[PATCH linux dev-4.10] drivers: occ: Fix bad list access
Milton Miller II
miltonm at us.ibm.com
Wed Aug 23 09:38:28 AEST 2017
On 08/22/2017 about 05:00PM in some time zone, Eddie James wrote:
>list_first_entry() doesn't return NULL if the list is empty...
>
>Signed-off-by: Edward A. James <eajames at us.ibm.com>
Reviewed-by: Milton Miller <miltonm at us.ibm.com>
>---
> drivers/fsi/occ.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/fsi/occ.c b/drivers/fsi/occ.c
>index d984e51..621fbf0 100644
>--- a/drivers/fsi/occ.c
>+++ b/drivers/fsi/occ.c
>@@ -572,7 +572,7 @@ static void occ_worker(struct work_struct *work)
> again:
> spin_lock_irq(&occ->list_lock);
>
>- xfr = list_first_entry(&occ->xfrs, struct occ_xfr, link);
>+ xfr = list_first_entry_or_null(&occ->xfrs, struct occ_xfr, link);
> if (!xfr) {
> spin_unlock_irq(&occ->list_lock);
> return;
Its a bit unusual that the entry is left on the list while the work
is being performed, requiring the list lock to be acquired at the
end. But I don't see anything wrong with the locking and mutexes
(assuming that lockdep would have complained about client lock
nesting inside occ lock).
Without this fix, if there is an underflow the data around the list
head will be interpreted as a workqueue request.
milton
More information about the openbmc
mailing list