[PATCH 4.9 52/71] spi: bcm2835: Fix race on DMA termination

From: Greg Kroah-Hartman
Date: Mon Jan 07 2019 - 08:08:30 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.9 54/71] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 51/71] ext4: check for shutdown and r/o file system in ext4_write_inode()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.9 51/71] ext4: check for shutdown and r/o file system in ext4_write_inode()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.9 54/71] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.9-stable review patch. If anyone has any objections, please let me know.

------------------

From: Lukas Wunner <lukas@xxxxxxxxx>

commit e82b0b3828451c1cd331d9f304c6078fcd43b62e upstream.

If a DMA transfer finishes orderly right when spi_transfer_one_message()
determines that it has timed out, the callbacks bcm2835_spi_dma_done()
and bcm2835_spi_handle_err() race to call dmaengine_terminate_all(),
potentially leading to double termination.

Prevent by atomically changing the dma_pending flag before calling
dmaengine_terminate_all().

Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx>
Fixes: 3ecd37edaa2a ("spi: bcm2835: enable dma modes for transfers meeting certain conditions")
Cc: stable@xxxxxxxxxxxxxxx # v4.2+
Cc: Mathias Duckeck <m.duckeck@xxxxxxxxx>
Cc: Frank Pavlic <f.pavlic@xxxxxxxxx>
Cc: Martin Sperl <kernel@xxxxxxxxxxxxxxxx>
Cc: Noralf TrÃnnes <noralf@xxxxxxxxxxx>
Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/spi/spi-bcm2835.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)

--- a/drivers/spi/spi-bcm2835.c
+++ b/drivers/spi/spi-bcm2835.c
@@ -233,10 +233,9 @@ static void bcm2835_spi_dma_done(void *d
* is called the tx-dma must have finished - can't get to this
* situation otherwise...
*/
- dmaengine_terminate_all(master->dma_tx);
-
- /* mark as no longer pending */
- bs->dma_pending = 0;
+ if (cmpxchg(&bs->dma_pending, true, false)) {
+ dmaengine_terminate_all(master->dma_tx);
+ }

/* and mark as completed */;
complete(&master->xfer_completion);
@@ -617,10 +616,9 @@ static void bcm2835_spi_handle_err(struc
struct bcm2835_spi *bs = spi_master_get_devdata(master);

/* if an error occurred and we have an active dma, then terminate */
- if (bs->dma_pending) {
+ if (cmpxchg(&bs->dma_pending, true, false)) {
dmaengine_terminate_all(master->dma_tx);
dmaengine_terminate_all(master->dma_rx);
- bs->dma_pending = 0;
}
/* and reset */
bcm2835_spi_reset_hw(master);

Next message: Greg Kroah-Hartman: "[PATCH 4.9 54/71] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 51/71] ext4: check for shutdown and r/o file system in ext4_write_inode()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.9 51/71] ext4: check for shutdown and r/o file system in ext4_write_inode()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.9 54/71] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]