forked from Minki/linux
ACPI: EC: Reference count query handlers under lock
There is a race condition in acpi_ec_get_query_handler() theoretically allowing query handlers to go away before refernce counting them. In order to avoid it, call kref_get() on query handlers under ec->mutex. Also simplify the code a bit while at it. Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
This commit is contained in:
parent
46cf053efe
commit
3df663a147
@ -1052,29 +1052,21 @@ void acpi_ec_unblock_transactions(void)
|
||||
/* --------------------------------------------------------------------------
|
||||
Event Management
|
||||
-------------------------------------------------------------------------- */
|
||||
static struct acpi_ec_query_handler *
|
||||
acpi_ec_get_query_handler(struct acpi_ec_query_handler *handler)
|
||||
{
|
||||
if (handler)
|
||||
kref_get(&handler->kref);
|
||||
return handler;
|
||||
}
|
||||
|
||||
static struct acpi_ec_query_handler *
|
||||
acpi_ec_get_query_handler_by_value(struct acpi_ec *ec, u8 value)
|
||||
{
|
||||
struct acpi_ec_query_handler *handler;
|
||||
bool found = false;
|
||||
|
||||
mutex_lock(&ec->mutex);
|
||||
list_for_each_entry(handler, &ec->list, node) {
|
||||
if (value == handler->query_bit) {
|
||||
found = true;
|
||||
break;
|
||||
kref_get(&handler->kref);
|
||||
mutex_unlock(&ec->mutex);
|
||||
return handler;
|
||||
}
|
||||
}
|
||||
mutex_unlock(&ec->mutex);
|
||||
return found ? acpi_ec_get_query_handler(handler) : NULL;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void acpi_ec_query_handler_release(struct kref *kref)
|
||||
|
Loading…
Reference in New Issue
Block a user