summaryrefslogtreecommitdiff |
diff options
author | Johannes Thumshirn <jthumshirn@suse.de> | 2019-01-21 15:03:48 +0100 |
---|---|---|
committer | Johannes Thumshirn <jthumshirn@suse.de> | 2019-01-21 15:03:48 +0100 |
commit | bbd5c28342a9827f7e6ab3cbc5746b3cf16392a5 (patch) | |
tree | c47d5fff4c5146c96fa733d4e87705a248f63a3f | |
parent | eef0a2f40a22f8ca1bf0f922125af6d0c07194c0 (diff) |
acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id()
(bsc#1122662).
-rw-r--r-- | patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch | 49 | ||||
-rw-r--r-- | series.conf | 1 |
2 files changed, 50 insertions, 0 deletions
diff --git a/patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch b/patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch new file mode 100644 index 0000000000..500be5bba7 --- /dev/null +++ b/patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch @@ -0,0 +1,49 @@ +From: Tony Luck <tony.luck@intel.com> +Date: Fri, 11 Jan 2019 14:46:37 -0800 +Subject: acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() +Git-commit: 0919871ac37fdcf46c7657da0f1742efe096b399 +Patch-mainline: v5.0-rc3 +References: bsc#1122662 + +Possible race accessing memdev structures after dropping the +mutex. Dan Williams says this could race against another thread +that is doing: + + # echo "ACPI0012:00" > /sys/bus/acpi/drivers/nfit/unbind + +Reported-by: Jane Chu <jane.chu@oracle.com> +Fixes: 23222f8f8dce ("acpi, nfit: Add function to look up nvdimm...") +Signed-off-by: Tony Luck <tony.luck@intel.com> +Signed-off-by: Dan Williams <dan.j.williams@intel.com> +Acked-by: Johannes Thumshirn <jthumshirn@suse.de> +--- + drivers/acpi/nfit/core.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c +index 4ae953a5aebf..790691d9a982 100644 +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -714,6 +714,7 @@ int nfit_get_smbios_id(u32 device_handle, u16 *flags) + struct acpi_nfit_memory_map *memdev; + struct acpi_nfit_desc *acpi_desc; + struct nfit_mem *nfit_mem; ++ u16 physical_id; + + mutex_lock(&acpi_desc_lock); + list_for_each_entry(acpi_desc, &acpi_descs, list) { +@@ -721,10 +722,11 @@ int nfit_get_smbios_id(u32 device_handle, u16 *flags) + list_for_each_entry(nfit_mem, &acpi_desc->dimms, list) { + memdev = __to_nfit_memdev(nfit_mem); + if (memdev->device_handle == device_handle) { ++ *flags = memdev->flags; ++ physical_id = memdev->physical_id; + mutex_unlock(&acpi_desc->init_mutex); + mutex_unlock(&acpi_desc_lock); +- *flags = memdev->flags; +- return memdev->physical_id; ++ return physical_id; + } + } + mutex_unlock(&acpi_desc->init_mutex); + diff --git a/series.conf b/series.conf index 35565e4c7f..1d3b2a6d13 100644 --- a/series.conf +++ b/series.conf @@ -19746,6 +19746,7 @@ patches.drivers/tty-Don-t-hold-ldisc-lock-in-tty_reopen-if-ldisc-pre.patch patches.drm/0001-drm-i915-gvt-Fix-mmap-range-check.patch patches.drm/0002-omap2fb-Fix-stack-memory-disclosure.patch + patches.fixes/acpi-nfit-fix-race-accessing-memdev-in-nfit_get_smbios_id.patch # dhowells/linux-fs keys-uefi patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch |