Hello Stefan Wahren,
The patch d1eab9dec610: "staging: vchiq_core: Bail out in case of
invalid tx_pos" from May 26, 2017, leads to the following static
checker warning:
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c:617 reserve_space()
warn: inconsistent returns 'state->slot_available_event'.
Locked on : 605
Unlocked on: 600
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
581 /* If necessary, get the next slot. */
582 if ((tx_pos & VCHIQ_SLOT_MASK) == 0) {
583 int slot_index;
584
585 /* If there is no free slot... */
586
587 if (down_trylock(&state->slot_available_event) != 0) {
588 /* ...wait for one. */
589
590 VCHIQ_STATS_INC(state, slot_stalls);
591
592 /* But first, flush through the last slot. */
593 state->local_tx_pos = tx_pos;
594 local->tx_pos = tx_pos;
595 remote_event_signal(&state->remote->trigger);
596
597 if (!is_blocking ||
598 (down_interruptible(
599 &state->slot_available_event) != 0))
600 return NULL; /* No space available */
^^^^^^^^^^^
We're not holding the locks here when we return NULL
601 }
602
603 if (tx_pos == (state->slot_queue_available * VCHIQ_SLOT_SIZE)) {
604 pr_warn("%s: invalid tx_pos: %d\n", __func__, tx_pos);
605 return NULL;
^^^^^^^^^^^
so we should probably drop the lock before this return
606 }
607
608 slot_index = local->slot_queue[
609 SLOT_QUEUE_INDEX_FROM_POS(tx_pos) &
610 VCHIQ_SLOT_QUEUE_MASK];
611 state->tx_data =
612 (char *)SLOT_DATA_FROM_INDEX(state, slot_index);
613 }
614
615 state->local_tx_pos = tx_pos + space;
616
617 return (VCHIQ_HEADER_T *)(state->tx_data + (tx_pos & VCHIQ_SLOT_MASK));
618 }
regards,
dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
