raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-06 10:00:17 +00:00
Code Issues Projects Releases Wiki Activity

vchiq_arm: Access the dequeue_pending flag locked

Browse Source 
Reading through this code looking for another problem (now found in userland)
the use of dequeue_pending outside a lock didn't seem safe.

Signed-off-by: Phil Elwell <phil@raspberrypi.org>
This commit is contained in:
Phil Elwell
2016-03-23 14:16:25 +00:00
committed by popcornmix
parent 92fe78e652
commit e51112d7c3
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.c
View File

@@ -279,6 +279,7 @@ service_callback(VCHIQ_REASON_T reason, VCHIQ_HEADER_T *header,
USER_SERVICE_T *user_service; USER_SERVICE_T *user_service;
VCHIQ_SERVICE_T *service; VCHIQ_SERVICE_T *service;
VCHIQ_INSTANCE_T instance; VCHIQ_INSTANCE_T instance;
int skip_completion = 0;
DEBUG_INITIALISE(g_state.local) DEBUG_INITIALISE(g_state.local)
DEBUG_TRACE(SERVICE_CALLBACK_LINE); DEBUG_TRACE(SERVICE_CALLBACK_LINE);
@@ -345,9 +346,6 @@ service_callback(VCHIQ_REASON_T reason, VCHIQ_HEADER_T *header,
user_service->msg_queue[user_service->msg_insert & user_service->msg_queue[user_service->msg_insert &
(MSG_QUEUE_SIZE - 1)] = header; (MSG_QUEUE_SIZE - 1)] = header;
user_service->msg_insert++; user_service->msg_insert++;
spin_unlock(&msg_queue_spinlock);
up(&user_service->insert_event);
/* If there is a thread waiting in DEQUEUE_MESSAGE, or if /* If there is a thread waiting in DEQUEUE_MESSAGE, or if
** there is a MESSAGE_AVAILABLE in the completion queue then ** there is a MESSAGE_AVAILABLE in the completion queue then
@@ -356,13 +354,22 @@ service_callback(VCHIQ_REASON_T reason, VCHIQ_HEADER_T *header,
if (((user_service->message_available_pos - if (((user_service->message_available_pos -
instance->completion_remove) >= 0) || instance->completion_remove) >= 0) ||
user_service->dequeue_pending) { user_service->dequeue_pending) {
DEBUG_TRACE(SERVICE_CALLBACK_LINE);
user_service->dequeue_pending = 0; user_service->dequeue_pending = 0;
return VCHIQ_SUCCESS; skip_completion = 1;
} }
spin_unlock(&msg_queue_spinlock);
up(&user_service->insert_event);
header = NULL; header = NULL;
} }
if (skip_completion) {
DEBUG_TRACE(SERVICE_CALLBACK_LINE);
return VCHIQ_SUCCESS;
}
DEBUG_TRACE(SERVICE_CALLBACK_LINE); DEBUG_TRACE(SERVICE_CALLBACK_LINE);
return add_completion(instance, reason, header, user_service, return add_completion(instance, reason, header, user_service,