From patchwork Fri Jun 3 20:00:03 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Herrmann X-Patchwork-Id: 848252 Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p53K2hth014010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 3 Jun 2011 20:03:06 GMT Received: from canuck.infradead.org ([2001:4978:20e::1]) by merlin.infradead.org with esmtps (Exim 4.76 #1 (Red Hat Linux)) id 1QSaZn-000334-VY; Fri, 03 Jun 2011 20:02:36 +0000 Received: from localhost ([127.0.0.1] helo=canuck.infradead.org) by canuck.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux)) id 1QSaZn-0004Qj-MU; Fri, 03 Jun 2011 20:02:35 +0000 Received: from mail-bw0-f49.google.com ([209.85.214.49]) by canuck.infradead.org with esmtps (Exim 4.76 #1 (Red Hat Linux)) id 1QSaZk-0004QP-87 for linux-arm-kernel@lists.infradead.org; Fri, 03 Jun 2011 20:02:33 +0000 Received: by bwz1 with SMTP id 1so2881438bwz.36 for ; Fri, 03 Jun 2011 13:02:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:from:to:cc:subject:date:message-id:x-mailer; bh=zsSY/pU9fm2k+BSCgAKxtgHGa3EccrGkKyXYxVr76Fk=; b=bt9xmdXgw2P3MzrlxyQF9J85vkT9sI6c626M+ERKceWCUNjNnCjE1lm536py2q4DME v1JY9+5ZgSSfJUIIpT7zpxBENDF5vd2Uf3JyUSLOI2xSF9LgYTpMEXjNVi7GQ8J6TTw0 QMNlezILcYxm8ohBMcFZKXhK0BE2w/fn3P6sg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; b=cnoNHPBpGtOzy6wj7kUQSZmmhX3+iNu9CTAcEEBgd+sSVuzuHY92d7y6biWALFegdD JLhSV24rNw4j5zGlrsJAXyZfRgfBOrfX+40f3Xzy/YGaO6EMVbHBIVHKkxrqwlfKc77s aBzAIJWTDBH+nfSIX9f3QK++TizRpQPQPVOKk= Received: by 10.204.127.1 with SMTP id e1mr2319736bks.77.1307131348401; Fri, 03 Jun 2011 13:02:28 -0700 (PDT) Received: from localhost.localdomain (pavelherrmann.kolej.mff.cuni.cz [78.128.197.20]) by mx.google.com with ESMTPS id af13sm1493902bkc.7.2011.06.03.13.02.26 (version=SSLv3 cipher=OTHER); Fri, 03 Jun 2011 13:02:27 -0700 (PDT) From: Pavel Herrmann To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v2] MAX1111: Fix Race condition causing NULL pointer exception Date: Fri, 3 Jun 2011 22:00:03 +0200 Message-Id: <1307131203-10845-1-git-send-email-morpheus.ibis@gmail.com> X-Mailer: git-send-email 1.7.5.rc3 X-CRM114-Version: 20090807-BlameThorstenAndJenny ( TRE 0.7.6 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20110603_160232_654684_B673FE7A X-CRM114-Status: GOOD ( 15.09 ) X-Spam-Score: -0.8 (/) X-Spam-Report: SpamAssassin version 3.3.1 on canuck.infradead.org summary: Content analysis details: (-0.8 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [209.85.214.49 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is freemail (morpheus.ibis[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 RFC_ABUSE_POST Both abuse and postmaster missing on sender domain 0.0 T_TO_NO_BRKTS_FREEMAIL T_TO_NO_BRKTS_FREEMAIL Cc: eric.y.miao@gmail.com, metan@ucw.cz, Pavel Herrmann , stable@kernel.org, utx@penguin.cz, marek.vasut@gmail.com, pavel@ucw.cz, zaurus-devel@www.linuxtogo.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: linux-arm-kernel-bounces@lists.infradead.org Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Fri, 03 Jun 2011 20:03:22 +0000 (UTC) spi_sync call uses its spi_message parameter to keep completion information, having this structure static is not thread-safe, potentially causing one thread having pointers to memory on or above other threads stack. use mutex to prevent multiple access Signed-off-by: Pavel Herrmann Acked-by: Russell King Acked-by: Pavel Machek Acked-by: Marek Vasut Acked-by: Cyril Hrubis --- drivers/hwmon/max1111.c | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/drivers/hwmon/max1111.c b/drivers/hwmon/max1111.c index 12a54aa..d872f57 100644 --- a/drivers/hwmon/max1111.c +++ b/drivers/hwmon/max1111.c @@ -40,6 +40,7 @@ struct max1111_data { struct spi_transfer xfer[2]; uint8_t *tx_buf; uint8_t *rx_buf; + struct mutex msg_lock_mutex; }; static int max1111_read(struct device *dev, int channel) @@ -48,6 +49,11 @@ static int max1111_read(struct device *dev, int channel) uint8_t v1, v2; int err; + /* spi_sync requires data not to be freed before function returns + * for static data, any access is dangerous, use locks + */ + mutex_lock(&data->msg_lock_mutex); + data->tx_buf[0] = (channel << MAX1111_CTRL_SEL_SH) | MAX1111_CTRL_PD0 | MAX1111_CTRL_PD1 | MAX1111_CTRL_SGL | MAX1111_CTRL_UNI | MAX1111_CTRL_STR; @@ -55,12 +61,15 @@ static int max1111_read(struct device *dev, int channel) err = spi_sync(data->spi, &data->msg); if (err < 0) { dev_err(dev, "spi_sync failed with %d\n", err); + mutex_unlock(&data->msg_lock_mutex); return err; } v1 = data->rx_buf[0]; v2 = data->rx_buf[1]; + mutex_unlock(&data->msg_lock_mutex); + if ((v1 & 0xc0) || (v2 & 0x3f)) return -EINVAL; @@ -176,6 +185,8 @@ static int __devinit max1111_probe(struct spi_device *spi) if (err) goto err_free_data; + mutex_init(&data->msg_lock_mutex); + data->spi = spi; spi_set_drvdata(spi, data); @@ -213,6 +224,7 @@ static int __devexit max1111_remove(struct spi_device *spi) hwmon_device_unregister(data->hwmon_dev); sysfs_remove_group(&spi->dev.kobj, &max1111_attr_group); + mutex_destroy(data->msg_lock_mutex); kfree(data->rx_buf); kfree(data->tx_buf); kfree(data);