Hi Jiri,
Fix the conflict and update the patch:
>From 7c06e1f3a5959e73a5b827bda67e7c1eaed7da67 Mon Sep 17 00:00:00 2001
From: Yonghua Zheng <younghua.zheng@xxxxxxxxx>
Date: Wed, 14 Aug 2013 17:43:36 +0800
Subject: [PATCH 1/1] HID: hidraw: Add spinlock in struct hidraw to protect
member list
It is unsafe to call list_for_each_entry in hidraw_report_event to
traverse each hidraw_list node without a lock protection, the list
could be modified if someone calls hidraw_release and list_del to
remove itself from the list, this can cause hidraw_report_event
to touch a deleted list struct and panic.
To prevent this, introduce a spinlock in struct hidraw to protect
list from concurrent access.
Signed-off-by: Yonghua Zheng <younghua.zheng@xxxxxxxxx>
diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c
index dbfe300..8918dd1 100644
--- a/drivers/hid/hidraw.c
+++ b/drivers/hid/hidraw.c
@@ -253,6 +253,7 @@ static int hidraw_open(struct inode *inode, struct file *file)
unsigned int minor = iminor(inode);
struct hidraw *dev;
struct hidraw_list *list;
+ unsigned long flags;
int err = 0;
if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) {
@@ -266,11 +267,6 @@ static int hidraw_open(struct inode *inode, struct file *file)
goto out_unlock;
}
- list->hidraw = hidraw_table[minor];
- mutex_init(&list->read_mutex);
- list_add_tail(&list->node, &hidraw_table[minor]->list);
- file->private_data = list;
-
dev = hidraw_table[minor];
if (!dev->open++) {
err = hid_hw_power(dev->hid, PM_HINT_FULLON);
@@ -283,9 +279,16 @@ static int hidraw_open(struct inode *inode, struct file *file)
if (err < 0) {
hid_hw_power(dev->hid, PM_HINT_NORMAL);
dev->open--;
+ goto out_unlock;
}
}
+ list->hidraw = hidraw_table[minor];
+ mutex_init(&list->read_mutex);
+ spin_lock_irqsave(&hidraw_table[minor]->list_lock, flags);
+ list_add_tail(&list->node, &hidraw_table[minor]->list);
+ spin_unlock_irqrestore(&hidraw_table[minor]->list_lock, flags);
+ file->private_data = list;
out_unlock:
mutex_unlock(&minors_lock);
out:
@@ -324,10 +327,13 @@ static int hidraw_release(struct inode * inode, struct file * file)
{
unsigned int minor = iminor(inode);
struct hidraw_list *list = file->private_data;
+ unsigned long flags;
mutex_lock(&minors_lock);
+ spin_lock_irqsave(&hidraw_table[minor]->list_lock, flags);
list_del(&list->node);
+ spin_unlock_irqrestore(&hidraw_table[minor]->list_lock, flags);
kfree(list);
drop_ref(hidraw_table[minor], 0);
@@ -456,7 +462,9 @@ int hidraw_report_event(struct hid_device *hid, u8 *data, int len)
struct hidraw *dev = hid->hidraw;
struct hidraw_list *list;
int ret = 0;
+ unsigned long flags;
+ spin_lock_irqsave(&dev->list_lock, flags);
list_for_each_entry(list, &dev->list, node) {
int new_head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1);
@@ -471,6 +479,7 @@ int hidraw_report_event(struct hid_device *hid, u8 *data, int len)
list->head = new_head;
kill_fasync(&list->fasync, SIGIO, POLL_IN);
}
+ spin_unlock_irqrestore(&dev->list_lock, flags);
wake_up_interruptible(&dev->wait);
return ret;
@@ -518,6 +527,7 @@ int hidraw_connect(struct hid_device *hid)
}
init_waitqueue_head(&dev->wait);
+ spin_lock_init(&dev->list_lock);
INIT_LIST_HEAD(&dev->list);
dev->hid = hid;
diff --git a/include/linux/hidraw.h b/include/linux/hidraw.h
index 2451662..ddf5261 100644
--- a/include/linux/hidraw.h
+++ b/include/linux/hidraw.h
@@ -23,6 +23,7 @@ struct hidraw {
wait_queue_head_t wait;
struct hid_device *hid;
struct device *dev;
+ spinlock_t list_lock;
struct list_head list;
};
--
1.7.9.5
Thanks
Yonghua
On Mon, Aug 26, 2013 at 02:03:18PM +0200, Jiri Kosina wrote:
> On Thu, 15 Aug 2013, Yonghua Zheng wrote:
>
> > As hidraw_report_event can be called from interrupt context, it is a mistake
> > to use mutex_lock for protecting the list member in my previous patch, so
> > update the patch which adds a spinlock in struct hidraw to protect the list
> > member from concurrent access:
>
> Hi,
>
> thanks for the patch.
>
> I already have
>
> commit 212a871a3934beccf43431608c27ed2e05a476ec
> Author: Manoj Chourasia <mchourasia@xxxxxxxxxx>
> Date: Mon Jul 22 15:33:13 2013 +0530
>
> HID: hidraw: correctly deallocate memory on device disconnect
>
> in the tree, which collides with your patch. Could you please check what
> changes are needed on top of it so that it makes sense for my 'for-next'
> branch, rebase, and resend to me?
>
> Thanks,
>
> --
> Jiri Kosina
> SUSE Labs
On Mon, Aug 26, 2013 at 02:03:18PM +0200, Jiri Kosina wrote:
> On Thu, 15 Aug 2013, Yonghua Zheng wrote:
>
> > As hidraw_report_event can be called from interrupt context, it is a mistake
> > to use mutex_lock for protecting the list member in my previous patch, so
> > update the patch which adds a spinlock in struct hidraw to protect the list
> > member from concurrent access:
>
> Hi,
>
> thanks for the patch.
>
> I already have
>
> commit 212a871a3934beccf43431608c27ed2e05a476ec
> Author: Manoj Chourasia <mchourasia@xxxxxxxxxx>
> Date: Mon Jul 22 15:33:13 2013 +0530
>
> HID: hidraw: correctly deallocate memory on device disconnect
>
> in the tree, which collides with your patch. Could you please check what
> changes are needed on top of it so that it makes sense for my 'for-next'
> branch, rebase, and resend to me?
>
> Thanks,
>
> --
> Jiri Kosina
> SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
