From: sashiko-bot@kernel.org
To: "William Theesfeld" <william@theesfeld.net>
Cc: linux-watchdog@vger.kernel.org
Subject: Re: [PATCH v2 1/6] watchdog: starfive: balance PM refcount when start operation fails
Date: Fri, 05 Jun 2026 13:23:22 +0000 [thread overview]
Message-ID: <20260605132323.4EF1F1F00893@smtp.kernel.org> (raw)
In-Reply-To: <ea696db2019b0548b3956fbb84104b12eacc94eb.1780664848.git.william@theesfeld.net>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [High] Hardware registers are accessed in `set_timeout` and `get_timeleft` callbacks without ensuring the device is runtime-resumed.
--
commit 634df4af4e48b2df41f8b9f5b5a99c2ef88e4d38
Author: William Theesfeld <william@theesfeld.net>
watchdog: starfive: balance PM refcount when start operation fails
This commit fixes a PM runtime usage counter leak in starfive_wdt_pm_start()
by calling pm_runtime_put_sync() if starfive_wdt_start() fails. It also
updates the resume call to use pm_runtime_resume_and_get().
> diff --git a/drivers/watchdog/starfive-wdt.c b/drivers/watchdog/starfive-wdt.c
> index af55adc4a3c69..ed8c5711a3853 100644
> --- a/drivers/watchdog/starfive-wdt.c
> +++ b/drivers/watchdog/starfive-wdt.c
> @@ -371,12 +371,16 @@ static void starfive_wdt_stop(struct starfive_wdt *wdt)
> static int starfive_wdt_pm_start(struct watchdog_device *wdd)
> {
> struct starfive_wdt *wdt = watchdog_get_drvdata(wdd);
> - int ret = pm_runtime_get_sync(wdd->parent);
> + int ret = pm_runtime_resume_and_get(wdd->parent);
>
> if (ret < 0)
> return ret;
>
> - return starfive_wdt_start(wdt);
> + ret = starfive_wdt_start(wdt);
> + if (ret)
> + pm_runtime_put_sync(wdd->parent);
> +
> + return ret;
> }
[Severity: High]
This isn't a bug introduced by this patch, but since we are modifying PM
runtime handling in this driver, does the driver safely handle hardware
register accesses when the watchdog is inactive?
The watchdog framework allows ioctls like WDIOC_SETTIMEOUT and
WDIOC_GETTIMELEFT to be called even when the watchdog is stopped. In the
inactive state, the PM runtime usage counter drops to 0, which suspends the
device and gates its APB and core clocks.
In drivers/watchdog/starfive-wdt.c:starfive_wdt_set_timeout():
starfive_wdt_unlock(wdt);
starfive_wdt_disable(wdt);
starfive_wdt_set_reload_count(wdt, wdt->count);
starfive_wdt_enable(wdt);
starfive_wdt_lock(wdt);
And in drivers/watchdog/starfive-wdt.c:starfive_wdt_get_timeleft():
count = starfive_wdt_get_count(wdt);
if (wdt->variant->double_timeout && !starfive_wdt_raise_irq_status(wdt))
count += wdt->count;
Since these functions directly access MMIO registers without ensuring the
clocks are active via pm_runtime_resume_and_get(), could these unclocked
bus accesses trigger a bus fault or panic if called by userspace while the
watchdog is inactive?
--
Sashiko AI review · https://sashiko.dev/#/patchset/cover.1780664848.git.william@theesfeld.net?part=1
next prev parent reply other threads:[~2026-06-05 13:23 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-05 12:23 [PATCH] watchdog: starfive: use pm_runtime_resume_and_get() to fix refcount leak William Theesfeld
2026-06-05 12:35 ` sashiko-bot
2026-06-05 13:11 ` [PATCH v2 0/6] watchdog: starfive: runtime PM cleanup William Theesfeld
2026-06-05 13:11 ` [PATCH v2 1/6] watchdog: starfive: balance PM refcount when start operation fails William Theesfeld
2026-06-05 13:23 ` sashiko-bot [this message]
2026-06-05 13:11 ` [PATCH v2 2/6] watchdog: starfive: treat pm_runtime_put_sync() positive return as success William Theesfeld
2026-06-05 13:26 ` sashiko-bot
2026-06-05 13:11 ` [PATCH v2 3/6] watchdog: starfive: balance PM refcount and disable in probe error paths William Theesfeld
2026-06-05 13:24 ` sashiko-bot
2026-06-05 13:11 ` [PATCH v2 4/6] watchdog: starfive: guard system suspend/resume hardware access William Theesfeld
2026-06-05 13:27 ` sashiko-bot
2026-06-05 13:11 ` [PATCH v2 5/6] watchdog: starfive: avoid PM refcount underflow in shutdown William Theesfeld
2026-06-05 13:29 ` sashiko-bot
2026-06-05 13:11 ` [PATCH v2 6/6] watchdog: starfive: release early_enable PM refcount on remove William Theesfeld
2026-06-05 13:33 ` sashiko-bot
2026-06-05 17:19 ` [PATCH v3 0/6] watchdog: starfive: runtime PM cleanup William Theesfeld
2026-06-05 17:19 ` [PATCH v3 1/6] watchdog: starfive: balance PM refcount when start operation fails William Theesfeld
2026-06-05 17:19 ` [PATCH v3 2/6] watchdog: starfive: treat pm_runtime_put_sync() positive return as success William Theesfeld
2026-06-05 17:19 ` [PATCH v3 3/6] watchdog: starfive: balance PM refcount and disable in probe error paths William Theesfeld
2026-06-05 17:19 ` [PATCH v3 4/6] watchdog: starfive: guard system suspend/resume hardware access William Theesfeld
2026-06-05 17:19 ` [PATCH v3 5/6] watchdog: starfive: avoid PM refcount underflow in shutdown William Theesfeld
2026-06-05 17:19 ` [PATCH v3 6/6] watchdog: starfive: release early_enable PM refcount on remove William Theesfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260605132323.4EF1F1F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-watchdog@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=william@theesfeld.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.