From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Barton Xu <tank.xuhan@gmail.com>,
Steffen Weber <steffen.weber@gmail.com>,
Arthur Chen <axchen@nvidia.com>, Lv Zheng <lv.zheng@intel.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Subject: [PATCH 3.15 27/84] ACPI / EC: Fix race condition in ec_transaction_completed()
Date: Tue, 15 Jul 2014 16:17:24 -0700 [thread overview]
Message-ID: <20140715231714.023596589@linuxfoundation.org> (raw)
In-Reply-To: <20140715231713.193785557@linuxfoundation.org>
3.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lv Zheng <lv.zheng@intel.com>
commit c0d653412fc8450370167a3268b78fc772ff9c87 upstream.
There is a race condition in ec_transaction_completed().
When ec_transaction_completed() is called in the GPE handler, it could
return true because of (ec->curr == NULL). Then the wake_up() invocation
could complete the next command unexpectedly since there is no lock between
the 2 invocations. With the previous cleanup, the IBF=0 waiter race need
not be handled any more. It's now safe to return a flag from
advance_condition() to indicate the requirement of wakeup, the flag is
returned from a locked context.
The ec_transaction_completed() is now only invoked by the ec_poll() where
the ec->curr is ensured to be different from NULL.
After cleaning up, the EVT_SCI=1 check should be moved out of the wakeup
condition so that an EVT_SCI raised with (ec->curr == NULL) can trigger a
QR_SC command.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=70891
Link: https://bugzilla.kernel.org/show_bug.cgi?id=63931
Link: https://bugzilla.kernel.org/show_bug.cgi?id=59911
Reported-and-tested-by: Gareth Williams <gareth@garethwilliams.me.uk>
Reported-and-tested-by: Hans de Goede <jwrdegoede@fedoraproject.org>
Reported-by: Barton Xu <tank.xuhan@gmail.com>
Tested-by: Steffen Weber <steffen.weber@gmail.com>
Tested-by: Arthur Chen <axchen@nvidia.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/ec.c | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
--- a/drivers/acpi/ec.c
+++ b/drivers/acpi/ec.c
@@ -158,16 +158,17 @@ static int ec_transaction_completed(stru
unsigned long flags;
int ret = 0;
spin_lock_irqsave(&ec->lock, flags);
- if (!ec->curr || (ec->curr->flags & ACPI_EC_COMMAND_COMPLETE))
+ if (ec->curr && (ec->curr->flags & ACPI_EC_COMMAND_COMPLETE))
ret = 1;
spin_unlock_irqrestore(&ec->lock, flags);
return ret;
}
-static void advance_transaction(struct acpi_ec *ec)
+static bool advance_transaction(struct acpi_ec *ec)
{
struct transaction *t;
u8 status;
+ bool wakeup = false;
pr_debug("===== %s =====\n", in_interrupt() ? "IRQ" : "TASK");
status = acpi_ec_read_status(ec);
@@ -183,21 +184,25 @@ static void advance_transaction(struct a
} else if (t->rlen > t->ri) {
if ((status & ACPI_EC_FLAG_OBF) == 1) {
t->rdata[t->ri++] = acpi_ec_read_data(ec);
- if (t->rlen == t->ri)
+ if (t->rlen == t->ri) {
t->flags |= ACPI_EC_COMMAND_COMPLETE;
+ wakeup = true;
+ }
} else
goto err;
} else if (t->wlen == t->wi &&
- (status & ACPI_EC_FLAG_IBF) == 0)
+ (status & ACPI_EC_FLAG_IBF) == 0) {
t->flags |= ACPI_EC_COMMAND_COMPLETE;
- return;
+ wakeup = true;
+ }
+ return wakeup;
} else {
if ((status & ACPI_EC_FLAG_IBF) == 0) {
acpi_ec_write_cmd(ec, t->command);
t->flags |= ACPI_EC_COMMAND_POLL;
} else
goto err;
- return;
+ return wakeup;
}
err:
/*
@@ -208,13 +213,14 @@ err:
if (in_interrupt() && t)
++t->irq_count;
}
+ return wakeup;
}
static void start_transaction(struct acpi_ec *ec)
{
ec->curr->irq_count = ec->curr->wi = ec->curr->ri = 0;
ec->curr->flags = 0;
- advance_transaction(ec);
+ (void)advance_transaction(ec);
}
static int acpi_ec_sync_query(struct acpi_ec *ec, u8 *data);
@@ -248,7 +254,7 @@ static int ec_poll(struct acpi_ec *ec)
return 0;
}
spin_lock_irqsave(&ec->lock, flags);
- advance_transaction(ec);
+ (void)advance_transaction(ec);
spin_unlock_irqrestore(&ec->lock, flags);
} while (time_before(jiffies, delay));
pr_debug("controller reset, restart transaction\n");
@@ -627,12 +633,10 @@ static u32 acpi_ec_gpe_handler(acpi_hand
struct acpi_ec *ec = data;
spin_lock_irqsave(&ec->lock, flags);
- advance_transaction(ec);
- spin_unlock_irqrestore(&ec->lock, flags);
- if (ec_transaction_completed(ec)) {
+ if (advance_transaction(ec))
wake_up(&ec->wait);
- ec_check_sci(ec, acpi_ec_read_status(ec));
- }
+ spin_unlock_irqrestore(&ec->lock, flags);
+ ec_check_sci(ec, acpi_ec_read_status(ec));
return ACPI_INTERRUPT_HANDLED | ACPI_REENABLE_GPE;
}
next prev parent reply other threads:[~2014-07-15 23:43 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-15 23:16 [PATCH 3.15 00/84] 3.15.6-stable review Greg Kroah-Hartman
2014-07-15 23:16 ` [PATCH 3.15 01/84] usb: option: Add ID for Telewell TW-LTE 4G v2 Greg Kroah-Hartman
