As &vc->lock is acquired by the irq mtk_hsdma_irq(), other process
context code acquiring the lock should disable irq. The terminate
callback mtk_hsdma_terminate_all() acquires the same lock without
closing irq.
Possible deadlock scenario:
mtk_hsdma_free_active_desc()
-> spin_lock(&hvc->vc.lock)
<irq interrupt>
-> mtk_hsdma_irq()
-> mtk_hsdma_free_rooms_in_ring()
-> spin_lock(&hvc->vc.lock) (deadlock here)
This flaw was found using an experimental static analysis tool we are
developing for irq-related deadlock.
The tentative patch fix the potential deadlock by spin_lock_irqsave().
Signed-off-by: Chengfeng Ye <dg573847474@xxxxxxxxx>
---
drivers/dma/mediatek/mtk-hsdma.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/dma/mediatek/mtk-hsdma.c b/drivers/dma/mediatek/mtk-hsdma.c
index 69cc61c0b262..6b6773575893 100644
--- a/drivers/dma/mediatek/mtk-hsdma.c
+++ b/drivers/dma/mediatek/mtk-hsdma.c
@@ -757,18 +757,19 @@ static void mtk_hsdma_free_active_desc(struct dma_chan *c)
{
struct mtk_hsdma_vchan *hvc = to_hsdma_vchan(c);
bool sync_needed = false;
+ unsigned long flags;
/*
* Once issue_synchronize is being set, which means once the hardware
* consumes all descriptors for the channel in the ring, the
* synchronization must be notified immediately it is completed.
*/
- spin_lock(&hvc->vc.lock);
+ spin_lock_irqsave(&hvc->vc.lock, flags);
if (!list_empty(&hvc->desc_hw_processing)) {
hvc->issue_synchronize = true;
sync_needed = true;
}
- spin_unlock(&hvc->vc.lock);
+ spin_unlock_irqrestore(&hvc->vc.lock, flags);
if (sync_needed)
wait_for_completion(&hvc->issue_completion);
--
2.17.1
