We call sdei_reregister_event() with sdei_list_lock held but
_sdei_event_register() and sdei_event_destroy() also acquires
sdei_list_lock thus creating A-A deadlock.
Fixes: da351827240e ("firmware: arm_sdei: Add support for CPU and system
power states")
Signed-off-by: Liguang Zhang <[email protected]>
---
drivers/firmware/arm_sdei.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/drivers/firmware/arm_sdei.c b/drivers/firmware/arm_sdei.c
index a479023..37e9bf0 100644
--- a/drivers/firmware/arm_sdei.c
+++ b/drivers/firmware/arm_sdei.c
@@ -45,8 +45,11 @@ static asmlinkage void (*sdei_firmware_call)(unsigned long function_id,
static unsigned long sdei_entry_point;
struct sdei_event {
- /* These three are protected by the sdei_list_lock */
+ /* protected by the sdei_list_lock */
struct list_head list;
+
+ spinlock_t sdei_event_lock;
+ /* These two are protected by the sdei_event_lock */
bool reregister;
bool reenable;
@@ -214,6 +217,7 @@ static struct sdei_event *sdei_event_create(u32 event_num,
return ERR_PTR(-ENOMEM);
INIT_LIST_HEAD(&event->list);
+ spin_lock_init(&event->sdei_event_lock);
event->event_num = event_num;
err = sdei_api_event_get_info(event_num, SDEI_EVENT_INFO_EV_PRIORITY,
@@ -412,9 +416,9 @@ int sdei_event_enable(u32 event_num)
return -ENOENT;
}
- spin_lock(&sdei_list_lock);
+ spin_lock(&event->sdei_event_lock);
event->reenable = true;
- spin_unlock(&sdei_list_lock);
+ spin_unlock(&event->sdei_event_lock);
if (event->type == SDEI_EVENT_TYPE_SHARED)
err = sdei_api_event_enable(event->event_num);
@@ -491,10 +495,10 @@ static int _sdei_event_unregister(struct sdei_event *event)
{
lockdep_assert_held(&sdei_events_lock);
- spin_lock(&sdei_list_lock);
+ spin_lock(&event->sdei_event_lock);
event->reregister = false;
event->reenable = false;
- spin_unlock(&sdei_list_lock);
+ spin_unlock(&event->sdei_event_lock);
if (event->type == SDEI_EVENT_TYPE_SHARED)
return sdei_api_event_unregister(event->event_num);
@@ -585,9 +589,9 @@ static int _sdei_event_register(struct sdei_event *event)
lockdep_assert_held(&sdei_events_lock);
- spin_lock(&sdei_list_lock);
+ spin_lock(&event->sdei_event_lock);
event->reregister = true;
- spin_unlock(&sdei_list_lock);
+ spin_unlock(&event->sdei_event_lock);
if (event->type == SDEI_EVENT_TYPE_SHARED)
return sdei_api_event_register(event->event_num,
@@ -598,10 +602,10 @@ static int _sdei_event_register(struct sdei_event *event)
err = sdei_do_cross_call(_local_event_register, event);
if (err) {
- spin_lock(&sdei_list_lock);
+ spin_lock(&event->sdei_event_lock);
event->reregister = false;
event->reenable = false;
- spin_unlock(&sdei_list_lock);
+ spin_unlock(&event->sdei_event_lock);
sdei_do_cross_call(_local_event_unregister, event);
}
--
1.8.3.1
Function sdei_event_find() is always called in sdei_event_create(), but
it is already called in sdei_event_register(). So we should remove some
needless sdei_event_find() calls.
Signed-off-by: Liguang Zhang <[email protected]>
---
drivers/firmware/arm_sdei.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/drivers/firmware/arm_sdei.c b/drivers/firmware/arm_sdei.c
index f81c09e..79ae07c 100644
--- a/drivers/firmware/arm_sdei.c
+++ b/drivers/firmware/arm_sdei.c
@@ -271,15 +271,9 @@ static struct sdei_event *sdei_event_create(u32 event_num,
event->private_registered = regs;
}
- if (sdei_event_find(event_num)) {
- kfree(event->registered);
- kfree(event);
- event = ERR_PTR(-EBUSY);
- } else {
- spin_lock(&sdei_list_lock);
- list_add(&event->list, &sdei_list);
- spin_unlock(&sdei_list_lock);
- }
+ spin_lock(&sdei_list_lock);
+ list_add(&event->list, &sdei_list);
+ spin_unlock(&sdei_list_lock);
return event;
}
--
1.8.3.1
Remove one unnecessary white line.
Signed-off-by: Liguang Zhang <[email protected]>
---
drivers/firmware/arm_sdei.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/firmware/arm_sdei.c b/drivers/firmware/arm_sdei.c
index 37e9bf0..f81c09e 100644
--- a/drivers/firmware/arm_sdei.c
+++ b/drivers/firmware/arm_sdei.c
@@ -599,7 +599,6 @@ static int _sdei_event_register(struct sdei_event *event)
event->registered,
SDEI_EVENT_REGISTER_RM_ANY, 0);
-
err = sdei_do_cross_call(_local_event_register, event);
if (err) {
spin_lock(&event->sdei_event_lock);
--
1.8.3.1
Hi Luanshi,
On 16/01/2020 03:28, luanshi wrote:
> Remove one unnecessary white line.
>
> Signed-off-by: Liguang Zhang <[email protected]>
> ---
> drivers/firmware/arm_sdei.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/firmware/arm_sdei.c b/drivers/firmware/arm_sdei.c
> index 37e9bf0..f81c09e 100644
> --- a/drivers/firmware/arm_sdei.c
> +++ b/drivers/firmware/arm_sdei.c
> @@ -599,7 +599,6 @@ static int _sdei_event_register(struct sdei_event *event)
> event->registered,
> SDEI_EVENT_REGISTER_RM_ANY, 0);
>
> -
> err = sdei_do_cross_call(_local_event_register, event);
> if (err) {
> spin_lock(&event->sdei_event_lock);
I'm afraid these whitespace-only patches aren't worth sending. If its not caught at
review, it gets to annoy the reader until someone can do a drive-by fix when they are
changing adjacent code.
I've merged this with the first patch in the eventual series.
Thanks,
James
Hi Luanshi,
On 16/01/2020 03:28, luanshi wrote:
> We call sdei_reregister_event() with sdei_list_lock held but
> _sdei_event_register() and sdei_event_destroy() also acquires
> sdei_list_lock thus creating A-A deadlock.
>
> Fixes: da351827240e ("firmware: arm_sdei: Add support for CPU and system
> power states")
>
(Nit: stray whitespace in the fixes tag, the backport tools may choke on this)
(Please include 'PATCH' in the [] section of the subject when posting, its part of the
'canonical patch format', and my scripts for pulling a series of the list depend on it!)
> ---
Thanks for picking up my suggestion, ... it was what I think should have been done in the
first place to avoid this bug.
Looking at your patch, we'd need to take the per-event lock around the reads of reregister
and reenable in sdei_cpuhp_up() too, and sdei_reregister_shared(), ... and this quickly
becomes much noisier than a patch for stable should be. (Sorry, I should have tried it
before suggesting it!)
I've picked up your first version, but instead of duplicating the contents of the
function, I've added '_llocked' wrappers to account for that lock already being held. This
isn't great as we have _locked too, but lockdep should keep us honest.
Because I started with your patch, git has kept you as author.
This ended up as patch 2, because it was also necessary to move those reregister updates
into their callers to fix hibernate.
I'll posted what I have next week, sorry for the hiatus.
Thanks,
James