From 303729f39994de7787addfd51016d72915fc1360 Mon Sep 17 00:00:00 2001 From: Armin Schindler <armin@melware.de> Date: Sun, 25 Apr 2004 19:10:23 -0700 Subject: [PATCH] [PATCH] ISDN CAPI: add ncci list semaphore Fix race conditions of ISDN CAPI's internal ncci list handling by using a per capidev semaphore. --- drivers/isdn/capi/capi.c | 40 +++++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c index 3071399bf455..d606bd485f8f 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -1,4 +1,4 @@ -/* $Id: capi.c,v 1.1.2.4 2004/03/29 10:38:02 armin Exp $ +/* $Id: capi.c,v 1.1.2.6 2004/04/26 09:33:07 armin Exp $ * * CAPI 2.0 Interface for Linux * @@ -45,7 +45,7 @@ #include "capifs.h" #endif -static char *revision = "$Revision: 1.1.2.4 $"; +static char *revision = "$Revision: 1.1.2.6 $"; MODULE_DESCRIPTION("CAPI4Linux: Userspace /dev/capi20 interface"); MODULE_AUTHOR("Carsten Paeth"); @@ -136,6 +136,8 @@ struct capidev { wait_queue_head_t recvwait; struct capincci *nccis; + + struct semaphore ncci_list_sem; }; /* -------- global variables ---------------------------------------- */ @@ -378,6 +380,7 @@ static struct capidev *capidev_alloc(void) return 0; memset(cdev, 0, sizeof(struct capidev)); + init_MUTEX(&cdev->ncci_list_sem); skb_queue_head_init(&cdev->recvqueue); init_waitqueue_head(&cdev->recvwait); write_lock_irqsave(&capidev_list_lock, flags); @@ -396,6 +399,10 @@ static void capidev_free(struct capidev *cdev) } skb_queue_purge(&cdev->recvqueue); + down(&cdev->ncci_list_sem); + capincci_free(cdev, 0xffffffff); + up(&cdev->ncci_list_sem); + write_lock_irqsave(&capidev_list_lock, flags); list_del(&cdev->list); write_unlock_irqrestore(&capidev_list_lock, flags); @@ -569,11 +576,16 @@ static void capi_recv_message(struct capi20_appl *ap, struct sk_buff *skb) if (CAPIMSG_CMD(skb->data) == CAPI_CONNECT_B3_CONF) { u16 info = CAPIMSG_U16(skb->data, 12); // Info field - if (info == 0) + if (info == 0) { + down(&cdev->ncci_list_sem); capincci_alloc(cdev, CAPIMSG_NCCI(skb->data)); + up(&cdev->ncci_list_sem); + } } if (CAPIMSG_CMD(skb->data) == CAPI_CONNECT_B3_IND) { + down(&cdev->ncci_list_sem); capincci_alloc(cdev, CAPIMSG_NCCI(skb->data)); + up(&cdev->ncci_list_sem); } if (CAPIMSG_COMMAND(skb->data) != CAPI_DATA_B3) { skb_queue_tail(&cdev->recvqueue, skb); @@ -716,8 +728,9 @@ capi_write(struct file *file, const char *buf, size_t count, loff_t *ppos) CAPIMSG_SETAPPID(skb->data, cdev->ap.applid); if (CAPIMSG_CMD(skb->data) == CAPI_DISCONNECT_B3_RESP) { + down(&cdev->ncci_list_sem); capincci_free(cdev, CAPIMSG_NCCI(skb->data)); - + up(&cdev->ncci_list_sem); } cdev->errcode = capi20_put_message(&cdev->ap, skb); @@ -904,13 +917,17 @@ capi_ioctl(struct inode *inode, struct file *file, if (copy_from_user((void *)&ncci, (void *)arg, sizeof(ncci))) return -EFAULT; - nccip = capincci_find(cdev, (u32) ncci); - if (!nccip) + + down(&cdev->ncci_list_sem); + if ((nccip = capincci_find(cdev, (u32) ncci)) == 0) { + up(&cdev->ncci_list_sem); return 0; + } #ifdef CONFIG_ISDN_CAPI_MIDDLEWARE if ((mp = nccip->minorp) != 0) { count += atomic_read(&mp->ttyopencount); } + up(&cdev->ncci_list_sem); #endif /* CONFIG_ISDN_CAPI_MIDDLEWARE */ return count; } @@ -922,13 +939,19 @@ capi_ioctl(struct inode *inode, struct file *file, struct capincci *nccip; struct capiminor *mp; unsigned ncci; + int unit = 0; if (copy_from_user((void *)&ncci, (void *)arg, sizeof(ncci))) return -EFAULT; + down(&cdev->ncci_list_sem); nccip = capincci_find(cdev, (u32) ncci); - if (!nccip || (mp = nccip->minorp) == 0) + if (!nccip || (mp = nccip->minorp) == 0) { + up(&cdev->ncci_list_sem); return -ESRCH; - return mp->minor; + } + unit = mp->minor; + up(&cdev->ncci_list_sem); + return unit; } return 0; #endif /* CONFIG_ISDN_CAPI_MIDDLEWARE */ @@ -953,7 +976,6 @@ capi_release(struct inode *inode, struct file *file) { struct capidev *cdev = (struct capidev *)file->private_data; - capincci_free(cdev, 0xffffffff); capidev_free(cdev); file->private_data = NULL; -- 2.30.9