[PATCH] gma500: Fix possible sleep-in-atomic bugs in gma_power_begin

From: Jia-Ju Bai
Date: Mon Oct 09 2017 - 06:03:55 EST

Next message: Tobin C. Harding: "Re: [PATCH] KVM: remove printing of token address"
Previous message: Will Deacon: "Re: [PATCH v2 0/5] Switch arm64 over to qrwlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The driver may sleep under a spinlock, and the function call paths are:
gma_power_begin (acquire the spinlock) (drivers/gpu/drm/gma500/power.c)
gma_resume_pci
pci_set_power_state
__pci_start_power_transition (drivers/pci/pci.c)
msleep --> may sleep

gma_power_begin (acquire the spinlock) (drivers/gpu/drm/gma500/power.c)
gma_resume_pci
pci_enable_device
pci_enable_device_flags (drivers/pci/pci.c)
do_pci_enable_device
pci_set_power_state
__pci_start_power_transition
msleep --> may sleep

To fix them, the spinlock is released before gma_resume_pci, and it is acquired again after gma_resume_pci.

This bug is found by my static analysis tool and my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxx>
---
drivers/gpu/drm/gma500/power.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/gma500/power.c b/drivers/gpu/drm/gma500/power.c
index bea8578..c355d7e 100644
--- a/drivers/gpu/drm/gma500/power.c
+++ b/drivers/gpu/drm/gma500/power.c
@@ -264,7 +264,9 @@ bool gma_power_begin(struct drm_device *dev, bool force_on)
goto out_false;

/* Ok power up needed */
+ spin_unlock_irqrestore(&power_ctrl_lock, flags);
ret = gma_resume_pci(dev->pdev);
+ spin_lock_irqsave(&power_ctrl_lock, flags);
if (ret == 0) {
psb_irq_preinstall(dev);
psb_irq_postinstall(dev);
--
1.7.9.5

Next message: Tobin C. Harding: "Re: [PATCH] KVM: remove printing of token address"
Previous message: Will Deacon: "Re: [PATCH v2 0/5] Switch arm64 over to qrwlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]