Re: [PATCH 07/11] ASoC: fsl_xcvr: Use guard() for spin locks

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] The work struct `xcvr->work_rst` can be re-scheduled by the IRQ handler after it is cancelled in `fsl_xcvr_remove()`, leading to a Use-After-Free.
--

commit cd76e5a17f7950836eed0759c4053e72e241e545
Author: bui duc phuc <phucduc.bui@gmail.com>

ASoC: fsl_xcvr: Use guard() for spin locks
    
Clean up the code using guard() for spin locks. Merely code refactoring,
and no behavior change.

> diff --git a/sound/soc/fsl/fsl_xcvr.c b/sound/soc/fsl/fsl_xcvr.c
> index 6677d3bf36ec2..41d100500534f 100644
> --- a/sound/soc/fsl/fsl_xcvr.c
> +++ b/sound/soc/fsl/fsl_xcvr.c

[ ... ]

> @@ -1448,11 +1445,10 @@ static void reset_rx_work(struct work_struct *work)

[Severity: High]
This is a pre-existing issue, but could this work struct be rescheduled by an
interrupt after it has been cancelled during removal, leading to a
use-after-free?

In fsl_xcvr_remove(), the driver calls cancel_work_sync(&xcvr->work_rst),
but hardware interrupts are not explicitly disabled before devres cleans
up. Because irq0_isr() was registered with devm_request_irq(), the interrupt
handler remains active after fsl_xcvr_remove() returns.

If an interrupt fires in this window, irq0_isr() can call:

    if (isr & (FSL_XCVR_IRQ_PREAMBLE_MISMATCH |
               ...)) {
        schedule_work(&xcvr->work_rst);
    }

This queues reset_rx_work() on a device structure (xcvr) that devres will soon
free, resulting in a use-after-free when the work queue executes.

>  {
>  	struct fsl_xcvr *xcvr = container_of(work, struct fsl_xcvr, work_rst);
>  	struct device *dev = &xcvr->pdev->dev;
> -	unsigned long lock_flags;
>  	u32 ext_ctrl;
>  
>  	dev_dbg(dev, "reset rx path\n");
> -	spin_lock_irqsave(&xcvr->lock, lock_flags);
> +	guard(spinlock_irqsave)(&xcvr->lock);
>  	regmap_read(xcvr->regmap, FSL_XCVR_EXT_CTRL, &ext_ctrl);

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260612132639.78086-1-phucduc.bui@gmail.com?part=7