Commit b8d61d49 authored by Jens Taprogge's avatar Jens Taprogge Committed by Greg Kroah-Hartman

Staging: ipack/bridges/tpci200: RCU protect slot_irq pointers.

In tpci200_request_irq as well as tpci200_free_irq we set and unset the
pointer to struct slot_irq.  This pointer is accessed in
tpci200_interrupt.  To ensure that the pointer is not freed after it has
been fetched in tpci200_interrupt() it is now protected through RCU.
Signed-off-by: default avatarJens Taprogge <jens.taprogge@taprogge.org>
Signed-off-by: default avatarSamuel Iglesias Gonsalvez <siglesias@igalia.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 699a89f1
...@@ -132,10 +132,11 @@ static irqreturn_t tpci200_interrupt(int irq, void *dev_id) ...@@ -132,10 +132,11 @@ static irqreturn_t tpci200_interrupt(int irq, void *dev_id)
if (status_reg & TPCI200_SLOT_INT_MASK) { if (status_reg & TPCI200_SLOT_INT_MASK) {
/* callback to the IRQ handler for the corresponding slot */ /* callback to the IRQ handler for the corresponding slot */
rcu_read_lock();
for (i = 0; i < TPCI200_NB_SLOT; i++) { for (i = 0; i < TPCI200_NB_SLOT; i++) {
if (!(status_reg & ((TPCI200_A_INT0 | TPCI200_A_INT1) << (2*i)))) if (!(status_reg & ((TPCI200_A_INT0 | TPCI200_A_INT1) << (2*i))))
continue; continue;
slot_irq = tpci200->slots[i].irq; slot_irq = rcu_dereference(tpci200->slots[i].irq);
if (slot_irq) { if (slot_irq) {
ret = tpci200_slot_irq(slot_irq); ret = tpci200_slot_irq(slot_irq);
} else { } else {
...@@ -147,6 +148,7 @@ static irqreturn_t tpci200_interrupt(int irq, void *dev_id) ...@@ -147,6 +148,7 @@ static irqreturn_t tpci200_interrupt(int irq, void *dev_id)
TPCI200_INT0_EN | TPCI200_INT1_EN); TPCI200_INT0_EN | TPCI200_INT1_EN);
} }
} }
rcu_read_unlock();
} }
return ret; return ret;
...@@ -303,9 +305,9 @@ static int tpci200_free_irq(struct ipack_device *dev) ...@@ -303,9 +305,9 @@ static int tpci200_free_irq(struct ipack_device *dev)
__tpci200_free_irq(tpci200, dev); __tpci200_free_irq(tpci200, dev);
slot_irq = tpci200->slots[dev->slot].irq; slot_irq = tpci200->slots[dev->slot].irq;
tpci200->slots[dev->slot].irq = NULL; RCU_INIT_POINTER(tpci200->slots[dev->slot].irq, NULL);
synchronize_rcu();
kfree(slot_irq); kfree(slot_irq);
mutex_unlock(&tpci200->mutex); mutex_unlock(&tpci200->mutex);
return 0; return 0;
} }
...@@ -490,7 +492,7 @@ static int tpci200_request_irq(struct ipack_device *dev, int vector, ...@@ -490,7 +492,7 @@ static int tpci200_request_irq(struct ipack_device *dev, int vector,
slot_irq->arg = arg; slot_irq->arg = arg;
slot_irq->holder = dev; slot_irq->holder = dev;
tpci200->slots[dev->slot].irq = slot_irq; rcu_assign_pointer(tpci200->slots[dev->slot].irq, slot_irq);
res = __tpci200_request_irq(tpci200, dev); res = __tpci200_request_irq(tpci200, dev);
out_unlock: out_unlock:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment