Skip to content

L
linux
Commit f37d49ad authored by Alexey Khoroshilov's avatar Alexey Khoroshilov Committed by Felipe Balbi
Browse files
Options

usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq() 

r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.

The patch just moves locking before calling r8a66597_sudmac_irq().

Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
parent a2cc81d3
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
drivers/usb/gadget/r8a66597-udc.c
View file @ f37d49ad
...@@ -1469,11 +1469,11 @@ static irqreturn_t r8a66597_irq(int irq, void *_r8a66597) ...@@ -1469,11 +1469,11 @@ static irqreturn_t r8a66597_irq(int irq, void *_r8a66597)
u16 savepipe; u16 savepipe;
u16 mask0; u16 mask0;
spin_lock(&r8a66597->lock);
if (r8a66597_is_sudmac(r8a66597)) if (r8a66597_is_sudmac(r8a66597))
r8a66597_sudmac_irq(r8a66597); r8a66597_sudmac_irq(r8a66597);
spin_lock(&r8a66597->lock);
intsts0 = r8a66597_read(r8a66597, INTSTS0); intsts0 = r8a66597_read(r8a66597, INTSTS0);
intenb0 = r8a66597_read(r8a66597, INTENB0); intenb0 = r8a66597_read(r8a66597, INTENB0);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7