[char-misc-next] mei: remove support for broken parallel read

From: Tomas Winkler
Date: Tue Feb 07 2017 - 17:41:46 EST

Next message: Christoph Hellwig: "Re: [PATCH 1/5] target: Don't BUG_ON during NodeACL dynamic -> explicit conversion"
Previous message: Andy Shevchenko: "Re: [PATCH 1/7] serial: exar: Fix mapping of port I/O resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander Usyskin <alexander.usyskin@xxxxxxxxx>

Parallel reads from multiple threads on a file descriptor
are not well defined and racy. It is safer to return to original
behavior and simply fail the additional read.
The solution is to remove request for next read credit.

Cc: <stable@xxxxxxxxxxxxxxx> #4.9
Fixes: ff1586a7ea57 ("mei: enqueue consecutive reads")
Signed-off-by: Alexander Usyskin <alexander.usyskin@xxxxxxxxx>
Signed-off-by: Tomas Winkler <tomas.winkler@xxxxxxxxx>
---
drivers/misc/mei/main.c | 48 ++++++++++++++++++++++++++----------------------
1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c
index e1bf54481fd6..9d0b7050c79a 100644
--- a/drivers/misc/mei/main.c
+++ b/drivers/misc/mei/main.c
@@ -182,32 +182,36 @@ static ssize_t mei_read(struct file *file, char __user *ubuf,
goto out;
}

- if (rets == -EBUSY &&
- !mei_cl_enqueue_ctrl_wr_cb(cl, length, MEI_FOP_READ, file)) {
- rets = -ENOMEM;
- goto out;
- }

- do {
- mutex_unlock(&dev->device_lock);
-
- if (wait_event_interruptible(cl->rx_wait,
- (!list_empty(&cl->rd_completed)) ||
- (!mei_cl_is_connected(cl)))) {
+again:
+ mutex_unlock(&dev->device_lock);
+ if (wait_event_interruptible(cl->rx_wait,
+ !list_empty(&cl->rd_completed) ||
+ !mei_cl_is_connected(cl))) {
+ if (signal_pending(current))
+ return -EINTR;
+ return -ERESTARTSYS;
+ }
+ mutex_lock(&dev->device_lock);

- if (signal_pending(current))
- return -EINTR;
- return -ERESTARTSYS;
- }
+ if (!mei_cl_is_connected(cl)) {
+ rets = -ENODEV;
+ goto out;
+ }

- mutex_lock(&dev->device_lock);
- if (!mei_cl_is_connected(cl)) {
- rets = -ENODEV;
- goto out;
- }
+ cb = mei_cl_read_cb(cl, file);
+ if (!cb) {
+ /*
+ * For amthif all the waiters are woken up,
+ * but only fp with matching cb->fp get the cb,
+ * the others have to return to wait on read.
+ */
+ if (cl == &dev->iamthif_cl)
+ goto again;

- cb = mei_cl_read_cb(cl, file);
- } while (!cb);
+ rets = 0;
+ goto out;
+ }

copy_buffer:
/* now copy the data to user space */
--
2.7.4

Next message: Christoph Hellwig: "Re: [PATCH 1/5] target: Don't BUG_ON during NodeACL dynamic -> explicit conversion"
Previous message: Andy Shevchenko: "Re: [PATCH 1/7] serial: exar: Fix mapping of port I/O resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]