At Tue, 18 Mar 2014 12:22:18 +0000, Mark Brown wrote:
On Tue, Mar 18, 2014 at 12:58:33PM +0100, Takashi Iwai wrote:
wval = kmemdup(val, val_count * val_bytes, GFP_KERNEL); if (!wval) {
ret = -ENOMEM; dev_err(map->dev, "Error in memory allocation\n");
goto out;
return -ENOMEM;
}
map->lock(map->lock_arg);
for (i = 0; i < val_count * val_bytes; i += val_bytes) map->format.parse_inplace(wval + i);
ret = _regmap_raw_write(map, reg, wval, val_bytes * val_count);
map->unlock(map->lock_arg);
If we're reducing the locking region here then we should take the lock after doing the parse_inplace() to reduce the locked region. Nothing else can be referring to the data since we only just allocated it. I'll fix that by hand and apply.
I thought of that, too, but didn't take it because covering the lock there doesn't change the fact that it's still fundamentally racy.
Please also send things to the list for the subsystem (linux-kernel if there's not a specific one).
OK, I just copied the previous recipient of the thread...
Takashi