linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* bus/mhi/core: Double lock in mhi_device_put() and dev_wake inc/dec
@ 2020-09-17 23:16 Shuah Khan
  2020-09-19  2:34 ` bbhatt
  0 siblings, 1 reply; 2+ messages in thread
From: Shuah Khan @ 2020-09-17 23:16 UTC (permalink / raw)
  To: manivannan.sadhasivam, hemantk
  Cc: Greg Kroah-Hartman, jhugo, sdias, bbhatt, linux-arm-msm,
	Linux Kernel Mailing List, Shuah Khan

While looking at this file for an unrelated issue, I happen to notice
there is a double locking on mhi_cntrl->pm_lock in the mhi_device_put()
when it gets called from mhi_driver_remove()

The other two calls from mhi_driver_probe() don't hold the pm_lock.

In addition, lock holding while dev_wake updates is inconsistent.

dev_wake gets incremented and decremented without holding pm_lock in
mhi_device_get(), mhi_device_get_sync() and mhi_device_put().

Exception are when mhi_device_put() is called from mhi_driver_remove().

The following commit is where all this code is added.

bus: mhi: core: Add support for data transfer
https://github.com/torvalds/linux/commit/189ff97cca53e3fe2d8b38d64105040ce17fc62d

It appears to be real problem. I don't have a way to test this driver,
hence reaching out to let you know about my findings.

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: bus/mhi/core: Double lock in mhi_device_put() and dev_wake inc/dec
  2020-09-17 23:16 bus/mhi/core: Double lock in mhi_device_put() and dev_wake inc/dec Shuah Khan
@ 2020-09-19  2:34 ` bbhatt
  0 siblings, 0 replies; 2+ messages in thread
From: bbhatt @ 2020-09-19  2:34 UTC (permalink / raw)
  To: Shuah Khan
  Cc: manivannan.sadhasivam, hemantk, Greg Kroah-Hartman, jhugo, sdias,
	linux-arm-msm, Linux Kernel Mailing List

On 2020-09-17 16:16, Shuah Khan wrote:
> While looking at this file for an unrelated issue, I happen to notice
> there is a double locking on mhi_cntrl->pm_lock in the mhi_device_put()
> when it gets called from mhi_driver_remove()
> 
> The other two calls from mhi_driver_probe() don't hold the pm_lock.
> 
> In addition, lock holding while dev_wake updates is inconsistent.
> 
> dev_wake gets incremented and decremented without holding pm_lock in
> mhi_device_get(), mhi_device_get_sync() and mhi_device_put().
> 
> Exception are when mhi_device_put() is called from mhi_driver_remove().
> 
> The following commit is where all this code is added.
> 
> bus: mhi: core: Add support for data transfer
> https://github.com/torvalds/linux/commit/189ff97cca53e3fe2d8b38d64105040ce17fc62d
> 
> It appears to be real problem. I don't have a way to test this driver,
> hence reaching out to let you know about my findings.
> 
> thanks,
> -- Shuah
Thank you for inputs.

Hemant and I discussed this and we agree that there are inconsistencies 
we need to fix.

We will be uploading a patch to remove the read_lock_bh/read_unlock_bh 
calls from the
mhi_driver_remove().

Thanks,
Bhaumik
'The Qualcomm Innovation Center, Inc. is a member of the Code Aurora 
Forum, a Linux Foundation Collaborative Project'

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-19  2:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-17 23:16 bus/mhi/core: Double lock in mhi_device_put() and dev_wake inc/dec Shuah Khan
2020-09-19  2:34 ` bbhatt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).