From: marek.vasut.n900@gmail.com (Marek Vasut)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] MAX1111: Fix race condition causing NULL pointer exception
Date: Wed, 18 May 2011 19:36:54 +0200 [thread overview]
Message-ID: <1305740214.1526.2.camel@konomi> (raw)
In-Reply-To: <20110518152935.GJ5913@n2100.arm.linux.org.uk>
> On Wed, May 18, 2011 at 05:18:38PM +0200, Pavel Herrmann wrote:
> > spi_sync call uses its spi_message parameter to keep completion
> > information, having this structure static is not thread-safe,
> > potentially causing one thread having pointers to memory on or above
> > other threads stack. use per-call spi_message on stack to fix this
>
> I assume this has not been tested with DMA debugging enabled.
>
> The DMA API does not like mapping memory from the stack, which is what
> you're potentially doing with this:
Yikes, good catch, but kmallocing this and kfreeing it again is not something I'd like to see either.
What other options do you suggest?
Btw note, this isn't the only driver doing this, maybe we have a horde of patches on the way?
>
> > +??? uint8_t rx_buf[2] = {0, 0};
> > +??? uint8_t tx_buf = (channel << MAX1111_CTRL_SEL_SH) |
> > +??? ??? ??? MAX1111_CTRL_PD0 | MAX1111_CTRL_PD1 |
> > +??? ??? ??? MAX1111_CTRL_SGL | MAX1111_CTRL_UNI |
> > +??? ??? ??? MAX1111_CTRL_STR;
> > +
> > +??? spi_message_init(&m);
> > +??? memset(t, 0, sizeof(t));
> > +
> > +??? t[0].tx_buf = &tx_buf;
> > +??? t[0].len = 1;
> > +??? spi_message_add_tail(&t[0], &m);
> > +
> > +??? t[1].rx_buf = rx_buf;
> > +??? t[1].len = 2;
> > +??? spi_message_add_tail(&t[1], &m);
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2011-05-18 17:36 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-18 15:18 [PATCH] MAX1111: Fix race condition causing NULL pointer exception Pavel Herrmann
2011-05-18 15:29 ` Eric Miao
2011-05-18 15:29 ` Russell King - ARM Linux
2011-05-18 17:36 ` Marek Vasut [this message]
2011-05-18 22:47 ` Russell King - ARM Linux
2011-05-19 12:35 ` Pavel Machek
2011-05-19 12:51 ` Pavel Herrmann
2011-05-19 13:55 ` Marek Vasut
2011-05-19 19:31 ` Russell King - ARM Linux
2011-05-19 22:13 ` Pavel Herrmann
2011-05-20 21:20 ` Russell King - ARM Linux
2011-05-21 20:28 ` Pavel Machek
2011-05-21 20:45 ` Pavel Herrmann
2011-05-22 15:52 ` Marek Vasut
2011-05-18 21:47 ` Cyril Hrubis
2011-06-30 12:36 ` Marek Vasut
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1305740214.1526.2.camel@konomi \
--to=marek.vasut.n900@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).