Staging: heci: fix the problem that file_ext->state should be protected by device_lock
authorDongxiao Xu <dongxiao.xu@intel.com>
Sun, 31 May 2009 06:44:01 +0000 (14:44 +0800)
committerGreg Kroah-Hartman <gregkh@suse.de>
Fri, 19 Jun 2009 18:00:55 +0000 (11:00 -0700)
While access file_ext->state, we should use device_lock to protect it. The
original codes miss this in some places.

Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/staging/heci/heci_init.c
drivers/staging/heci/heci_main.c
drivers/staging/heci/io_heci.c

index 427f55d7b262879cd05901bc3274c734245e43ce..31fd891c099dfff33c2e43afd3bc8ebb92995046 100644 (file)
@@ -998,8 +998,12 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev,
        if ((!dev) || (!file_ext))
                return -ENODEV;
 
-       if (file_ext->state != HECI_FILE_DISCONNECTING)
+       spin_lock_bh(&dev->device_lock);
+       if (file_ext->state != HECI_FILE_DISCONNECTING) {
+               spin_unlock_bh(&dev->device_lock);
                return 0;
+       }
+       spin_unlock_bh(&dev->device_lock);
 
        priv_cb = kzalloc(sizeof(struct heci_cb_private), GFP_KERNEL);
        if (!priv_cb)
@@ -1031,6 +1035,8 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev,
        err = wait_event_timeout(dev->wait_recvd_msg,
                 (HECI_FILE_DISCONNECTED == file_ext->state),
                 timeout * HZ);
+
+       spin_lock_bh(&dev->device_lock);
        if (HECI_FILE_DISCONNECTED == file_ext->state) {
                rets = 0;
                DBG("successfully disconnected from fw client.\n");
@@ -1045,7 +1051,6 @@ int heci_disconnect_host_client(struct iamt_heci_device *dev,
                DBG("failed to disconnect from fw client.\n");
        }
 
-       spin_lock_bh(&dev->device_lock);
        heci_flush_list(&dev->ctrl_rd_list, file_ext);
        heci_flush_list(&dev->ctrl_wr_list, file_ext);
        spin_unlock_bh(&dev->device_lock);
index 1197803fda8556053a02d3844ef55dc0d7ee5d0b..ddf48227e3584aaf66bf6ed35dbac2d398d84381 100644 (file)
@@ -751,7 +751,9 @@ static int heci_open(struct inode *inode, struct file *file)
                (1 << (file_ext->host_client_id % 8));
        spin_unlock_bh(&dev->device_lock);
        spin_lock(&file_ext->file_lock);
+       spin_lock_bh(&dev->device_lock);
        file_ext->state = HECI_FILE_INITIALIZING;
+       spin_unlock_bh(&dev->device_lock);
        file_ext->sm_state = 0;
 
        file->private_data = file_ext;
@@ -785,8 +787,10 @@ static int heci_release(struct inode *inode, struct file *file)
 
        if (file_ext != &dev->iamthif_file_ext) {
                spin_lock(&file_ext->file_lock);
+               spin_lock_bh(&dev->device_lock);
                if (file_ext->state == HECI_FILE_CONNECTED) {
                        file_ext->state = HECI_FILE_DISCONNECTING;
+                       spin_unlock_bh(&dev->device_lock);
                        spin_unlock(&file_ext->file_lock);
                        DBG("disconnecting client host client = %d, "
                            "ME client = %d\n",
@@ -794,8 +798,8 @@ static int heci_release(struct inode *inode, struct file *file)
                            file_ext->me_client_id);
                        rets = heci_disconnect_host_client(dev, file_ext);
                        spin_lock(&file_ext->file_lock);
+                       spin_lock_bh(&dev->device_lock);
                }
-               spin_lock_bh(&dev->device_lock);
                heci_flush_queues(dev, file_ext);
                DBG("remove client host client = %d, ME client = %d\n",
                    file_ext->host_client_id,
@@ -983,12 +987,15 @@ static ssize_t heci_read(struct file *file, char __user *ubuf,
                        return -ERESTARTSYS;
                }
 
