msm: Fix race condition in domain lookup During lookup of domains we take a pointer to the root node of the rb tree before taking the mutex to protect the rb tree. However, the rb root node might change if another process updates the rb tree after we take the pointer to the root node. This can cause us to not find the entry that we are looking for. Fix this by ensuring we have taken the mutex before getting the root node pointer. CRs-fixed: 493503 Change-Id: I4702740e486fda0cd92df0401d8e4706598a899b Signed-off-by: Olav Haugan <ohaugan@codeaurora.org> Signed-off-by: Sridhar Gujje <sgujje@codeaurora.org>

commit: 992d27b12f0ba2b9a5e4a8d79176faa99f064b84 [log] [tgz]
author: Olav Haugan <ohaugan@codeaurora.org> Wed Jun 05 14:13:40 2013 -0700
committer: Sridhar Gujje <sgujje@codeaurora.org> Fri Jul 05 17:18:36 2013 +0530
tree: 5e791f9a60b87a99765948703e724bddca026686
parent: 7fafc1ba86a2e103369f5d731af8c01b544dfd0e [diff] [blame]
diff --git a/arch/arm/mach-msm/iommu_domains.c b/arch/arm/mach-msm/iommu_domains.c
index 6053be3..7b35148 100644
--- a/arch/arm/mach-msm/iommu_domains.c
+++ b/arch/arm/mach-msm/iommu_domains.c

@@ -207,10 +207,10 @@
 static struct msm_iova_data *find_domain(int domain_num)
 {
 	struct rb_root *root = &domain_root;
-	struct rb_node *p = root->rb_node;
+	struct rb_node *p;
 
 	mutex_lock(&domain_mutex);
-
+	p = root->rb_node;
 	while (p) {
 		struct msm_iova_data *node;
commit	992d27b12f0ba2b9a5e4a8d79176faa99f064b84	[log] [tgz]
author	Olav Haugan <ohaugan@codeaurora.org>	Wed Jun 05 14:13:40 2013 -0700
committer	Sridhar Gujje <sgujje@codeaurora.org>	Fri Jul 05 17:18:36 2013 +0530
tree	5e791f9a60b87a99765948703e724bddca026686
parent	7fafc1ba86a2e103369f5d731af8c01b544dfd0e [diff] [blame]