Home Home > GIT Browse > SLE15
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Thumshirn <jthumshirn@suse.de>2019-01-21 15:03:48 +0100
committerJohannes Thumshirn <jthumshirn@suse.de>2019-01-21 15:03:48 +0100
commitbbd5c28342a9827f7e6ab3cbc5746b3cf16392a5 (patch)
treec47d5fff4c5146c96fa733d4e87705a248f63a3f
parenteef0a2f40a22f8ca1bf0f922125af6d0c07194c0 (diff)
acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id()
(bsc#1122662).
-rw-r--r--patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch49
-rw-r--r--series.conf1
2 files changed, 50 insertions, 0 deletions
diff --git a/patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch b/patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch
new file mode 100644
index 0000000000..500be5bba7
--- /dev/null
+++ b/patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch
@@ -0,0 +1,49 @@
+From: Tony Luck <tony.luck@intel.com>
+Date: Fri, 11 Jan 2019 14:46:37 -0800
+Subject: acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id()
+Git-commit: 0919871ac37fdcf46c7657da0f1742efe096b399
+Patch-mainline: v5.0-rc3
+References: bsc#1122662
+
+Possible race accessing memdev structures after dropping the
+mutex. Dan Williams says this could race against another thread
+that is doing:
+
+ # echo "ACPI0012:00" > /sys/bus/acpi/drivers/nfit/unbind
+
+Reported-by: Jane Chu <jane.chu@oracle.com>
+Fixes: 23222f8f8dce ("acpi, nfit: Add function to look up nvdimm...")
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ drivers/acpi/nfit/core.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
+index 4ae953a5aebf..790691d9a982 100644
+--- a/drivers/acpi/nfit/core.c
++++ b/drivers/acpi/nfit/core.c
+@@ -714,6 +714,7 @@ int nfit_get_smbios_id(u32 device_handle, u16 *flags)
+ struct acpi_nfit_memory_map *memdev;
+ struct acpi_nfit_desc *acpi_desc;
+ struct nfit_mem *nfit_mem;
++ u16 physical_id;
+
+ mutex_lock(&acpi_desc_lock);
+ list_for_each_entry(acpi_desc, &acpi_descs, list) {
+@@ -721,10 +722,11 @@ int nfit_get_smbios_id(u32 device_handle, u16 *flags)
+ list_for_each_entry(nfit_mem, &acpi_desc->dimms, list) {
+ memdev = __to_nfit_memdev(nfit_mem);
+ if (memdev->device_handle == device_handle) {
++ *flags = memdev->flags;
++ physical_id = memdev->physical_id;
+ mutex_unlock(&acpi_desc->init_mutex);
+ mutex_unlock(&acpi_desc_lock);
+- *flags = memdev->flags;
+- return memdev->physical_id;
++ return physical_id;
+ }
+ }
+ mutex_unlock(&acpi_desc->init_mutex);
+
diff --git a/series.conf b/series.conf
index 35565e4c7f..1d3b2a6d13 100644
--- a/series.conf
+++ b/series.conf
@@ -19746,6 +19746,7 @@
patches.drivers/tty-Don-t-hold-ldisc-lock-in-tty_reopen-if-ldisc-pre.patch
patches.drm/0001-drm-i915-gvt-Fix-mmap-range-check.patch
patches.drm/0002-omap2fb-Fix-stack-memory-disclosure.patch
+ patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch
# dhowells/linux-fs keys-uefi
patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch