> > diff --git a/drivers/staging/vme/vme.c b/drivers/staging/vme/vme.c
> > index 76e08f3..9cb6938 100644
> > --- a/drivers/staging/vme/vme.c
> > +++ b/drivers/staging/vme/vme.c
> > @@ -1317,6 +1317,7 @@ static int vme_add_bus(struct vme_bridge *bridge)
> > if ((vme_bus_numbers & (1 << i)) == 0) {
> > vme_bus_numbers |= (1 << i);
> > bridge->num = i;
> > + INIT_LIST_HEAD(&bridge->devices);
> > list_add_tail(&bridge->bus_list, &vme_bus_list);
>
> Just realised that vme_buses_lock also protects vme_bus_list; appending
> to this list here should be protected by the mutex, otherwise
> vme_add_bus (ie this function) could race with __vme_register_driver,
> which might access a corrupt copy of the list.
>
> Note that vme_remove_bus does the right thing though; it acquires
> the lock before unpinning the bridge from vme_bus_list.
It _does_ acquire the lock. The patch here doesn't show it:
mutex_lock(&vme_buses_lock);
for (i = 0; i < sizeof(vme_bus_numbers) * 8; i++) {
if ((vme_bus_numbers & (1 << i)) == 0) {
vme_bus_numbers |= (1 << i);
bridge->num = i;
INIT_LIST_HEAD(&bridge->devices);
list_add_tail(&bridge->bus_list, &vme_bus_list);
ret = 0;
break;
}
}
mutex_unlock(&vme_buses_lock);
This was submitted and acknowledged by Martyn in a previous patch:
https://lkml.org/lkml/2011/8/12/107
Thanks!
--
/manohar
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
