This is a note to let you know that I've just added the patch titled
dmaengine: at_hdmac: Protect atchan->status with the channel lock
to the 6.0-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
dmaengine-at_hdmac-protect-atchan-status-with-the-channel-lock.patch
and it can be found in the queue-6.0 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 6e5ad28d16f082efeae3d0bd2e31f24bed218019 Mon Sep 17 00:00:00 2001
From: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
Date: Tue, 25 Oct 2022 12:02:40 +0300
Subject: dmaengine: at_hdmac: Protect atchan->status with the channel lock
From: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
commit 6e5ad28d16f082efeae3d0bd2e31f24bed218019 upstream.
Now that the complete callback call was removed from
device_terminate_all(), we can protect the atchan->status with the channel
lock. The atomic bitops on atchan->status do not substitute proper locking
on the status, as one could still modify the status after the lock was
dropped in atc_terminate_all() but before the atomic bitops were executed.
Fixes: 078a6506141a ("dmaengine: at_hdmac: Fix deadlocks")
Reported-by: Peter Rosin <peda@xxxxxxxxxx>
Signed-off-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Link: https://lore.kernel.org/lkml/13c6c9a2-6db5-c3bf-349b-4c127ad3496a@xxxxxxxxxx/
Acked-by: Nicolas Ferre <nicolas.ferre@xxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20221025090306.297886-1-tudor.ambarus@xxxxxxxxxxxxx
Link: https://lore.kernel.org/r/20221025090306.297886-7-tudor.ambarus@xxxxxxxxxxxxx
Signed-off-by: Vinod Koul <vkoul@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/dma/at_hdmac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/dma/at_hdmac.c
+++ b/drivers/dma/at_hdmac.c
@@ -1460,12 +1460,12 @@ static int atc_terminate_all(struct dma_
list_splice_tail_init(&atchan->queue, &atchan->free_list);
list_splice_tail_init(&atchan->active_list, &atchan->free_list);
- spin_unlock_irqrestore(&atchan->lock, flags);
-
clear_bit(ATC_IS_PAUSED, &atchan->status);
/* if channel dedicated to cyclic operations, free it */
clear_bit(ATC_IS_CYCLIC, &atchan->status);
+ spin_unlock_irqrestore(&atchan->lock, flags);
+
return 0;
}
Patches currently in stable-queue which might be from tudor.ambarus@xxxxxxxxxxxxx are
queue-6.0/dmaengine-at_hdmac-fix-concurrency-problems-by-removing-atc_complete_all.patch
queue-6.0/dmaengine-at_hdmac-start-transfer-for-cyclic-channels-in-issue_pending.patch
queue-6.0/dmaengine-at_hdmac-don-t-start-transactions-at-tx_submit-level.patch
queue-6.0/dmaengine-at_hdmac-fix-at_lli-struct-definition.patch
queue-6.0/dmaengine-at_hdmac-fix-descriptor-handling-when-issuing-it-to-hardware.patch
queue-6.0/dmaengine-at_hdmac-free-the-memset-buf-without-holding-the-chan-lock.patch
queue-6.0/dmaengine-at_hdmac-fix-concurrency-over-the-active-list.patch
queue-6.0/dmaengine-at_hdmac-fix-premature-completion-of-desc-in-issue_pending.patch
queue-6.0/dmaengine-at_hdmac-fix-impossible-condition.patch
queue-6.0/dmaengine-at_hdmac-check-return-code-of-dma_async_device_register.patch
queue-6.0/dmaengine-at_hdmac-don-t-allow-cpu-to-reorder-channel-enable.patch
queue-6.0/dmaengine-at_hdmac-fix-concurrency-over-descriptor.patch
queue-6.0/dmaengine-at_hdmac-protect-atchan-status-with-the-channel-lock.patch
queue-6.0/dmaengine-at_hdmac-fix-completion-of-unissued-descriptor-in-case-of-errors.patch
queue-6.0/dmaengine-at_hdmac-do-not-call-the-complete-callback-on-device_terminate_all.patch
