Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
firewire: fully initialize fw_transaction before marking it pending
In theory, card->flush_timer could already access a transaction between
fw_send_request()'s spin_unlock_irqrestore and the rest of what happens
in fw_send_request(). This would happen if the process which sends the
request is preempted and put to sleep right after spin_unlock_irqrestore
for longer than 100ms.
Therefore we fill in everything in struct fw_transaction at which the
flush_timer might look at before we lift the lock.
To do: Ensure that the timer does not pick up the transaction before
the time of the AT request event plus split transaction timeout.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
+4
-5
drivers/firewire/fw-transaction.c
+4
-5
drivers/firewire/fw-transaction.c
···
279
279
card->current_tlabel = (card->current_tlabel + 1) & 0x1f;
280
280
card->tlabel_mask |= (1 << tlabel);
281
281
282
-
list_add_tail(&t->link, &card->transaction_list);
283
-
284
-
spin_unlock_irqrestore(&card->lock, flags);
285
-
286
-
/* Initialize rest of transaction, fill out packet and send it. */
287
282
t->node_id = node_id;
288
283
t->tlabel = tlabel;
289
284
t->callback = callback;
···
288
293
node_id, source, generation,
289
294
speed, offset, payload, length);
290
295
t->packet.callback = transmit_complete_callback;
296
+
297
+
list_add_tail(&t->link, &card->transaction_list);
298
+
299
+
spin_unlock_irqrestore(&card->lock, flags);
291
300
292
301
card->driver->send_request(card, &t->packet);
293
302
}