ -23,6 +23,7 @@
23 */ 23 */
24 24
25#include "ibmasm.h" 25#include "ibmasm.h"
26#include "lowlevel.h"
26 27
27static void exec_next_command(struct service_processor *sp); 28static void exec_next_command(struct service_processor *sp);
28static void free_command(struct kobject *kobj); 29static void free_command(struct kobject *kobj);
@@ -31,8 +32,9 @@ static struct kobj_type ibmasm_cmd_kobj_type = {
31 .release = free_command, 32 .release = free_command,
32}; 33};
33 34
35static atomic_t command_count = ATOMIC_INIT(0);
34 36
35struct command *ibmasm_new_command(size_t buffer_size) 37struct command *ibmasm_new_command(struct service_processor *sp, size_t buffer_size)
36{ 38{
37 struct command *cmd; 39 struct command *cmd;
38 40
@@ -55,11 +57,15 @@ struct command *ibmasm_new_command(size_t buffer_size)
55 57
56 kobject_init(&cmd->kobj); 58 kobject_init(&cmd->kobj);
57 cmd->kobj.ktype = &ibmasm_cmd_kobj_type; 59 cmd->kobj.ktype = &ibmasm_cmd_kobj_type;
60 cmd->lock = &sp->lock;
58 61
59 cmd->status = IBMASM_CMD_PENDING; 62 cmd->status = IBMASM_CMD_PENDING;
60 init_waitqueue_head(&cmd->wait); 63 init_waitqueue_head(&cmd->wait);
61 INIT_LIST_HEAD(&cmd->queue_node); 64 INIT_LIST_HEAD(&cmd->queue_node);
62 65
66 atomic_inc(&command_count);
67 dbg("command count: %d\n", atomic_read(&command_count));
68
63 return cmd; 69 return cmd;
64} 70}
65 71
@@ -68,6 +74,8 @@ static void free_command(struct kobject *kobj)
68 struct command *cmd = to_command(kobj); 74 struct command *cmd = to_command(kobj);
69 75
70 list_del(&cmd->queue_node); 76 list_del(&cmd->queue_node);
77 atomic_dec(&command_count);
78 dbg("command count: %d\n", atomic_read(&command_count));
71 kfree(cmd->buffer); 79 kfree(cmd->buffer);
72 kfree(cmd); 80 kfree(cmd);
73} 81}
@@ -94,8 +102,14 @@ static struct command *dequeue_command(struct service_processor *sp)
94 102
95static inline void do_exec_command(struct service_processor *sp) 103static inline void do_exec_command(struct service_processor *sp)
96{ 104{
105 char tsbuf[32];
106
107 dbg("%s:%d at %s\n", __FUNCTION__, __LINE__, get_timestamp(tsbuf));
108
97 if (ibmasm_send_i2o_message(sp)) { 109 if (ibmasm_send_i2o_message(sp)) {
98 sp->current_command->status = IBMASM_CMD_FAILED; 110 sp->current_command->status = IBMASM_CMD_FAILED;
111 wake_up(&sp->current_command->wait);
112 command_put(sp->current_command);
99 exec_next_command(sp); 113 exec_next_command(sp);
100 } 114 }
101} 115}
@@ -111,14 +125,16 @@ static inline void do_exec_command(struct service_processor *sp)
111void ibmasm_exec_command(struct service_processor *sp, struct command *cmd) 125void ibmasm_exec_command(struct service_processor *sp, struct command *cmd)
112{ 126{
113 unsigned long flags; 127 unsigned long flags;
128 char tsbuf[32];
129
130 dbg("%s:%d at %s\n", __FUNCTION__, __LINE__, get_timestamp(tsbuf));
114 131
115 spin_lock_irqsave(&sp->lock, flags); 132 spin_lock_irqsave(&sp->lock, flags);
116 133
117 if (!sp->current_command) { 134 if (!sp->current_command) {
118 command_get(cmd);
119 sp->current_command = cmd; 135 sp->current_command = cmd;
136 command_get(sp->current_command);
120 spin_unlock_irqrestore(&sp->lock, flags); 137 spin_unlock_irqrestore(&sp->lock, flags);
121
122 do_exec_command(sp); 138 do_exec_command(sp);
123 } else { 139 } else {
124 enqueue_command(sp, cmd); 140 enqueue_command(sp, cmd);
@@ -129,9 +145,9 @@ void ibmasm_exec_command(struct service_processor *sp, struct command *cmd)
129static void exec_next_command(struct service_processor *sp) 145static void exec_next_command(struct service_processor *sp)
130{ 146{
131 unsigned long flags; 147 unsigned long flags;
148 char tsbuf[32];
132 149
133 wake_up(&sp->current_command->wait); 150 dbg("%s:%d at %s\n", __FUNCTION__, __LINE__, get_timestamp(tsbuf));
134 command_put(sp->current_command);
135 151
136 spin_lock_irqsave(&sp->lock, flags); 152 spin_lock_irqsave(&sp->lock, flags);
137 sp->current_command = dequeue_command(sp); 153 sp->current_command = dequeue_command(sp);
@@ -169,7 +185,9 @@ void ibmasm_receive_command_response(struct service_processor *sp, void *respons
169 if (!sp->current_command) 185 if (!sp->current_command)
170 return; 186 return;
171 187
172 memcpy(cmd->buffer, response, min(size, cmd->buffer_size)); 188 memcpy_fromio(cmd->buffer, response, min(size, cmd->buffer_size));
173 cmd->status = IBMASM_CMD_COMPLETE; 189 cmd->status = IBMASM_CMD_COMPLETE;
190 wake_up(&sp->current_command->wait);
191 command_put(sp->current_command);
174 exec_next_command(sp); 192 exec_next_command(sp);
175} 193}