+               spin_lock_bh(&dev->device_lock);
                if (HECI_FILE_INITIALIZING == file_ext->state ||
                    HECI_FILE_DISCONNECTED == file_ext->state ||
                    HECI_FILE_DISCONNECTING == file_ext->state) {
+                       spin_unlock_bh(&dev->device_lock);
                        rets = -EBUSY;
                        goto out;
                }
+               spin_unlock_bh(&dev->device_lock);
                spin_lock_bh(&file_ext->read_io_lock);
        }
 
@@ -1225,6 +1232,7 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf,
        priv_write_cb->request_buffer.size = length;
 
        spin_lock(&file_ext->write_io_lock);
+       spin_lock_bh(&dev->device_lock);
        DBG("host client = %d, ME client = %d\n",
            file_ext->host_client_id, file_ext->me_client_id);
        if (file_ext->state != HECI_FILE_CONNECTED) {
@@ -1232,7 +1240,7 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf,
                DBG("host client = %d,  is not connected to ME client = %d",
                    file_ext->host_client_id,
                    file_ext->me_client_id);
-
+               spin_unlock_bh(&dev->device_lock);
                goto unlock;
        }
        for (i = 0; i < dev->num_heci_me_clients; i++) {
@@ -1243,15 +1251,16 @@ static ssize_t heci_write(struct file *file, const char __user *ubuf,
        BUG_ON(dev->me_clients[i].client_id != file_ext->me_client_id);
        if (i == dev->num_heci_me_clients) {
                rets = -ENODEV;
+               spin_unlock_bh(&dev->device_lock);
                goto unlock;
        }
        if (length > dev->me_clients[i].props.max_msg_length || length <= 0) {
                rets = -EINVAL;
+               spin_unlock_bh(&dev->device_lock);
                goto unlock;
        }
        priv_write_cb->file_private = file_ext;
 
-       spin_lock_bh(&dev->device_lock);
        if (flow_ctrl_creds(dev, file_ext) &&
                dev->host_buffer_is_empty) {
                spin_unlock_bh(&dev->device_lock);
index 0d7f31bed566ffa5fe827bd21f7a8e3102a867e0..1a6faf88e16c355b1c83beb6ac3d52b3d9105410 100644 (file)
@@ -297,6 +297,7 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num,
                if (!heci_connect(dev, file_ext)) {
                        rets = -ENODEV;
                        spin_unlock_bh(&dev->device_lock);
+                       spin_unlock(&file_ext->file_lock);
                        goto end;
                } else {
                        file_ext->timer_count = HECI_CONNECT_TIMEOUT;
@@ -320,7 +321,9 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num,
                         || HECI_FILE_DISCONNECTED == file_ext->state),
                        timeout * HZ);
 
+       spin_lock_bh(&dev->device_lock);
        if (HECI_FILE_CONNECTED == file_ext->state) {
+               spin_unlock_bh(&dev->device_lock);
                DBG("successfully connected to FW client.\n");
                rets = file_ext->status;
                /* now copy the data to user space */
@@ -337,6 +340,7 @@ int heci_ioctl_connect_client(struct iamt_heci_device *dev, int if_num,
        } else {
                DBG("failed to connect to FW client.file_ext->state = %d.\n",
                    file_ext->state);
+               spin_unlock_bh(&dev->device_lock);
                if (!err) {
                        DBG("wait_event_interruptible_timeout failed on client"
                            " connect message fw response message.\n");
@@ -637,11 +641,13 @@ int heci_start_read(struct iamt_heci_device *dev, int if_num,
                DBG("received wrong function input param.\n");
                return -ENODEV;
        }
+
+       spin_lock_bh(&dev->device_lock);
        if (file_ext->state != HECI_FILE_CONNECTED) {
+               spin_unlock_bh(&dev->device_lock);
                return -ENODEV;
        }
 
-       spin_lock_bh(&dev->device_lock);
        if (dev->heci_state != HECI_ENABLED) {
                spin_unlock_bh(&dev->device_lock);
                return -ENODEV;