@@ -757,18 +757,19 @@ static void mtk_hsdma_free_active_desc(struct dma_chan *c)
{
struct mtk_hsdma_vchan *hvc = to_hsdma_vchan(c);
bool sync_needed = false;
+ unsigned long flags;
/*
* Once issue_synchronize is being set, which means once the hardware
* consumes all descriptors for the channel in the ring, the
* synchronization must be notified immediately it is completed.
*/
- spin_lock(&hvc->vc.lock);
+ spin_lock_irqsave(&hvc->vc.lock, flags);
if (!list_empty(&hvc->desc_hw_processing)) {
hvc->issue_synchronize = true;
sync_needed = true;
}
- spin_unlock(&hvc->vc.lock);
+ spin_unlock_irqrestore(&hvc->vc.lock, flags);
if (sync_needed)
wait_for_completion(&hvc->issue_completion);
As &vc->lock is acquired by the irq mtk_hsdma_irq(), other process context code acquiring the lock should disable irq. The terminate callback mtk_hsdma_terminate_all() acquires the same lock without closing irq. Possible deadlock scenario: mtk_hsdma_free_active_desc() -> spin_lock(&hvc->vc.lock) <irq interrupt> -> mtk_hsdma_irq() -> mtk_hsdma_free_rooms_in_ring() -> spin_lock(&hvc->vc.lock) (deadlock here) This flaw was found using an experimental static analysis tool we are developing for irq-related deadlock. The tentative patch fix the potential deadlock by spin_lock_irqsave(). Signed-off-by: Chengfeng Ye <dg573847474@gmail.com> --- drivers/dma/mediatek/mtk-hsdma.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)