Re: [PATCH] drivers/dma/dma-jz4780: Fix race condition between probe and irq handler

From: Paul Cercueil
Date: Thu Aug 20 2020 - 08:00:03 EST


Hi,

Le dim. 16 août 2020 à 12:52, madhuparnabhowmik10@xxxxxxxxx a écrit :
From: Madhuparna Bhowmik <madhuparnabhowmik10@xxxxxxxxx>

In probe IRQ is requested before zchan->id is initialized which can be
read in the irq handler. Hence, shift request irq and enable clock after
other initializations complete. Here, enable clock part is not part of
the race, it is just shifted down after request_irq to keep the error
path same as before.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@xxxxxxxxx>

I don't think there is a race at all, the interrupt handler won't be called before the DMA is registered.

More importantly, this patch will break things, as there are now register writes in the probe before the clock is enabled.

Cheers,
-Paul

---
drivers/dma/dma-jz4780.c | 44 ++++++++++++++++++++--------------------
1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/drivers/dma/dma-jz4780.c b/drivers/dma/dma-jz4780.c
index 448f663da89c..5cbc8c3bd6c7 100644
--- a/drivers/dma/dma-jz4780.c
+++ b/drivers/dma/dma-jz4780.c
@@ -879,28 +879,6 @@ static int jz4780_dma_probe(struct platform_device *pdev)
return -EINVAL;
}

- ret = platform_get_irq(pdev, 0);
- if (ret < 0)
- return ret;
-
- jzdma->irq = ret;
-
- ret = request_irq(jzdma->irq, jz4780_dma_irq_handler, 0, dev_name(dev),
- jzdma);
- if (ret) {
- dev_err(dev, "failed to request IRQ %u!\n", jzdma->irq);
- return ret;
- }
-
- jzdma->clk = devm_clk_get(dev, NULL);
- if (IS_ERR(jzdma->clk)) {
- dev_err(dev, "failed to get clock\n");
- ret = PTR_ERR(jzdma->clk);
- goto err_free_irq;
- }
-
- clk_prepare_enable(jzdma->clk);
-
/* Property is optional, if it doesn't exist the value will remain 0. */
of_property_read_u32_index(dev->of_node, "ingenic,reserved-channels",
0, &jzdma->chan_reserved);
@@ -949,6 +927,28 @@ static int jz4780_dma_probe(struct platform_device *pdev)
jzchan->vchan.desc_free = jz4780_dma_desc_free;
}

+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
+ return ret;
+
+ jzdma->irq = ret;
+
+ ret = request_irq(jzdma->irq, jz4780_dma_irq_handler, 0, dev_name(dev),
+ jzdma);
+ if (ret) {
+ dev_err(dev, "failed to request IRQ %u!\n", jzdma->irq);
+ return ret;
+ }
+
+ jzdma->clk = devm_clk_get(dev, NULL);
+ if (IS_ERR(jzdma->clk)) {
+ dev_err(dev, "failed to get clock\n");
+ ret = PTR_ERR(jzdma->clk);
+ goto err_free_irq;
+ }
+
+ clk_prepare_enable(jzdma->clk);
+
ret = dmaenginem_async_device_register(dd);
if (ret) {
dev_err(dev, "failed to register device\n");
--
2.17.1