From: Martin Schwidefsky <schwidefsky@de.ibm.com>
To: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: [patch 10/11] tape: fix race with stack local wait_queue_head_t.
Date: Thu, 29 May 2008 14:55:11 +0200 [thread overview]
Message-ID: <20080529125730.645201695@de.ibm.com> (raw)
In-Reply-To: 20080529125501.196123527@de.ibm.com
[-- Attachment #1: 010-tape-waitqueue.diff --]
[-- Type: text/plain, Size: 3498 bytes --]
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
A wait_event call with a stack local wait_queue_head_t structure that is
used to do the wake up for the wait_event is inherently racy. After the
wait_event finished the wake_up call might not have completed yet.
Replace the stack local wait_queue_head_t in tape_do_io and
tape_do_io_interruptible with a per device wait queue.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
---
drivers/s390/char/tape.h | 3 +++
drivers/s390/char/tape_core.c | 16 +++++++---------
2 files changed, 10 insertions(+), 9 deletions(-)
Index: quilt-2.6/drivers/s390/char/tape_core.c
===================================================================
--- quilt-2.6.orig/drivers/s390/char/tape_core.c
+++ quilt-2.6/drivers/s390/char/tape_core.c
@@ -449,6 +449,7 @@ tape_alloc_device(void)
INIT_LIST_HEAD(&device->req_queue);
INIT_LIST_HEAD(&device->node);
init_waitqueue_head(&device->state_change_wq);
+ init_waitqueue_head(&device->wait_queue);
device->tape_state = TS_INIT;
device->medium_state = MS_UNKNOWN;
*device->modeset_byte = 0;
@@ -954,21 +955,19 @@ __tape_wake_up(struct tape_request *requ
int
tape_do_io(struct tape_device *device, struct tape_request *request)
{
- wait_queue_head_t wq;
int rc;
- init_waitqueue_head(&wq);
spin_lock_irq(get_ccwdev_lock(device->cdev));
/* Setup callback */
request->callback = __tape_wake_up;
- request->callback_data = &wq;
+ request->callback_data = &device->wait_queue;
/* Add request to request queue and try to start it. */
rc = __tape_start_request(device, request);
spin_unlock_irq(get_ccwdev_lock(device->cdev));
if (rc)
return rc;
/* Request added to the queue. Wait for its completion. */
- wait_event(wq, (request->callback == NULL));
+ wait_event(device->wait_queue, (request->callback == NULL));
/* Get rc from request */
return request->rc;
}
@@ -989,20 +988,19 @@ int
tape_do_io_interruptible(struct tape_device *device,
struct tape_request *request)
{
- wait_queue_head_t wq;
int rc;
- init_waitqueue_head(&wq);
spin_lock_irq(get_ccwdev_lock(device->cdev));
/* Setup callback */
request->callback = __tape_wake_up_interruptible;
- request->callback_data = &wq;
+ request->callback_data = &device->wait_queue;
rc = __tape_start_request(device, request);
spin_unlock_irq(get_ccwdev_lock(device->cdev));
if (rc)
return rc;
/* Request added to the queue. Wait for its completion. */
- rc = wait_event_interruptible(wq, (request->callback == NULL));
+ rc = wait_event_interruptible(device->wait_queue,
+ (request->callback == NULL));
if (rc != -ERESTARTSYS)
/* Request finished normally. */
return request->rc;
@@ -1015,7 +1013,7 @@ tape_do_io_interruptible(struct tape_dev
/* Wait for the interrupt that acknowledges the halt. */
do {
rc = wait_event_interruptible(
- wq,
+ device->wait_queue,
(request->callback == NULL)
);
} while (rc == -ERESTARTSYS);
Index: quilt-2.6/drivers/s390/char/tape.h
===================================================================
--- quilt-2.6.orig/drivers/s390/char/tape.h
+++ quilt-2.6/drivers/s390/char/tape.h
@@ -231,6 +231,9 @@ struct tape_device {
/* Request queue. */
struct list_head req_queue;
+ /* Request wait queue. */
+ wait_queue_head_t wait_queue;
+
/* Each tape device has (currently) two minor numbers. */
int first_minor;
--
blue skies,
Martin.
"Reality continues to ruin my life." - Calvin.
next prev parent reply other threads:[~2008-05-29 12:55 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-29 12:55 [patch 00/11] s390 bug fixes for 2.6.26-rc4 Martin Schwidefsky
2008-05-29 12:55 ` [patch 01/11] fix sparsemem related compile error with allnoconfig on s390 Martin Schwidefsky
2008-05-29 12:55 ` [patch 02/11] tape: Fix race condition in tape block device driver Martin Schwidefsky
2008-05-29 12:55 ` [patch 03/11] s390 types: make dma_addr_t 64 bit capable Martin Schwidefsky
2008-05-29 12:55 ` [patch 04/11] Fix section mismatch warnings Martin Schwidefsky
2008-05-29 12:55 ` [patch 05/11] appldata: prevent cpu hotplug when walking cpu_online_map Martin Schwidefsky
2008-05-29 12:55 ` [patch 06/11] showmem: Only walk spanned pages Martin Schwidefsky
2008-05-29 17:20 ` Johannes Weiner
2008-05-30 5:50 ` Heiko Carstens
2008-05-30 6:13 ` Johannes Weiner
2008-05-29 12:55 ` [patch 07/11] sclp_vt220: fix scheduling while atomic bug Martin Schwidefsky
2008-05-29 12:55 ` [patch 08/11] dasd: use a generic wait_queue for sleep_on Martin Schwidefsky
2008-05-29 12:55 ` [patch 09/11] 3270: fix race with stack local wait_queue_head_t Martin Schwidefsky
2008-05-29 12:55 ` Martin Schwidefsky [this message]
2008-05-29 12:55 ` [patch 11/11] disassembler: fix idte instruction format Martin Schwidefsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080529125730.645201695@de.ibm.com \
--to=schwidefsky@de.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox