There is double acquisition of the pm_lock from mhi_driver_remove()
function. Remove the read_lock_bh/read_unlock_bh calls for pm_lock
taken during a call to mhi_device_put() as the lock is acquired
within the function already. This will help avoid a potential
kernel panic.
Fixes: 189ff97cca53 ("bus: mhi: core: Add support for data transfer")
Reported-by: Shuah Khan <[email protected]>
Signed-off-by: Bhaumik Bhatt <[email protected]>
---
drivers/bus/mhi/core/init.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
index 0ffdebd..0a09f82 100644
--- a/drivers/bus/mhi/core/init.c
+++ b/drivers/bus/mhi/core/init.c
@@ -1276,10 +1276,8 @@ static int mhi_driver_remove(struct device *dev)
mutex_unlock(&mhi_chan->mutex);
}
- read_lock_bh(&mhi_cntrl->pm_lock);
while (mhi_dev->dev_wake)
mhi_device_put(mhi_dev);
- read_unlock_bh(&mhi_cntrl->pm_lock);
return 0;
}
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
On Thu, Oct 15, 2020 at 11:47:51AM -0700, Bhaumik Bhatt wrote:
> There is double acquisition of the pm_lock from mhi_driver_remove()
> function. Remove the read_lock_bh/read_unlock_bh calls for pm_lock
> taken during a call to mhi_device_put() as the lock is acquired
> within the function already. This will help avoid a potential
> kernel panic.
>
> Fixes: 189ff97cca53 ("bus: mhi: core: Add support for data transfer")
> Reported-by: Shuah Khan <[email protected]>
> Signed-off-by: Bhaumik Bhatt <[email protected]>
Reviewed-by: Manivannan Sadhasivam <[email protected]>
Thanks,
Mani
> ---
> drivers/bus/mhi/core/init.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
> index 0ffdebd..0a09f82 100644
> --- a/drivers/bus/mhi/core/init.c
> +++ b/drivers/bus/mhi/core/init.c
> @@ -1276,10 +1276,8 @@ static int mhi_driver_remove(struct device *dev)
> mutex_unlock(&mhi_chan->mutex);
> }
>
> - read_lock_bh(&mhi_cntrl->pm_lock);
> while (mhi_dev->dev_wake)
> mhi_device_put(mhi_dev);
> - read_unlock_bh(&mhi_cntrl->pm_lock);
>
> return 0;
> }
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>
On Thu, Oct 15, 2020 at 11:47:51AM -0700, Bhaumik Bhatt wrote:
> There is double acquisition of the pm_lock from mhi_driver_remove()
> function. Remove the read_lock_bh/read_unlock_bh calls for pm_lock
> taken during a call to mhi_device_put() as the lock is acquired
> within the function already. This will help avoid a potential
> kernel panic.
>
> Fixes: 189ff97cca53 ("bus: mhi: core: Add support for data transfer")
> Reported-by: Shuah Khan <[email protected]>
> Signed-off-by: Bhaumik Bhatt <[email protected]>
Applied to mhi-next!
Thanks,
Mani
> ---
> drivers/bus/mhi/core/init.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
> index 0ffdebd..0a09f82 100644
> --- a/drivers/bus/mhi/core/init.c
> +++ b/drivers/bus/mhi/core/init.c
> @@ -1276,10 +1276,8 @@ static int mhi_driver_remove(struct device *dev)
> mutex_unlock(&mhi_chan->mutex);
> }
>
> - read_lock_bh(&mhi_cntrl->pm_lock);
> while (mhi_dev->dev_wake)
> mhi_device_put(mhi_dev);
> - read_unlock_bh(&mhi_cntrl->pm_lock);
>
> return 0;
> }
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>