From: Rafael J. Wysocki <[email protected]>
Since commit 3757b94 (ACPI / hotplug: Fix concurrency issues and
memory leaks) acpi_bus_scan() and acpi_bus_trim() must always be
called under acpi_scan_lock, but currently the following scenario
violating that requirement is possible:
write_undock()
handle_eject_request()
hotplug_dock_devices()
dock_remove_acpi_device()
acpi_bus_trim()
Fix that by making write_undock() acquire acpi_scan_lock before
calling handle_eject_request() as appropriate (begin_undock() is
under the lock too in analogy with acpi_dock_deferred_cb()).
Signed-off-by: Rafael J. Wysocki <[email protected]>
Cc: 3.9+ <[email protected]>
---
drivers/acpi/dock.c | 2 ++
1 file changed, 2 insertions(+)
Index: linux-pm/drivers/acpi/dock.c
===================================================================
--- linux-pm.orig/drivers/acpi/dock.c
+++ linux-pm/drivers/acpi/dock.c
@@ -868,8 +868,10 @@ static ssize_t write_undock(struct devic
if (!count)
return -EINVAL;
+ acpi_scan_lock_acquire();
begin_undock(dock_station);
ret = handle_eject_request(dock_station, ACPI_NOTIFY_EJECT_REQUEST);
+ acpi_scan_lock_release();
return ret ? ret: count;
}
static DEVICE_ATTR(undock, S_IWUSR, NULL, write_undock);
On Sun, 2013-06-16 at 00:16 +0200, Rafael J. Wysocki wrote:
> From: Rafael J. Wysocki <[email protected]>
>
> Since commit 3757b94 (ACPI / hotplug: Fix concurrency issues and
> memory leaks) acpi_bus_scan() and acpi_bus_trim() must always be
> called under acpi_scan_lock, but currently the following scenario
> violating that requirement is possible:
>
> write_undock()
> handle_eject_request()
> hotplug_dock_devices()
> dock_remove_acpi_device()
> acpi_bus_trim()
>
> Fix that by making write_undock() acquire acpi_scan_lock before
> calling handle_eject_request() as appropriate (begin_undock() is
> under the lock too in analogy with acpi_dock_deferred_cb()).
>
> Signed-off-by: Rafael J. Wysocki <[email protected]>
Looks good.
Acked-by: Toshi Kani <[email protected]>
Thanks,
-Toshi
> Cc: 3.9+ <[email protected]>
> ---
> drivers/acpi/dock.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> Index: linux-pm/drivers/acpi/dock.c
> ===================================================================
> --- linux-pm.orig/drivers/acpi/dock.c
> +++ linux-pm/drivers/acpi/dock.c
> @@ -868,8 +868,10 @@ static ssize_t write_undock(struct devic
> if (!count)
> return -EINVAL;
>
> + acpi_scan_lock_acquire();
> begin_undock(dock_station);
> ret = handle_eject_request(dock_station, ACPI_NOTIFY_EJECT_REQUEST);
> + acpi_scan_lock_release();
> return ret ? ret: count;
> }
> static DEVICE_ATTR(undock, S_IWUSR, NULL, write_undock);
>
On Tuesday, June 18, 2013 03:28:37 PM Toshi Kani wrote:
> On Sun, 2013-06-16 at 00:16 +0200, Rafael J. Wysocki wrote:
> > From: Rafael J. Wysocki <[email protected]>
> >
> > Since commit 3757b94 (ACPI / hotplug: Fix concurrency issues and
> > memory leaks) acpi_bus_scan() and acpi_bus_trim() must always be
> > called under acpi_scan_lock, but currently the following scenario
> > violating that requirement is possible:
> >
> > write_undock()
> > handle_eject_request()
> > hotplug_dock_devices()
> > dock_remove_acpi_device()
> > acpi_bus_trim()
> >
> > Fix that by making write_undock() acquire acpi_scan_lock before
> > calling handle_eject_request() as appropriate (begin_undock() is
> > under the lock too in analogy with acpi_dock_deferred_cb()).
> >
> > Signed-off-by: Rafael J. Wysocki <[email protected]>
>
> Looks good.
>
> Acked-by: Toshi Kani <[email protected]>
Thanks!
--
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.