[PATCH] usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq()
@ 2013-05-29 20:51 Alexey Khoroshilov
  2013-05-29 23:58 ` Felipe Balbi
  0 siblings, 1 reply; 3+ messages in thread
From: Alexey Khoroshilov @ 2013-05-29 20:51 UTC (permalink / raw)
  To: Yoshihiro Shimoda, Felipe Balbi
  Cc: Alexey Khoroshilov, Greg Kroah-Hartman, linux-usb, linux-kernel,
	ldv-project

r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.

The patch just moves locking before calling r8a66597_sudmac_irq().

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/usb/gadget/r8a66597-udc.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/gadget/r8a66597-udc.c b/drivers/usb/gadget/r8a66597-udc.c
index 7ff7d9c..2dd213c 100644
--- a/drivers/usb/gadget/r8a66597-udc.c
+++ b/drivers/usb/gadget/r8a66597-udc.c
@@ -1469,11 +1469,11 @@ static irqreturn_t r8a66597_irq(int irq, void *_r8a66597)
 	u16 savepipe;
 	u16 mask0;
 
+	spin_lock(&r8a66597->lock);
+
 	if (r8a66597_is_sudmac(r8a66597))
 		r8a66597_sudmac_irq(r8a66597);
 
-	spin_lock(&r8a66597->lock);
-
 	intsts0 = r8a66597_read(r8a66597, INTSTS0);
 	intenb0 = r8a66597_read(r8a66597, INTENB0);
 
-- 
1.7.9.5


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq()
  2013-05-29 20:51 [PATCH] usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq() Alexey Khoroshilov
@ 2013-05-29 23:58 ` Felipe Balbi
  2013-05-30  1:20   ` Shimoda, Yoshihiro
  0 siblings, 1 reply; 3+ messages in thread
From: Felipe Balbi @ 2013-05-29 23:58 UTC (permalink / raw)
  To: Alexey Khoroshilov
  Cc: Yoshihiro Shimoda, Felipe Balbi, Greg Kroah-Hartman, linux-usb,
	linux-kernel, ldv-project

[-- Attachment #1: Type: text/plain, Size: 669 bytes --]

HI,

On Thu, May 30, 2013 at 12:51:37AM +0400, Alexey Khoroshilov wrote:
> r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
> But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
> expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.
> 
> The patch just moves locking before calling r8a66597_sudmac_irq().
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>

should this go to stable ? Looks like this bug has been there since
2.6.32.

-- 
balbi

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq()
  2013-05-29 23:58 ` Felipe Balbi
@ 2013-05-30  1:20   ` Shimoda, Yoshihiro
  0 siblings, 0 replies; 3+ messages in thread
From: Shimoda, Yoshihiro @ 2013-05-30  1:20 UTC (permalink / raw)
  To: balbi
  Cc: Alexey Khoroshilov, Greg Kroah-Hartman, linux-usb, linux-kernel,
	ldv-project

Hi,

(2013/05/30 8:58), Felipe Balbi wrote:
> HI,
> 
> On Thu, May 30, 2013 at 12:51:37AM +0400, Alexey Khoroshilov wrote:
>> r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
>> But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
>> expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.
>>
>> The patch just moves locking before calling r8a66597_sudmac_irq().
>>
>> Found by Linux Driver Verification project (linuxtesting.org).
>>
>> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
> 
> should this go to stable ? Looks like this bug has been there since
> 2.6.32.
> 

Because non SMP CPUs have sudmac for now, this may not go to stable, I think.

Best regards,
Yoshihiro Shimoda

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-05-30  1:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-29 20:51 [PATCH] usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq() Alexey Khoroshilov
2013-05-29 23:58 ` Felipe Balbi
2013-05-30  1:20   ` Shimoda, Yoshihiro

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox