summary refs log tree commit diff
path: root/drivers/pci/pci-acpi.c
diff options
context:
space:
mode:
authorTaku Izumi <izumi.taku@jp.fujitsu.com>2008-10-17 13:48:36 +0900
committerJesse Barnes <jbarnes@virtuousgeek.org>2008-10-22 16:42:33 -0700
commit9778c14b4ca2c81e437fc2fd2b1f3d676937db27 (patch)
treeecd32dcf1fae311e7caaa400f492051aeb2c66a1 /drivers/pci/pci-acpi.c
parent2515ddc6db8eb49a79f0fe5e67ff09ac7c81eab4 (diff)
downloadlinux-9778c14b4ca2c81e437fc2fd2b1f3d676937db27.tar.gz
ACPI/PCI: Fix possible race condition on _OSC evaluation
Fix possible race condition on _OSC evaluation.

Current _OSC evaluation code has possible race condition because it
maniputes osc_data linked list or its contents without any lock
mechanism.

Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Diffstat (limited to 'drivers/pci/pci-acpi.c')
-rw-r--r--drivers/pci/pci-acpi.c28
1 files changed, 20 insertions, 8 deletions
diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c
index 89a2f0fa10f9..14848bf95e82 100644
--- a/drivers/pci/pci-acpi.c
+++ b/drivers/pci/pci-acpi.c
@@ -35,6 +35,8 @@ struct acpi_osc_args {
 	u32 query_result;
 };
 
+static DEFINE_MUTEX(pci_acpi_lock);
+
 static struct acpi_osc_data *acpi_get_osc_data(acpi_handle handle)
 {
 	struct acpi_osc_data *data;
@@ -131,10 +133,12 @@ static acpi_status acpi_query_osc(acpi_handle handle,
 	if (ACPI_FAILURE(status))
 		return status;
 
+	mutex_lock(&pci_acpi_lock);
 	osc_data = acpi_get_osc_data(handle);
 	if (!osc_data) {
 		printk(KERN_ERR "acpi osc data array is full\n");
-		return AE_ERROR;
+		status = AE_ERROR;
+		goto out;
 	}
 
 	/* do _OSC query for all possible controls */
@@ -149,7 +153,8 @@ static acpi_status acpi_query_osc(acpi_handle handle,
 		osc_data->query_result = osc_args.query_result;
 		osc_data->is_queried = 1;
 	}
-
+out:
+	mutex_unlock(&pci_acpi_lock);
 	return status;
 }
 
@@ -190,19 +195,25 @@ acpi_status pci_osc_control_set(acpi_handle handle, u32 flags)
 	if (ACPI_FAILURE(status))
 		return status;
 
+	mutex_lock(&pci_acpi_lock);
 	osc_data = acpi_get_osc_data(handle);
 	if (!osc_data) {
 		printk(KERN_ERR "acpi osc data array is full\n");
-		return AE_ERROR;
+		status = AE_ERROR;
+		goto out;
 	}
 
 	ctrlset = (flags & OSC_CONTROL_MASKS);
-	if (!ctrlset)
-		return AE_TYPE;
+	if (!ctrlset) {
+		status = AE_TYPE;
+		goto out;
+	}
 
 	if (osc_data->is_queried &&
-	    ((osc_data->query_result & ctrlset) != ctrlset))
-		return AE_SUPPORT;
+	    ((osc_data->query_result & ctrlset) != ctrlset)) {
+		status = AE_SUPPORT;
+		goto out;
+	}
 
 	control_set = osc_data->control_set | ctrlset;
 	osc_args.capbuf[OSC_QUERY_TYPE] = 0;
@@ -211,7 +222,8 @@ acpi_status pci_osc_control_set(acpi_handle handle, u32 flags)
 	status = acpi_run_osc(handle, &osc_args);
 	if (ACPI_SUCCESS(status))
 		osc_data->control_set = control_set;
-
+out:
+	mutex_unlock(&pci_acpi_lock);
 	return status;
 }
 EXPORT_SYMBOL(pci_osc_control_set);