bus/mhi/core: Double lock in mhi_device_put() and dev_wake inc/dec

From: Shuah Khan
Date: Thu Sep 17 2020 - 19:16:45 EST

Next message: Steven Rostedt: "[PATCH] kprobes: Do not disarm disabled ftrace kprobe"
Previous message: Ming Lei: "Re: [PATCH] iomap: Fix the write_count in iomap_add_to_ioend()."
Next in thread: bbhatt: "Re: bus/mhi/core: Double lock in mhi_device_put() and dev_wake inc/dec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While looking at this file for an unrelated issue, I happen to notice
there is a double locking on mhi_cntrl->pm_lock in the mhi_device_put()
when it gets called from mhi_driver_remove()

The other two calls from mhi_driver_probe() don't hold the pm_lock.

In addition, lock holding while dev_wake updates is inconsistent.

dev_wake gets incremented and decremented without holding pm_lock in
mhi_device_get(), mhi_device_get_sync() and mhi_device_put().

Exception are when mhi_device_put() is called from mhi_driver_remove().

The following commit is where all this code is added.

bus: mhi: core: Add support for data transfer
https://github.com/torvalds/linux/commit/189ff97cca53e3fe2d8b38d64105040ce17fc62d

It appears to be real problem. I don't have a way to test this driver,
hence reaching out to let you know about my findings.

thanks,
-- Shuah

Next message: Steven Rostedt: "[PATCH] kprobes: Do not disarm disabled ftrace kprobe"
Previous message: Ming Lei: "Re: [PATCH] iomap: Fix the write_count in iomap_add_to_ioend()."
Next in thread: bbhatt: "Re: bus/mhi/core: Double lock in mhi_device_put() and dev_wake inc/dec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]