Commit aa1311b4 authored by Simon Guinot's avatar Simon Guinot Committed by Sasha Levin

kernel/resource.c: fix muxed resource handling in __request_region()

[ Upstream commit 59ceeaaf ]

In __request_region, if a conflict with a BUSY and MUXED resource is
detected, then the caller goes to sleep and waits for the resource to be
released.  A pointer on the conflicting resource is kept.  At wake-up
this pointer is used as a parent to retry to request the region.

A first problem is that this pointer might well be invalid (if for
example the conflicting resource have already been freed).  Another
problem is that the next call to __request_region() fails to detect a
remaining conflict.  The previously conflicting resource is passed as a
parameter and __request_region() will look for a conflict among the
children of this resource and not at the resource itself.  It is likely
to succeed anyway, even if there is still a conflict.

Instead, the parent of the conflicting resource should be passed to
__request_region().

As a fix, this patch doesn't update the parent resource pointer in the
case we have to wait for a muxed region right after.
Reported-and-tested-by: default avatarVincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: default avatarSimon Guinot <simon.guinot@sequanux.org>
Tested-by: default avatarVincent Donnefort <vdonnefort@gmail.com>
Cc: stable@kernel.org
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
parent 474510b4
...@@ -1072,10 +1072,11 @@ struct resource * __request_region(struct resource *parent, ...@@ -1072,10 +1072,11 @@ struct resource * __request_region(struct resource *parent,
if (!conflict) if (!conflict)
break; break;
if (conflict != parent) { if (conflict != parent) {
if (!(conflict->flags & IORESOURCE_BUSY)) {
parent = conflict; parent = conflict;
if (!(conflict->flags & IORESOURCE_BUSY))
continue; continue;
} }
}
if (conflict->flags & flags & IORESOURCE_MUXED) { if (conflict->flags & flags & IORESOURCE_MUXED) {
add_wait_queue(&muxed_resource_wait, &wait); add_wait_queue(&muxed_resource_wait, &wait);
write_unlock(&resource_lock); write_unlock(&resource_lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment