[patch 2/4] firewire: fully initialize fw_transaction before markingit pending

From: Stefan Richter
Date: Sat Jul 12 2008 - 08:50:32 EST

Next message: Stefan Richter: "[patch 3/4] firewire: small fw_fill_request cleanup"
Previous message: Stefan Richter: "[patch 1/4] firewire: fix race of bus reset with request transmission"
In reply to: Stefan Richter: "Re: [patch 1/4] firewire: fix race of bus reset with requesttransmission"
Next in thread: Stefan Richter: "[patch 3/4] firewire: small fw_fill_request cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In theory, card->flush_timer could already access a transaction between
fw_send_request()'s spin_unlock_irqrestore and the rest of what happens
in fw_send_request(). This would happen if the process which sends the
request is preempted and put to sleep right after spin_unlock_irqrestore
for longer than 100ms.

Therefore we fill in everything in struct fw_transaction at which the
flush_timer might look at before we lift the lock.

To do: Ensure that the timer does not pick up the transaction before
the time of the AT request event plus split transaction timeout.

Signed-off-by: Stefan Richter <stefanr@xxxxxxxxxxxxxxxxx>
---
drivers/firewire/fw-transaction.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

Index: linux/drivers/firewire/fw-transaction.c
===================================================================
--- linux.orig/drivers/firewire/fw-transaction.c
+++ linux/drivers/firewire/fw-transaction.c
@@ -279,11 +279,6 @@ fw_send_request(struct fw_card *card, st
card->current_tlabel = (card->current_tlabel + 1) & 0x1f;
card->tlabel_mask |= (1 << tlabel);

- list_add_tail(&t->link, &card->transaction_list);
-
- spin_unlock_irqrestore(&card->lock, flags);
-
- /* Initialize rest of transaction, fill out packet and send it. */
t->node_id = node_id;
t->tlabel = tlabel;
t->callback = callback;
@@ -294,6 +289,10 @@ fw_send_request(struct fw_card *card, st
speed, offset, payload, length);
t->packet.callback = transmit_complete_callback;

+ list_add_tail(&t->link, &card->transaction_list);
+
+ spin_unlock_irqrestore(&card->lock, flags);
+
card->driver->send_request(card, &t->packet);
}
EXPORT_SYMBOL(fw_send_request);

--
Stefan Richter
-=====-==--- -=== -==--
http://arcgraph.de/sr/

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stefan Richter: "[patch 3/4] firewire: small fw_fill_request cleanup"
Previous message: Stefan Richter: "[patch 1/4] firewire: fix race of bus reset with request transmission"
In reply to: Stefan Richter: "Re: [patch 1/4] firewire: fix race of bus reset with requesttransmission"
Next in thread: Stefan Richter: "[patch 3/4] firewire: small fw_fill_request cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]