As &sport->port.lock is acquired under irq context along the following
call chain from imx_uart_rtsint(), other acquisition of the same lock
inside process context or softirq context should disable irq avoid double
lock.
<deadlock #1>
imx_uart_dma_rx_callback()
--> spin_lock(&sport->port.lock)
<interrupt>
--> imx_uart_rtsint()
--> spin_lock(&sport->port.lock)
This flaw was found by an experimental static analysis tool I am
developing for irq-related deadlock.
To prevent the potential deadlock, the patch uses spin_lock_irqsave()
on the &sport->port.lock inside imx_uart_dma_rx_callback() to prevent
the possible deadlock scenario.
Signed-off-by: Chengfeng Ye <dg573847474@xxxxxxxxx>
---
drivers/tty/serial/imx.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c
index 13cb78340709..7bb3aa19d51c 100644
--- a/drivers/tty/serial/imx.c
+++ b/drivers/tty/serial/imx.c
@@ -1165,13 +1165,14 @@ static void imx_uart_dma_rx_callback(void *data)
unsigned int w_bytes = 0;
unsigned int r_bytes;
unsigned int bd_size;
+ unsigned long flags;
status = dmaengine_tx_status(chan, sport->rx_cookie, &state);
if (status == DMA_ERROR) {
- spin_lock(&sport->port.lock);
+ spin_lock_irqsave(&sport->port.lock, flags);
imx_uart_clear_rx_errors(sport);
- spin_unlock(&sport->port.lock);
+ spin_unlock_irqrestore(&sport->port.lock, flags);
return;
}
@@ -1200,9 +1201,9 @@ static void imx_uart_dma_rx_callback(void *data)
r_bytes = rx_ring->head - rx_ring->tail;
/* If we received something, check for 0xff flood */
- spin_lock(&sport->port.lock);
+ spin_lock_irqsave(&sport->port.lock, flags);
imx_uart_check_flood(sport, imx_uart_readl(sport, USR2));
- spin_unlock(&sport->port.lock);
+ spin_unlock_irqrestore(&sport->port.lock, flags);
if (!(sport->port.ignore_status_mask & URXD_DUMMY_READ)) {
--
2.17.1
