Commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations") changes the holding of the per-connection mutex to be less restrictive because at the time of that commit per-connection mutexes were encapsulated by a per-driver level gb_dev.mutex. Commit 8e1d6c336d74 ("greybus: loopback: drop bus aggregate calculation") on the other hand subtracts the driver level gb_dev.mutex but neglects to move the mutex back to the place it was prior to commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations"), as a result several members of the per connection struct gb_loopback are racy. The solution is restoring the old location of mutex_unlock(&gb->mutex) as it was in commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations"). Fixes: 8e1d6c336d74 ("greybus: loopback: drop bus aggregate calculation") Signed-off-by: Bryan O'Donoghue <pure.logic@xxxxxxxxxxxxxxxxx> Cc: Johan Hovold <johan@xxxxxxxxxx> Cc: Alex Elder <elder@xxxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Mitch Tasman <tasman@xxxxxxxxxxxx> Cc: greybus-dev@xxxxxxxxxxxxxxxx Cc: devel@xxxxxxxxxxxxxxxxxxxx Cc: linux-kernel@xxxxxxxxxxxxxx --- drivers/staging/greybus/loopback.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/staging/greybus/loopback.c b/drivers/staging/greybus/loopback.c index 3d92638..20d1b45 100644 --- a/drivers/staging/greybus/loopback.c +++ b/drivers/staging/greybus/loopback.c @@ -605,7 +605,6 @@ static int gb_loopback_async_operation(struct gb_loopback *gb, int type, op_async->ts = ktime_get(); op_async->pending = true; atomic_inc(&gb->outstanding_operations); - mutex_lock(&gb->mutex); ret = gb_operation_request_send(operation, gb_loopback_async_operation_callback, 0, @@ -622,7 +621,6 @@ static int gb_loopback_async_operation(struct gb_loopback *gb, int type, error: gb_loopback_async_operation_put(op_async); done: - mutex_unlock(&gb->mutex); return ret; } @@ -1013,7 +1011,6 @@ static int gb_loopback_fn(void *data) type = gb->type; if (ktime_to_ns(gb->ts) == 0) gb->ts = ktime_get(); - mutex_unlock(&gb->mutex); /* Else operations to perform */ if (gb->async) { @@ -1041,6 +1038,7 @@ static int gb_loopback_fn(void *data) gb_loopback_calculate_stats(gb, !!error); } gb->send_count++; + mutex_unlock(&gb->mutex); if (us_wait) { if (us_wait < 20000) -- 2.7.4 _______________________________________________ greybus-dev mailing list greybus-dev@xxxxxxxxxxxxxxxx https://lists.linaro.org/mailman/listinfo/greybus-dev