Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[PATCH] usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq()
3 views
Skip to first unread message
Alexey Khoroshilov
May 29, 2013, 5:00:01 PM5/29/13
to
r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.
The patch just moves locking before calling r8a66597_sudmac_irq().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoro...@ispras.ru>
---
drivers/usb/gadget/r8a66597-udc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/r8a66597-udc.c b/drivers/usb/gadget/r8a66597-udc.c
index 7ff7d9c..2dd213c 100644
--- a/drivers/usb/gadget/r8a66597-udc.c
+++ b/drivers/usb/gadget/r8a66597-udc.c
@@ -1469,11 +1469,11 @@ static irqreturn_t r8a66597_irq(int irq, void *_r8a66597)
u16 savepipe;
u16 mask0;
+ spin_lock(&r8a66597->lock);
+
if (r8a66597_is_sudmac(r8a66597))
r8a66597_sudmac_irq(r8a66597);
- spin_lock(&r8a66597->lock);
-
intsts0 = r8a66597_read(r8a66597, INTSTS0);
intenb0 = r8a66597_read(r8a66597, INTENB0);
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.
The patch just moves locking before calling r8a66597_sudmac_irq().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoro...@ispras.ru>
---
drivers/usb/gadget/r8a66597-udc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/r8a66597-udc.c b/drivers/usb/gadget/r8a66597-udc.c
index 7ff7d9c..2dd213c 100644
--- a/drivers/usb/gadget/r8a66597-udc.c
+++ b/drivers/usb/gadget/r8a66597-udc.c
@@ -1469,11 +1469,11 @@ static irqreturn_t r8a66597_irq(int irq, void *_r8a66597)
u16 savepipe;
u16 mask0;
+ spin_lock(&r8a66597->lock);
+
if (r8a66597_is_sudmac(r8a66597))
r8a66597_sudmac_irq(r8a66597);
- spin_lock(&r8a66597->lock);
-
intsts0 = r8a66597_read(r8a66597, INTSTS0);
intenb0 = r8a66597_read(r8a66597, INTENB0);
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Felipe Balbi
May 29, 2013, 8:00:02 PM5/29/13
to
HI,
On Thu, May 30, 2013 at 12:51:37AM +0400, Alexey Khoroshilov wrote:
> r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
> But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
> expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.
>
> The patch just moves locking before calling r8a66597_sudmac_irq().
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <khoro...@ispras.ru>
should this go to stable ? Looks like this bug has been there since
2.6.32.
--
balbi
On Thu, May 30, 2013 at 12:51:37AM +0400, Alexey Khoroshilov wrote:
> r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
> But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
> expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.
>
> The patch just moves locking before calling r8a66597_sudmac_irq().
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <khoro...@ispras.ru>
2.6.32.
--
balbi
Shimoda, Yoshihiro
May 29, 2013, 9:30:01 PM5/29/13
to
Hi,
Because non SMP CPUs have sudmac for now, this may not go to stable, I think.
Best regards,
Yoshihiro Shimoda
Best regards,
Yoshihiro Shimoda
0 new messages