[PATCH 10/24] Staging: ipack/bridges/tpci200: RCU protect slot_irq pointers.

Wed, 12 Sep 2012 06:06:59 -0700 

From: Jens Taprogge <jens.tapro...@taprogge.org>

In tpci200_request_irq as well as tpci200_free_irq we set and unset the
pointer to struct slot_irq.  This pointer is accessed in
tpci200_interrupt.  To ensure that the pointer is not freed after it has
been fetched in tpci200_interrupt() it is now protected through RCU.

Signed-off-by: Jens Taprogge <jens.tapro...@taprogge.org>
Signed-off-by: Samuel Iglesias Gonsalvez <sigles...@igalia.com>
---
 drivers/staging/ipack/bridges/tpci200.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/staging/ipack/bridges/tpci200.c 
b/drivers/staging/ipack/bridges/tpci200.c
index 24e2a11..9ce577a 100644
--- a/drivers/staging/ipack/bridges/tpci200.c
+++ b/drivers/staging/ipack/bridges/tpci200.c
@@ -132,10 +132,11 @@ static irqreturn_t tpci200_interrupt(int irq, void 
*dev_id)
 
        if (status_reg & TPCI200_SLOT_INT_MASK) {
                /* callback to the IRQ handler for the corresponding slot */
+               rcu_read_lock();
                for (i = 0; i < TPCI200_NB_SLOT; i++) {
                        if (!(status_reg & ((TPCI200_A_INT0 | TPCI200_A_INT1) 
<< (2*i))))
                                continue;
-                       slot_irq = tpci200->slots[i].irq;
+                       slot_irq = rcu_dereference(tpci200->slots[i].irq);
                        if (slot_irq) {
                                ret = tpci200_slot_irq(slot_irq);
                        } else {
@@ -147,6 +148,7 @@ static irqreturn_t tpci200_interrupt(int irq, void *dev_id)
                                        TPCI200_INT0_EN | TPCI200_INT1_EN);
                        }
                }
+               rcu_read_unlock();
        }
 
        return ret;
@@ -303,9 +305,9 @@ static int tpci200_free_irq(struct ipack_device *dev)
 
        __tpci200_free_irq(tpci200, dev);
        slot_irq = tpci200->slots[dev->slot].irq;
-       tpci200->slots[dev->slot].irq = NULL;
+       RCU_INIT_POINTER(tpci200->slots[dev->slot].irq, NULL);
+       synchronize_rcu();
        kfree(slot_irq);
-
        mutex_unlock(&tpci200->mutex);
        return 0;
 }
@@ -490,7 +492,7 @@ static int tpci200_request_irq(struct ipack_device *dev, 
int vector,
        slot_irq->arg = arg;
        slot_irq->holder = dev;
 
-       tpci200->slots[dev->slot].irq = slot_irq;
+       rcu_assign_pointer(tpci200->slots[dev->slot].irq, slot_irq);
        res = __tpci200_request_irq(tpci200, dev);
 
 out_unlock:
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to