As &msgq->lock is acquired under both irq context from
gp102_sec2_intr() and softirq context from gm20b_pmu_recv(),
thus irq should be disabled while acquiring that lock, otherwise
there would be potential deadlock.
gm20b_pmu_recv()
--> nvkm_falcon_msgq_recv()
--> nvkm_falcon_msgq_open()
--> spin_lock(&msgq->lock)
<interrupt>
--> gp102_sec2_intr()
--> nvkm_falcon_msgq_recv()
--> nvkm_falcon_msgq_open()
--> spin_lock(&msgq->lock)
This flaw was found by an experimental static analysis tool I am
developing for irq-related deadlock.
To prevent the potential problem, I change to spin_lock_irq() and
spin_unlock_irq() on the lock.
Signed-off-by: Chengfeng Ye <dg573847474@xxxxxxxxx>
---
drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c b/drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c
index 16b246fda666..5c3b43216ee8 100644
--- a/drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c
+++ b/drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c
@@ -25,7 +25,7 @@
static void
nvkm_falcon_msgq_open(struct nvkm_falcon_msgq *msgq)
{
- spin_lock(&msgq->lock);
+ spin_lock_irq(&msgq->lock);
msgq->position = nvkm_falcon_rd32(msgq->qmgr->falcon, msgq->tail_reg);
}
@@ -37,7 +37,7 @@ nvkm_falcon_msgq_close(struct nvkm_falcon_msgq *msgq, bool commit)
if (commit)
nvkm_falcon_wr32(falcon, msgq->tail_reg, msgq->position);
- spin_unlock(&msgq->lock);
+ spin_unlock_irq(&msgq->lock);
}
bool
--
2.17.1
