From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752203AbcIMLXy (ORCPT ); Tue, 13 Sep 2016 07:23:54 -0400 Received: from down.free-electrons.com ([37.187.137.238]:33831 "EHLO mail.free-electrons.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751203AbcIMLXx (ORCPT ); Tue, 13 Sep 2016 07:23:53 -0400 Date: Tue, 13 Sep 2016 13:23:48 +0200 From: Boris Brezillon To: Thomas Gleixner , Jason Cooper , Marc Zyngier Cc: Nicolas Ferre , Jean-Christophe Plagniol-Villard , Alexandre Belloni , linux-kernel@vger.kernel.org, stable@kernel.vger.org Subject: Re: [PATCH] irqchip/atmel-aic: Fix potential deadlock in ->xlate() Message-ID: <20160913132348.00518d16@bbrezillon> In-Reply-To: <1473761409-16226-1-git-send-email-boris.brezillon@free-electrons.com> References: <1473761409-16226-1-git-send-email-boris.brezillon@free-electrons.com> Organization: Free Electrons X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 13 Sep 2016 12:10:09 +0200 Boris Brezillon wrote: > aic5_irq_domain_xlate() and aic_irq_domain_xlate() take the generic chip > lock without disabling interrupts, which can lead to a deadlock if an > interrupt occurs while the lock is held in one of these functions. > > Replace irq_gc_{lock,unlock}() calls by > raw_spin_{lock_irqsave,unlock_irqrestore}() ones to prevent this bug from > happening. > > Signed-off-by: Boris Brezillon > Fixes: b1479ebb7720 ("irqchip: atmel-aic: Add atmel AIC/AIC5 drivers") > Cc: Oops, should be Cc: Do you want me to send a v2? > --- > drivers/irqchip/irq-atmel-aic.c | 5 +++-- > drivers/irqchip/irq-atmel-aic5.c | 5 +++-- > 2 files changed, 6 insertions(+), 4 deletions(-) > > diff --git a/drivers/irqchip/irq-atmel-aic.c b/drivers/irqchip/irq-atmel-aic.c > index 112e17c2768b..447a8b0f1395 100644 > --- a/drivers/irqchip/irq-atmel-aic.c > +++ b/drivers/irqchip/irq-atmel-aic.c > @@ -176,6 +176,7 @@ static int aic_irq_domain_xlate(struct irq_domain *d, > { > struct irq_domain_chip_generic *dgc = d->gc; > struct irq_chip_generic *gc; > + unsigned long flags; > unsigned smr; > int idx; > int ret; > @@ -194,11 +195,11 @@ static int aic_irq_domain_xlate(struct irq_domain *d, > > gc = dgc->gc[idx]; > > - irq_gc_lock(gc); > + raw_spin_lock_irqsave(&gc->lock, flags); > smr = irq_reg_readl(gc, AT91_AIC_SMR(*out_hwirq)); > aic_common_set_priority(intspec[2], &smr); > irq_reg_writel(gc, smr, AT91_AIC_SMR(*out_hwirq)); > - irq_gc_unlock(gc); > + raw_spin_unlock_irqrestore(&gc->lock, flags); > > return ret; > } > diff --git a/drivers/irqchip/irq-atmel-aic5.c b/drivers/irqchip/irq-atmel-aic5.c > index 4f0d068e1abe..8c024107fd03 100644 > --- a/drivers/irqchip/irq-atmel-aic5.c > +++ b/drivers/irqchip/irq-atmel-aic5.c > @@ -258,6 +258,7 @@ static int aic5_irq_domain_xlate(struct irq_domain *d, > unsigned int *out_type) > { > struct irq_chip_generic *bgc = irq_get_domain_generic_chip(d, 0); > + unsigned long flags; > unsigned smr; > int ret; > > @@ -269,12 +270,12 @@ static int aic5_irq_domain_xlate(struct irq_domain *d, > if (ret) > return ret; > > - irq_gc_lock(bgc); > + raw_spin_lock_irqsave(&bgc->lock, flags); > irq_reg_writel(bgc, *out_hwirq, AT91_AIC5_SSR); > smr = irq_reg_readl(bgc, AT91_AIC5_SMR); > aic_common_set_priority(intspec[2], &smr); > irq_reg_writel(bgc, smr, AT91_AIC5_SMR); > - irq_gc_unlock(bgc); > + raw_spin_unlock_irqrestore(&bgc->lock, flags); > > return ret; > }