scsi: aacraid: Fix udev inquiry race condition
authorRaghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Wed, 27 Dec 2017 04:34:22 +0000 (20:34 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 3 Feb 2018 16:38:53 +0000 (17:38 +0100)
commit f4e8708d3104437fd7716e957f38c265b0c509ef upstream.

When udev requests for a devices inquiry string, it might create multiple
threads causing a race condition on the shared inquiry resource string.

Created a buffer with the string for each thread.

Fixes: 3bc8070fb75b3315 ([SCSI] aacraid: SMC vendor identification)
Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/scsi/aacraid/aachba.c

index af3e4d3f9735fdc3430eea0ea05cc1a78e2fa306..548a3e73f10a8106201a39b4642696b3bd14692c 100644 (file)
@@ -913,8 +913,16 @@ static void setinqstr(struct aac_dev *dev, void *data, int tindex)
        memset(str, ' ', sizeof(*str));
 
        if (sup_adap_info->adapter_type_text[0]) {
-               char *cp = sup_adap_info->adapter_type_text;
                int c;
+               char *cp;
+               char *cname = kmemdup(sup_adap_info->adapter_type_text,
+                               sizeof(sup_adap_info->adapter_type_text),
+                                                               GFP_ATOMIC);
+
+               if (!cname)
+                       return;
+
+               cp = cname;
                if ((cp[0] == 'A') && (cp[1] == 'O') && (cp[2] == 'C'))
                        inqstrcpy("SMC", str->vid);
                else {
@@ -923,7 +931,7 @@ static void setinqstr(struct aac_dev *dev, void *data, int tindex)
                                ++cp;
                        c = *cp;
                        *cp = '\0';
-                       inqstrcpy(sup_adap_info->adapter_type_text, str->vid);
+                       inqstrcpy(cname, str->vid);
                        *cp = c;
                        while (*cp && *cp != ' ')
                                ++cp;
@@ -937,8 +945,8 @@ static void setinqstr(struct aac_dev *dev, void *data, int tindex)
                        cp[sizeof(str->pid)] = '\0';
                }
                inqstrcpy (cp, str->pid);
-               if (c)
-                       cp[sizeof(str->pid)] = c;
+
+               kfree(cname);
        } else {
                struct aac_driver_ident *mp = aac_get_driver_ident(dev->cardtype);