mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-27 03:47:43 +00:00
91539eb1fd
The static bug finder EBA (http://www.iagoabal.eu/eba/) reported the following double-lock bug: Double lock: 1. spin_lock_irqsave(pch->lock, flags) at pl330_free_chan_resources:2236; 2. call to function `pl330_release_channel' immediately after; 3. call to function `dma_pl330_rqcb' in line 1753; 4. spin_lock_irqsave(pch->lock, flags) at dma_pl330_rqcb:1505. I have fixed it as suggested by Marek Szyprowski. First, I have replaced `pch->lock' with `pl330->lock' in functions `pl330_alloc_chan_resources' and `pl330_free_chan_resources'. This avoids the double-lock by acquiring a different lock than `dma_pl330_rqcb'. NOTE that, as a result, `pl330_free_chan_resources' executes `list_splice_tail_init' on `pch->work_list' under lock `pl330->lock', whereas in the rest of the code `pch->work_list' is protected by `pch->lock'. I don't know if this may cause race conditions. Similarly `pch->cyclic' is written by `pl330_alloc_chan_resources' under `pl330->lock' but read by `pl330_tx_submit' under `pch->lock'. Second, I have removed locking from `pl330_request_channel' and `pl330_release_channel' functions. Function `pl330_request_channel' is only called from `pl330_alloc_chan_resources', so the lock is already held. Function `pl330_release_channel' is called from `pl330_free_chan_resources', which already holds the lock, and from `pl330_del'. Function `pl330_del' is called in an error path of `pl330_probe' and at the end of `pl330_remove', but I assume that there cannot be concurrent accesses to the protected data at those points. Signed-off-by: Iago Abal <mail@iagoabal.eu> Reviewed-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Vinod Koul <vinod.koul@intel.com> |
||
|---|---|---|
| .. | ||
| bestcomm | ||
| dw | ||
| hsu | ||
| ioat | ||
| ipu | ||
| ppc4xx | ||
| qcom | ||
| sh | ||
| xilinx | ||
| acpi-dma.c | ||
| amba-pl08x.c | ||
| at_hdmac_regs.h | ||
| at_hdmac.c | ||
| at_xdmac.c | ||
| bcm2835-dma.c | ||
| coh901318_lli.c | ||
| coh901318.c | ||
| coh901318.h | ||
| cppi41.c | ||
| dma-axi-dmac.c | ||
| dma-jz4740.c | ||
| dma-jz4780.c | ||
| dmaengine.c | ||
| dmaengine.h | ||
| dmatest.c | ||
| edma.c | ||
| ep93xx_dma.c | ||
| fsl_raid.c | ||
| fsl_raid.h | ||
| fsl-edma.c | ||
| fsldma.c | ||
| fsldma.h | ||
| idma64.c | ||
| idma64.h | ||
| img-mdc-dma.c | ||
| imx-dma.c | ||
| imx-sdma.c | ||
| iop-adma.c | ||
| k3dma.c | ||
| Kconfig | ||
| lpc18xx-dmamux.c | ||
| Makefile | ||
| mic_x100_dma.c | ||
| mic_x100_dma.h | ||
| mmp_pdma.c | ||
| mmp_tdma.c | ||
| moxart-dma.c | ||
| mpc512x_dma.c | ||
| mv_xor_v2.c | ||
| mv_xor.c | ||
| mv_xor.h | ||
| mxs-dma.c | ||
| nbpfaxi.c | ||
| of-dma.c | ||
| omap-dma.c | ||
| pch_dma.c | ||
| pl330.c | ||
| pxa_dma.c | ||
| s3c24xx-dma.c | ||
| sa11x0-dma.c | ||
| sirf-dma.c | ||
| st_fdma.c | ||
| st_fdma.h | ||
| ste_dma40_ll.c | ||
| ste_dma40_ll.h | ||
| ste_dma40.c | ||
| stm32-dma.c | ||
| sun4i-dma.c | ||
| sun6i-dma.c | ||
| tegra20-apb-dma.c | ||
| tegra210-adma.c | ||
| ti-dma-crossbar.c | ||
| timb_dma.c | ||
| TODO | ||
| txx9dmac.c | ||
| txx9dmac.h | ||
| virt-dma.c | ||
| virt-dma.h | ||
| xgene-dma.c | ||
| zx296702_dma.c | ||