From patchwork Fri Jul 10 05:18:10 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe JAILLET X-Patchwork-Id: 6761351 Return-Path: X-Original-To: patchwork-linux-scsi@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id E381AC05AC for ; Fri, 10 Jul 2015 05:18:23 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id D3E652068A for ; Fri, 10 Jul 2015 05:18:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7D727205AA for ; Fri, 10 Jul 2015 05:18:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752160AbbGJFSU (ORCPT ); Fri, 10 Jul 2015 01:18:20 -0400 Received: from smtp09.smtpout.orange.fr ([80.12.242.131]:47342 "EHLO smtp.smtpout.orange.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751163AbbGJFSS (ORCPT ); Fri, 10 Jul 2015 01:18:18 -0400 Received: from localhost.localdomain ([92.140.216.36]) by mwinf5d32 with ME id qVJD1q00D0nhuJ403VJDcd; Fri, 10 Jul 2015 07:18:15 +0200 X-ME-Helo: localhost.localdomain X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI= X-ME-Date: Fri, 10 Jul 2015 07:18:15 +0200 X-ME-IP: 92.140.216.36 From: Christophe JAILLET To: JBottomley@odin.com Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, Christophe JAILLET Subject: [PATCH] arcmsr: Fix a potential data corruption issue Date: Fri, 10 Jul 2015 07:18:10 +0200 Message-Id: <1436505490-9640-1-git-send-email-christophe.jaillet@wanadoo.fr> X-Mailer: git-send-email 2.1.4 X-Antivirus: avast! (VPS 150709-2, 09/07/2015), Outbound message X-Antivirus-Status: Clean Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Resetting rqbuffer or wqbuffer must be done within a critial section in order to avoir potential data corruption. Signed-off-by: Christophe JAILLET --- This change is *untested* because I don't have the corresponding hardware. However, it should'nt have any evil side effect (just a few lines of code moved from outside to within a spin_lock) This just a "guess" based on the other uses of the 2 buffers within the code. It is also inspired on how things are done in arcmsr_hba.c (see line #2390) So please ignore if not relevant. --- drivers/scsi/arcmsr/arcmsr_attr.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/scsi/arcmsr/arcmsr_attr.c b/drivers/scsi/arcmsr/arcmsr_attr.c index 9c86481..2ad970d 100644 --- a/drivers/scsi/arcmsr/arcmsr_attr.c +++ b/drivers/scsi/arcmsr/arcmsr_attr.c @@ -171,22 +171,21 @@ static ssize_t arcmsr_sysfs_iop_message_clear(struct file *filp, return -EACCES; arcmsr_clear_iop2drv_rqueue_buffer(acb); - acb->acb_flags |= - (ACB_F_MESSAGE_WQBUFFER_CLEARED - | ACB_F_MESSAGE_RQBUFFER_CLEARED - | ACB_F_MESSAGE_WQBUFFER_READED); spin_lock_irqsave(&acb->rqbuffer_lock, flags); + acb->acb_flags |= ACB_F_MESSAGE_RQBUFFER_CLEARED; acb->rqbuf_getIndex = 0; acb->rqbuf_putIndex = 0; + pQbuffer = acb->rqbuffer; + memset(pQbuffer, 0, sizeof (struct QBUFFER)); spin_unlock_irqrestore(&acb->rqbuffer_lock, flags); spin_lock_irqsave(&acb->wqbuffer_lock, flags); + acb->acb_flags |= (ACB_F_MESSAGE_WQBUFFER_CLEARED | + ACB_F_MESSAGE_WQBUFFER_READED); acb->wqbuf_getIndex = 0; acb->wqbuf_putIndex = 0; - spin_unlock_irqrestore(&acb->wqbuffer_lock, flags); - pQbuffer = acb->rqbuffer; - memset(pQbuffer, 0, sizeof (struct QBUFFER)); pQbuffer = acb->wqbuffer; memset(pQbuffer, 0, sizeof (struct QBUFFER)); + spin_unlock_irqrestore(&acb->wqbuffer_lock, flags); return 1; }