[PATCH] __release_region() race

[MAEDA Naoaki]

Hi,

I am testing PCI hot-plug in 2.6.2 kernel, but sometimes
a struct resource tree in kernel/resource.c was broken
if multiple hot-plug requests are issued at the same time.

The reason is lots of drivers call release_region() on hot removal,
and __release_region(), which is invoked by release_region() macro,
changes the tree without holding a writer lock for resource_lock.

I think __release_region() must hold a writer lock as well as
__request_region() does.

A following patch fixes the issue in my environment.

Regards,
Naoaki Maeda

diff -Naur linux-2.6.3-rc2.org/kernel/resource.c linux-2.6.3-rc2/kernel/resource.c
--- linux-2.6.3-rc2.org/kernel/resource.c	2004-02-10 12:01:04.000000000 +0900
+++ linux-2.6.3-rc2/kernel/resource.c	2004-02-12 11:53:14.011014921 +0900
@@ -475,6 +475,8 @@
 	p = &parent->child;
 	end = start + n - 1;
 
+	write_lock(&resource_lock);
+
 	for (;;) {
 		struct resource *res = *p;
 
@@ -488,11 +490,15 @@
 			if (res->start != start || res->end != end)
 				break;
 			*p = res->sibling;
+			write_unlock(&resource_lock);
 			kfree(res);
 			return;
 		}
 		p = &res->sibling;
 	}
+
+	write_unlock(&resource_lock);
+
 	printk(KERN_WARNING "Trying to free nonexistent resource <%08lx-%08lx>\n", start, end);
 }
 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/