Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d53ba6b3 authored by Ian Munsie's avatar Ian Munsie Committed by Michael Ellerman
Browse files

cxl: Fix afu_read() not doing finish_wait() on signal or non-blocking 



If afu_read() returned due to a signal or the AFU file descriptor being
opened non-blocking it would not call finish_wait() before returning,
which could lead to a crash later when something else wakes up the wait
queue.

This patch restructures the wait logic to ensure that the cleanup is
done correctly.

Signed-off-by: default avatarIan Munsie <imunsie@au1.ibm.com>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
parent a9282d01

drivers/misc/cxl/file.c

+15 −5
Original line number Diff line number Diff line
@@ -273,6 +273,7 @@ static ssize_t afu_read(struct file *file, char __user *buf, size_t count, 
	struct cxl_context *ctx = file->private_data;

	struct cxl_event event;

	unsigned long flags;

	int rc;

	DEFINE_WAIT(wait);



	if (count < CXL_READ_MIN_SIZE)
@@ -285,13 +286,17 @@ static ssize_t afu_read(struct file *file, char __user *buf, size_t count, 
		if (ctx_event_pending(ctx))

			break;



		spin_unlock_irqrestore(&ctx->lock, flags);

		if (file->f_flags & O_NONBLOCK)

			return -EAGAIN;

		if (file->f_flags & O_NONBLOCK) {

			rc = -EAGAIN;

			goto out;

		}



		if (signal_pending(current))

			return -ERESTARTSYS;

		if (signal_pending(current)) {

			rc = -ERESTARTSYS;

			goto out;

		}



		spin_unlock_irqrestore(&ctx->lock, flags);

		pr_devel("afu_read going to sleep...\n");

		schedule();

		pr_devel("afu_read woken up\n");
@@ -336,6 +341,11 @@ static ssize_t afu_read(struct file *file, char __user *buf, size_t count, 
	if (copy_to_user(buf, &event, event.header.size))

		return -EFAULT;

	return event.header.size;



out:

	finish_wait(&ctx->wq, &wait);

	spin_unlock_irqrestore(&ctx->lock, flags);

	return rc;

}



static const struct file_operations afu_fops = {