WSL2-Linux-Kernel/drivers
Chuansheng Liu bd9eb7fbe6 firmware loader: Fix the concurrent request_firmware() race for kref_get/put
There is one race that both request_firmware() with the same
firmware name.

The race scenerio is as below:
CPU1                                                  CPU2
request_firmware() -->
_request_firmware_load() return err                   another request_firmware() is coming -->
_request_firmware_cleanup is called -->               _request_firmware_prepare -->
release_firmware --->                                 fw_lookup_and_allocate_buf -->
                                                      spin_lock(&fwc->lock)
...                                                   __fw_lookup_buf() return true
fw_free_buf() will be called -->                      ...
kref_put -->
decrease the refcount to 0
                                                      kref_get(&tmp->ref) ==> it will trigger warning
                                                                              due to refcount == 0
__fw_free_buf() -->
...                                                   spin_unlock(&fwc->lock)
spin_lock(&fwc->lock)
list_del(&buf->list)
spin_unlock(&fwc->lock)
kfree(buf)
                                                      After that, the freed buf will be used.

The key race is decreasing refcount to 0 and list_del is not protected together by
fwc->lock, and it is possible another thread try to get it between refcount==0
and list_del.

Fix it here to protect it together.

Acked-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: liu chuansheng <chuansheng.liu@intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-14 15:04:23 -08:00
..
accessibility
acpi ACPI video: Ignore errors after _DOD evaluation. 2012-11-03 09:52:54 +08:00
amba
ata
atm
auxdisplay
base firmware loader: Fix the concurrent request_firmware() race for kref_get/put 2012-11-14 15:04:23 -08:00
bcma bcma: fix unregistration of cores 2012-10-15 14:45:51 -04:00
block loop: Make explicit loop device destruction lazy 2012-10-30 08:37:31 +01:00
bluetooth
bus
cdrom
char sonypi: suspend/resume callbacks should be conditionally compiled on CONFIG_PM_SLEEP 2012-10-25 12:05:50 -07:00
clk
clocksource
connector
cpufreq cpufreq / powernow-k8: Change maintainer's email address 2012-10-31 21:02:57 +01:00
cpuidle ACPI idle, CPU hotplug: Fix NULL pointer dereference during hotplug 2012-10-08 22:52:54 -04:00
crypto
dca
devfreq
dio
dma Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma 2012-10-26 14:59:01 -07:00
edac amd64_edac:__amd64_set_scrub_rate(): avoid overindexing scrubrates[] 2012-10-24 16:13:27 +02:00
eisa
extcon extcon : register for cable interest by cable name 2012-10-23 16:32:18 +09:00
firewire firewire: cdev: fix user memory corruption (i386 userland on amd64 kernel) 2012-10-09 18:26:28 +02:00
firmware firmware/memmap: avoid type conflicts with the generic memmap_init() 2012-10-19 14:07:47 -07:00
gpio Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2012-11-10 21:58:34 +01:00
gpu drm/vmwgfx: Fix a case where the code would BUG when trying to pin GMR memory 2012-11-09 20:49:06 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2012-11-09 06:56:23 +01:00
hsi
hv Drivers: hv: Cleanup error handling in vmbus_open() 2012-10-24 15:46:27 -07:00
hwmon hwmon: Fix chip feature table headers 2012-11-05 21:54:40 +01:00
hwspinlock
