* [bug] Fixing mutex_lock() under held spinlock
@ 2010-07-29 13:22 Vasiliy Kulikov
2010-07-29 13:34 ` Arnd Bergmann
0 siblings, 1 reply; 2+ messages in thread
From: Vasiliy Kulikov @ 2010-07-29 13:22 UTC (permalink / raw)
To: Artem Bityutskiy, David Woodhouse, Nicolas Pitre,
Hans-Christian Egtvedt, Jiri Slaby, Stefani Seibold, Tejun Heo,
linux-kernel
Cc: kernel-janitors
Hi,
I've found that cfi_cmdset and lpddr_cmds call mutex_lock() under held
spinlock(). Maybe it was designed as a special locking scheme, so I
don't try to fix it as I might create new complex locking problem.
--- ./drivers/mtd/chips/cfi_cmdset_0001.c 2010-07-06 16:45:43.000000000 +0400
+++ /tmp/cocci-output-8818-2d9c62-cfi_cmdset_0001.c 2010-07-29 16:30:47.000000000 +0400
@@ -959,14 +959,12 @@ static void put_chip(struct map_info *ma
if (chip->priv) {
struct flchip_shared *shared = chip->priv;
- spin_lock(&shared->lock);
if (shared->writing == chip && chip->oldstate == FL_READY) {
/* We own the ability to write, but we're done */
shared->writing = shared->erasing;
if (shared->writing && shared->writing != chip) {
/* give back ownership to who we loaned it from */
struct flchip *loaner = shared->writing;
- mutex_lock(&loaner->mutex);
spin_unlock(&shared->lock);
mutex_unlock(&chip->mutex);
put_chip(map, loaner, loaner->start);
--- ./drivers/mtd/lpddr/lpddr_cmds.c 2010-07-06 16:45:43.000000000 +0400
+++ /tmp/cocci-output-8953-56b3dd-lpddr_cmds.c 2010-07-29 16:30:57.000000000 +0400
@@ -348,14 +348,12 @@ static void put_chip(struct map_info *ma
{
if (chip->priv) {
struct flchip_shared *shared = chip->priv;
- spin_lock(&shared->lock);
if (shared->writing == chip && chip->oldstate == FL_READY) {
/* We own the ability to write, but we're done */
shared->writing = shared->erasing;
if (shared->writing && shared->writing != chip) {
/* give back the ownership */
struct flchip *loaner = shared->writing;
- mutex_lock(&loaner->mutex);
spin_unlock(&shared->lock);
mutex_unlock(&chip->mutex);
put_chip(map, loaner);
thanks,
Vasiliy
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bug] Fixing mutex_lock() under held spinlock
2010-07-29 13:22 [bug] Fixing mutex_lock() under held spinlock Vasiliy Kulikov
@ 2010-07-29 13:34 ` Arnd Bergmann
0 siblings, 0 replies; 2+ messages in thread
From: Arnd Bergmann @ 2010-07-29 13:34 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: Artem Bityutskiy, David Woodhouse, Nicolas Pitre,
Hans-Christian Egtvedt, Jiri Slaby, Stefani Seibold, Tejun Heo,
linux-kernel, kernel-janitors
On Thursday 29 July 2010, Vasiliy Kulikov wrote:
> I've found that cfi_cmdset and lpddr_cmds call mutex_lock() under held
> spinlock(). Maybe it was designed as a special locking scheme, so I
> don't try to fix it as I might create new complex locking problem.
No, it certainly looks like a bug and it seems to have been introduced by
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-03/msg02798.html
Back in March, Stefani wrote:
| I have analyzed this drivers and IMHO i don't think there will be used
| from irq or atomic contexts. There is no request interrupt and there are
| a lot msleep and add_wait_queues/schedule calls during holding the
| mutex, which are not very useful in a irq or atomic context. But i don't
| know the whole mtd stack.
It seems you have missed at least two places. It should be possible to
fix this by turning shared->lock into a mutex as well.
Arnd
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-07-29 13:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-29 13:22 [bug] Fixing mutex_lock() under held spinlock Vasiliy Kulikov
2010-07-29 13:34 ` Arnd Bergmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox