greybus: protect cookie with a mutex
When a Greybus message is sent, the host driver supplies a cookie
for Greybus to use to identify the sent message in the event it
needs to be canceled. The cookie will be non-null while the message
is in flight, and a null pointer otherwise.
There are two problems with this, which arise out of the fact that a
message can be canceled at any time--even concurrent with it getting
sent (such as when Greybus is getting shut down).
First, the host driver's buffer_send method can return an error
value, which is non-null but not a valid cookie. So we need to
ensure such a bogus cookie is never used to cancel a message.
Second, we can't resolve that problem by assigning message->cookie
only after we've determined it's not an error. The instant
buffer_send() returns, the message may well be in flight and *should*
be canceled at shutdown, so we need the cookie value to reflect
that.
In order to avoid these problems, protect access to a message's
cookie value with a mutex. A spin lock can't be used because the
window that needs protecting covers code that can block. We
reset the cookie value to NULL as soon as the host driver has
notified us it has been sent (or failed to).
Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>