2014-07-15 23:16 ` [PATCH 3.15 02/84] USB: cp210x: add support for Corsair usb dongle Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 03/84] USB: ftdi_sio: Add extra PID Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 04/84] USB: serial: ftdi_sio: Add Infineon Triboard Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 05/84] iio: ti_am335x_adc: Fix: Use same step id at FIFOs both ends Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 06/84] serial: Test for no tx data on tx restart Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 07/84] parisc: add serial ports of C8000/1GHz machine to hardware database Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 08/84] parisc: fix fanotify_mark() syscall on 32bit compat kernel Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 09/84] workqueue: fix dev_set_uevent_suppress() imbalance Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 10/84] cpuset,mempolicy: fix sleeping function called from invalid context Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 11/84] workqueue: zero cpumask of wq_numa_possible_cpumask on init Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 12/84] ahci: imx: manage only sata_ref_clk in imx_sata_enable[disable] Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 13/84] i8k: Fix non-SMP operation Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 14/84] serial: imx: Fix build breakage Greg Kroah-Hartman
2014-07-16 0:24 ` Stephen Rothwell
2014-07-16 0:42 ` Greg Kroah-Hartman
2014-07-16 0:56 ` Stephen Rothwell
2014-07-16 1:07 ` Greg Kroah-Hartman
2014-07-16 1:08 ` Stephen Rothwell
2014-07-15 23:17 ` [PATCH 3.15 15/84] thermal: hwmon: Make the check for critical temp valid consistent Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 16/84] hwmon: (adc128d818) Drop write support on inX_input attributes Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 17/84] hwmon: (amc6821) Fix permissions for temp2_input Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 18/84] hwmon: (emc2103) Clamp limits instead of bailing out Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 19/84] hwmon: (adm1031) Fix writes to limit registers Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 20/84] hwmon: (adm1029) Ensure the fan_div cache is updated in set_fan_div Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 21/84] hwmon: (adm1021) Fix cache problem when writing temperature limits Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 22/84] Revert "ACPI / AC: Remove ACs proc directory." Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 23/84] ACPI / resources: only reject zero length resources based at address zero Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 24/84] ACPI / EC: Avoid race condition related to advance_transaction() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 25/84] ACPI / EC: Add asynchronous command byte write support Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 26/84] ACPI / EC: Remove duplicated ec_wait_ibf0() waiter Greg Kroah-Hartman
2014-07-15 23:17 ` Greg Kroah-Hartman [this message]
2014-07-15 23:17 ` [PATCH 3.15 28/84] powerpc/kvm: Remove redundant save of SIER AND MMCR2 Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 29/84] powerpc/perf: Never program book3s PMCs with values >= 0x80000000 Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 30/84] powerpc/perf: Add PPMU_ARCH_207S define Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 31/84] powerpc/perf: Clear MMCR2 when enabling PMU Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 32/84] cpufreq: Makefile: fix compilation for davinci platform Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 33/84] crypto: sha512_ssse3 - fix byte count to bit count conversion Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 34/84] crypto: caam - fix memleak in caam_jr module Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 35/84] arm64: implement TASK_SIZE_OF Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 36/84] phy: core: Fix error path in phy_create() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 37/84] clk: spear3xx: Use proper control register offset Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 38/84] clk: s2mps11: Fix double free corruption during driver unbind Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 39/84] clk: qcom: HDMI source sel is 3 not 2 Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 40/84] Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 41/84] dm mpath: fix IO hang due to logic bug in multipath_busy Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 42/84] dm io: fix a race condition in the wake up code for sync_io Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 43/84] dm: allocate a special workqueue for deferred device removal Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 44/84] intel_pstate: Fix setting VID Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 45/84] intel_pstate: dont touch turbo bit if turbo disabled or unavailable Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 