i2c Merge branch 'i2c-embedded/for-current' of git://git.pengutronix.de/git/wsa/linux 2012-11-03 15:14:54 -07:00
ide
idle
iio iio: Remove duplicates for light/ in Kconfig and Makefile 2012-10-19 19:44:06 +01:00
infiniband Merge branches 'cxgb4' and 'mlx4' into for-next 2012-10-23 09:03:49 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2012-11-02 16:11:15 -07:00
iommu iommu/tegra: smmu: Fix deadly typo 2012-10-24 16:58:53 +02:00
irqchip
isdn isdn: Make CONFIG_ISDN depend on CONFIG_NETDEVICES 2012-11-07 18:59:26 -05:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2012-10-10 20:14:07 +09:00
lguest
macintosh
md MD RAID10: Fix oops when creating RAID10 arrays via dm-raid.c 2012-10-31 11:42:30 +11:00
media [media] Kconfig: Fix dependencies for driver autoselect options 2012-10-17 16:45:56 -03:00
memory
memstick
message
mfd
misc pwm: Changes for v3.7-rc1 2012-10-10 20:15:24 +09:00
mmc mmc: sdhci-s3c: fix the card detection in runtime-pm 2012-11-07 15:40:52 -05:00
mtd mtd: Disable mtdchar mmap on MMU systems 2012-10-09 15:08:42 +01:00
net gianfar: ethernet vanishes after restoring from hibernation 2012-11-09 17:08:36 -05:00
nfc
nubus
of of/platform: sparse fix 2012-10-17 15:53:03 -05:00
oprofile mm: use mm->exe_file instead of first VM_EXECUTABLE vma->vm_file 2012-10-09 16:22:18 +09:00
parisc
parport Xtensa patchset for 3.7 2012-10-09 16:11:46 +09:00
pci PCI/portdrv: Don't create hotplug slots unless port supports hotplug 2012-11-05 16:59:59 -07:00
pcmcia Merge branch 'testing/driver-warnings' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc into fixes 2012-10-19 15:40:18 -07:00
pinctrl pinctrl: samsung and exynos need to depend on OF && GPIOLIB 2012-11-06 10:02:14 +01:00
platform Merge branches 'fixes-for-37', 'ec' and 'thermal' into release 2012-10-09 01:47:35 -04:00
pnp
power Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-10-13 11:27:59 +09:00
pps
ps3
ptp
pwm pwm: Changes for v3.7-rc1 2012-10-10 20:15:24 +09:00
rapidio rapidio: update for destination ID allocation 2012-10-11 08:50:15 +09:00
regulator
remoteproc
rpmsg
rtc drivers/rtc/rtc-imxdi.c: add missing spin lock initialization 2012-10-25 14:37:53 -07:00
s390 s390/cio: fix length calculation in idset.c 2012-11-06 22:39:54 +01:00
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2012-11-10 21:58:34 +01:00
sfi
sh sh: Fix up more fallout from pointless ARM __iomem churn. 2012-10-15 14:08:48 +09:00
sn
spi spi: Some minor MXS fixes 2012-10-28 11:13:54 -07:00
ssb
staging Staging driver fixes for 3.7-rc3 2012-10-26 10:25:31 -07:00
target target: Fix incorrect usage of nested IRQ spinlocks in ABORT_TASK path 2012-11-01 00:38:45 -07:00
tc
thermal exynos4_tmu_driver_ids should be exynos_tmu_driver_ids. 2012-11-03 09:52:55 +08:00
tty Revert "serial: omap: fix software flow control" 2012-10-24 11:57:21 -07:00
uio mm: kill vma flag VM_RESERVED and mm->reserved_vm counter 2012-10-09 16:22:19 +09:00
usb usb: gadget: g_ether: fix frame size check for 802.1Q 2012-11-07 21:12:26 -05:00
uwb
vfio vfio: Fix PCI INTx disable consistency 2012-10-10 09:10:32 -06:00
vhost vhost: fix mergeable bufs on BE hosts 2012-10-24 23:19:30 -04:00
video Bug-fixes: 2012-11-02 13:26:11 -07:00
virt
virtio virtio: Don't access index after unregister. 2012-11-09 14:54:24 +10:30
vlynq
vme
w1
watchdog
xen Bug-fixes: 2012-11-10 06:56:21 +01:00
zorro
Kconfig
Makefile IPMI: Change link order 2012-10-16 18:07:12 -07:00