diff options
| author | Rafael J. Wysocki <rafael.j.wysocki@intel.com> | 2019-12-27 11:04:21 +0100 |
|---|---|---|
| committer | Rafael J. Wysocki <rafael.j.wysocki@intel.com> | 2019-12-27 11:04:21 +0100 |
| commit | 3df663a147fe077a6ee8444ec626738946e65547 (patch) | |
| tree | 1059c7bd9be1c08fa5ffc7d058613c47de7df0c7 /drivers/acpi | |
| parent | 46cf053efec6a3a5f343fead837777efe8252a46 (diff) | |
| download | linux-3df663a147fe077a6ee8444ec626738946e65547.tar.gz | |
ACPI: EC: Reference count query handlers under lock
There is a race condition in acpi_ec_get_query_handler() theoretically allowing query handlers to go away before refernce counting them. In order to avoid it, call kref_get() on query handlers under ec->mutex. Also simplify the code a bit while at it. Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Diffstat (limited to 'drivers/acpi')
| -rw-r--r-- | drivers/acpi/ec.c | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c index d05be13c1022..08bc9751fe66 100644 --- a/drivers/acpi/ec.c +++ b/drivers/acpi/ec.c @@ -1053,28 +1053,20 @@ void acpi_ec_unblock_transactions(void) Event Management -------------------------------------------------------------------------- */ static struct acpi_ec_query_handler * -acpi_ec_get_query_handler(struct acpi_ec_query_handler *handler) -{ - if (handler) - kref_get(&handler->kref); - return handler; -} - -static struct acpi_ec_query_handler * acpi_ec_get_query_handler_by_value(struct acpi_ec *ec, u8 value) { struct acpi_ec_query_handler *handler; - bool found = false; mutex_lock(&ec->mutex); list_for_each_entry(handler, &ec->list, node) { if (value == handler->query_bit) { - found = true; - break; + kref_get(&handler->kref); + mutex_unlock(&ec->mutex); + return handler; } } mutex_unlock(&ec->mutex); - return found ? acpi_ec_get_query_handler(handler) : NULL; + return NULL; } static void acpi_ec_query_handler_release(struct kref *kref) |