46/84] intel_pstate: Update documentation of {max,min}_perf_pct sysfs files Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 47/84] intel_pstate: Set CPU number before accessing MSRs Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 48/84] PCI: Fix unaligned access in AF transaction pending test Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 49/84] ext4: fix unjournalled bg descriptor while initializing inode bitmap Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 50/84] ext4: clarify error count warning messages Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 51/84] ext4: clarify ext4_error message in ext4_mb_generate_buddy_error() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 52/84] ext4: disable synchronous transaction batching if max_batch_time==0 Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 53/84] ext4: revert commit which was causing fs corruption after journal replays Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 54/84] ext4: fix a potential deadlock in __ext4_es_shrink() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 55/84] drm/radeon/dpm: Reenabling SS on Cayman Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 56/84] drm/radeon: fix typo in ci_stop_dpm() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 57/84] drm/radeon: fix typo in golden register setup on evergreen Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 60/84] drm/i915: quirk asserts controllable backlight presence, overriding VBT Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 61/84] drm/i915: Acer C720 and C720P have controllable backlights Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 62/84] drm/i915: Toshiba CB35 has a controllable backlight Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 64/84] DMA, CMA: fix possible memory leak Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 65/84] ring-buffer: Check if buffer exists before polling Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 66/84] i40e: fix passing wrong error code to i40e_open() Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 67/84] mtd: nand: omap: fix omap_calculate_ecc_bch() for-loop error Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 68/84] cgroup: fix mount failure in a corner case Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 69/84] kernfs: implement kernfs_root->supers list Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 70/84] kernfs: introduce kernfs_pin_sb() Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 71/84] cgroup: fix a race between cgroup_mount() and cgroup_kill_sb() Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 72/84] f2fs: adjust free mem size to flush dentry blocks Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 73/84] f2fs: check bdi->dirty_exceeded when trying to skip data writes Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 74/84] drivers/rtc/rtc-puv3.c: remove "&dev->" for typo issue Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 75/84] drivers/rtc/rtc-puv3.c: use dev_dbg() instead of dev_debug() " Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 76/84] powerpc: Disable RELOCATABLE for COMPILE_TEST with PPC64 Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 77/84] Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime option" Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 78/84] x86-64, espfix: Dont leak bits 31:16 of %esp returning to 16-bit stack Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 79/84] x86, espfix: Move espfix definitions into a separate header file Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 80/84] x86, espfix: Fix broken header guard Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 81/84] x86, espfix: Make espfix64 a Kconfig option, fix UML Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 82/84] x86, espfix: Make it possible to disable 16-bit support Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 83/84] x86, ioremap: Speed up check for RAM pages Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 84/84] ACPI / battery: Retry to get battery information if failed during probing Greg Kroah-Hartman
2014-07-16 4:28 ` [PATCH 3.15 00/84] 3.15.6-stable review Guenter Roeck
2014-07-16 10:53 ` Satoru Takeuchi
2014-07-17 1:51 ` Greg Kroah-Hartman
2014-07-16 23:09 ` Greg Kroah-Hartman
2014-07-17 0:12 ` Guenter Roeck
2014-07-17 1:50 ` Greg Kroah-Hartman
2014-07-17 12:29 ` Satoru Takeuchi
2014-07-17 21:23 ` Greg Kroah-Hartman
2014-07-17 13:24 ` Shuah Khan
2014-07-17 21:23 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140715231714.023596589@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axchen@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lv.zheng@intel.com \
--cc=rafael.j.wysocki@intel.com \
--cc=stable@vger.kernel.org \
--cc=steffen.weber@gmail.com \
--cc=tank.xuhan@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox