diff options
author | Sylvain Munaut <tnt@246tNt.com> | 2011-06-04 12:24:24 +0200 |
---|---|---|
committer | Sylvain Munaut <tnt@246tNt.com> | 2011-06-25 22:29:09 +0200 |
commit | 5907bfd39ac3fe7e7b7e94e03d8d43ee99852e86 (patch) | |
tree | f1c9f9721aaf17965f48699563b6f0bb2c0801d5 /src/target/firmware/comm | |
parent | fc16cbb578c7dcacf9d6dfc45625b4233570b659 (diff) |
fw/comm/msgb: Protect allocation routine with proper locking
Credits to Andreas Eversberg for finding this bug after countless
hours of debug :)
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Diffstat (limited to 'src/target/firmware/comm')
-rw-r--r-- | src/target/firmware/comm/msgb.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/target/firmware/comm/msgb.c b/src/target/firmware/comm/msgb.c index fbf874a2..4dbc1191 100644 --- a/src/target/firmware/comm/msgb.c +++ b/src/target/firmware/comm/msgb.c @@ -22,6 +22,7 @@ #include <stdio.h> #include <string.h> #include <sys/types.h> +#include <asm/system.h> #include <debug.h> #include <delay.h> @@ -44,8 +45,11 @@ struct supermsg { static struct supermsg msgs[MSGB_NUM]; void *_talloc_zero(void *ctx, unsigned int size, const char *name) { + unsigned long flags; unsigned int i; + local_firq_save(flags); + if (size > sizeof(struct msgb) + MSGB_DATA_SIZE) goto panic; @@ -54,6 +58,7 @@ void *_talloc_zero(void *ctx, unsigned int size, const char *name) msgs[i].allocated = 1; memset(&msgs[i].msg, 0, sizeof(&msgs[i].msg)); memset(&msgs[i].buf, 0, sizeof(&msgs[i].buf)); + local_irq_restore(flags); return &msgs[i].msg; } } @@ -67,6 +72,7 @@ panic: void talloc_free(void *msg) { struct supermsg *smsg = container_of(msg, struct supermsg, msg); + /* no locking required, since this is atomic */ smsg->allocated = 0; } #endif |