| Message ID | 20190111224637.GA7300@agluck-desk (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 0919871ac37fdcf46c7657da0f1742efe096b399 |
| Headers | show |
| Series | acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() | expand |
On Fri, Jan 11, 2019 at 2:46 PM Luck, Tony <tony.luck@intel.com> wrote: > > > Possible race accessing memdev structures after dropping the > mutex. Dan Williams says this could race against another thread > that is doing: > > # echo "ACPI0012:00" > /sys/bus/acpi/drivers/nfit/unbind > > Reported-by: Jane Chu <jane.chu@oracle.com> > Signed-off-by: Tony Luck <tony.luck@intel.com> > --- > > This time with a commit message and credit to Jane for finding it. Thanks, applied.
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index 011d3db19c80..22945bf803c8 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -721,6 +721,7 @@ int nfit_get_smbios_id(u32 device_handle, u16 *flags) struct acpi_nfit_memory_map *memdev; struct acpi_nfit_desc *acpi_desc; struct nfit_mem *nfit_mem; + u16 physical_id; mutex_lock(&acpi_desc_lock); list_for_each_entry(acpi_desc, &acpi_descs, list) { @@ -728,10 +729,11 @@ int nfit_get_smbios_id(u32 device_handle, u16 *flags) list_for_each_entry(nfit_mem, &acpi_desc->dimms, list) { memdev = __to_nfit_memdev(nfit_mem); if (memdev->device_handle == device_handle) { + *flags = memdev->flags; + physical_id = memdev->physical_id; mutex_unlock(&acpi_desc->init_mutex); mutex_unlock(&acpi_desc_lock); - *flags = memdev->flags; - return memdev->physical_id; + return physical_id; } } mutex_unlock(&acpi_desc->init_mutex);
Possible race accessing memdev structures after dropping the mutex. Dan Williams says this could race against another thread that is doing: # echo "ACPI0012:00" > /sys/bus/acpi/drivers/nfit/unbind Reported-by: Jane Chu <jane.chu@oracle.com> Signed-off-by: Tony Luck <tony.luck@intel.com> --- This time with a commit message and credit to Jane for finding it. drivers/acpi/nfit/core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)