diff options
author | Johan Hovold <johan@hovoldconsulting.com> | 2015-07-14 15:43:31 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@google.com> | 2015-07-15 12:39:13 -0700 |
commit | 008974cb528d301895797fec0f7d4fd64d01fce0 (patch) | |
tree | b6b30770876587af5a5e02ac8e40d2238e2f494c /drivers/staging/greybus/operation.h | |
parent | cad09a8f8ce843aa11f9a6a8a7aa5c6d6591147b (diff) | |
download | linux-stable-008974cb528d301895797fec0f7d4fd64d01fce0.tar.gz linux-stable-008974cb528d301895797fec0f7d4fd64d01fce0.tar.bz2 linux-stable-008974cb528d301895797fec0f7d4fd64d01fce0.zip |
greybus: operation: fix connection tear down
Fix connection tear down, which was done in an unsafe way that could
result in use-after-free as the per-connection list of operations was
iterated without any locking or refcounting.
Specifically, the operations list was iterated without holding any locks or
operation refcounts even though operations were being both removed from
the list and deallocated during per-operation cancellation. Any
operation completing during tear down could also cause corruption.
Change the per-connection operation list to only contain active
operations and use the recently introduced active counter to maintain
the list.
Add new helper that is called on connection tear down to cancel all
outstanding operations in a safe way by using proper locks and making
sure to hold a reference to any operation being cancelled.
Note that by verifying the connection state before incrementing the
active count we can make sure that all active operations have been
cancelled and that no new ones have been started when the helper
returns.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Diffstat (limited to 'drivers/staging/greybus/operation.h')
-rw-r--r-- | drivers/staging/greybus/operation.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/staging/greybus/operation.h b/drivers/staging/greybus/operation.h index c8aaf90a006a..26ecd66710a3 100644 --- a/drivers/staging/greybus/operation.h +++ b/drivers/staging/greybus/operation.h @@ -127,9 +127,9 @@ struct gb_operation { struct completion completion; struct kref kref; - atomic_t active; atomic_t waiters; + int active; struct list_head links; /* connection->operations */ }; |