tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
ioat: close potential BUG_ON race in the descriptor cleanup path
Since ioat_cleanup_preamble() and the update of the last completed
descriptor are not synchronized there is a chance that two cleanup threads
can see descriptors to clean. If the first cleans up all pending
descriptors then the second will trigger the BUG_ON.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+2
-2
+1
-1
drivers/dma/ioat/dma_v2.c
+1
-1
drivers/dma/ioat/dma_v2.c
···
158
158
seen_current = true;
159
159
}
160
160
ioat->tail += i;
161
-
BUG_ON(!seen_current); /* no active descs have written a completion? */
161
+
BUG_ON(active && !seen_current); /* no active descs have written a completion? */
162
162
163
163
chan->last_completion = phys_complete;
164
164
if (ioat->head == ioat->tail) {
+1
-1
drivers/dma/ioat/dma_v3.c
+1
-1
drivers/dma/ioat/dma_v3.c
···
293
293
}
294
294
}
295
295
ioat->tail += i;
296
-
BUG_ON(!seen_current); /* no active descs have written a completion? */
296
+
BUG_ON(active && !seen_current); /* no active descs have written a completion? */
297
297
chan->last_completion = phys_complete;
298
298
if (ioat->head == ioat->tail) {
299
299
dev_dbg(to_dev(chan), "%s: cancel completion timeout\n",