This is a note to let you know that I've just added the patch titled
dmaengine: at_hdmac: Fix concurrency over the active list
to the 6.0-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
dmaengine-at_hdmac-fix-concurrency-over-the-active-list.patch
and it can be found in the queue-6.0 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 03ed9ba357cc78116164b90b87f45eacab60b561 Mon Sep 17 00:00:00 2001
From: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
Date: Tue, 25 Oct 2022 12:02:44 +0300
Subject: dmaengine: at_hdmac: Fix concurrency over the active list
From: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
commit 03ed9ba357cc78116164b90b87f45eacab60b561 upstream.
The tasklet (atc_advance_work()) did not held the channel lock when
retrieving the first active descriptor, causing concurrency problems if
issue_pending() was called in between. If issue_pending() was called
exactly after the lock was released in the tasklet (atc_advance_work()),
atc_chain_complete() could complete a descriptor for which the controller
has not yet raised an interrupt.
Fixes: dc78baa2b90b ("dmaengine: at_hdmac: new driver for the Atmel AHB DMA Controller")
Reported-by: Peter Rosin <peda@xxxxxxxxxx>
Signed-off-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Link: https://lore.kernel.org/lkml/13c6c9a2-6db5-c3bf-349b-4c127ad3496a@xxxxxxxxxx/
Acked-by: Nicolas Ferre <nicolas.ferre@xxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20221025090306.297886-1-tudor.ambarus@xxxxxxxxxxxxx
Link: https://lore.kernel.org/r/20221025090306.297886-11-tudor.ambarus@xxxxxxxxxxxxx
Signed-off-by: Vinod Koul <vkoul@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/dma/at_hdmac.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/dma/at_hdmac.c
+++ b/drivers/dma/at_hdmac.c
@@ -462,8 +462,6 @@ atc_chain_complete(struct at_dma_chan *a
if (!atc_chan_is_cyclic(atchan))
dma_cookie_complete(txd);
- /* Remove transfer node from the active list. */
- list_del_init(&desc->desc_node);
spin_unlock_irqrestore(&atchan->lock, flags);
dma_descriptor_unmap(txd);
@@ -495,6 +493,7 @@ atc_chain_complete(struct at_dma_chan *a
*/
static void atc_advance_work(struct at_dma_chan *atchan)
{
+ struct at_desc *desc;
unsigned long flags;
dev_vdbg(chan2dev(&atchan->chan_common), "advance_work\n");
@@ -502,9 +501,12 @@ static void atc_advance_work(struct at_d
spin_lock_irqsave(&atchan->lock, flags);
if (atc_chan_is_enabled(atchan) || list_empty(&atchan->active_list))
return spin_unlock_irqrestore(&atchan->lock, flags);
- spin_unlock_irqrestore(&atchan->lock, flags);
- atc_chain_complete(atchan, atc_first_active(atchan));
+ desc = atc_first_active(atchan);
+ /* Remove the transfer node from the active list. */
+ list_del_init(&desc->desc_node);
+ spin_unlock_irqrestore(&atchan->lock, flags);
+ atc_chain_complete(atchan, desc);
/* advance work */
spin_lock_irqsave(&atchan->lock, flags);
Patches currently in stable-queue which might be from tudor.ambarus@xxxxxxxxxxxxx are
queue-6.0/dmaengine-at_hdmac-fix-concurrency-problems-by-removing-atc_complete_all.patch
queue-6.0/dmaengine-at_hdmac-start-transfer-for-cyclic-channels-in-issue_pending.patch
queue-6.0/dmaengine-at_hdmac-don-t-start-transactions-at-tx_submit-level.patch
queue-6.0/dmaengine-at_hdmac-fix-at_lli-struct-definition.patch
queue-6.0/dmaengine-at_hdmac-fix-descriptor-handling-when-issuing-it-to-hardware.patch
queue-6.0/dmaengine-at_hdmac-free-the-memset-buf-without-holding-the-chan-lock.patch
queue-6.0/dmaengine-at_hdmac-fix-concurrency-over-the-active-list.patch
queue-6.0/dmaengine-at_hdmac-fix-premature-completion-of-desc-in-issue_pending.patch
queue-6.0/dmaengine-at_hdmac-fix-impossible-condition.patch
queue-6.0/dmaengine-at_hdmac-check-return-code-of-dma_async_device_register.patch
queue-6.0/dmaengine-at_hdmac-don-t-allow-cpu-to-reorder-channel-enable.patch
queue-6.0/dmaengine-at_hdmac-fix-concurrency-over-descriptor.patch
queue-6.0/dmaengine-at_hdmac-protect-atchan-status-with-the-channel-lock.patch
queue-6.0/dmaengine-at_hdmac-fix-completion-of-unissued-descriptor-in-case-of-errors.patch
queue-6.0/dmaengine-at_hdmac-do-not-call-the-complete-callback-on-device_terminate_all.patch
