| Message ID | 1513425251-4143-1-git-send-email-baijiaju1990@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi, On 16/12/17 12:54, Jia-Ju Bai wrote: > The driver may sleep under a spinlock. > The function call path is: > bdisp_device_run (acquire the spinlock) > bdisp_hw_reset > msleep --> may sleep > > To fix it, readl_poll_timeout_atomic is used to replace msleep. > > This bug is found by my static analysis tool(DSAC) and > checked by my code review. > > Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> > --- > drivers/media/platform/sti/bdisp/bdisp-hw.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/drivers/media/platform/sti/bdisp/bdisp-hw.c b/drivers/media/platform/sti/bdisp/bdisp-hw.c > index b7892f3..e94a371 100644 > --- a/drivers/media/platform/sti/bdisp/bdisp-hw.c > +++ b/drivers/media/platform/sti/bdisp/bdisp-hw.c > @@ -5,6 +5,7 @@ > */ > > #include <linux/delay.h> This delay.h include is no more needed, remove it. > +#include <linux/iopoll.h> > > #include "bdisp.h" > #include "bdisp-filter.h" > @@ -366,7 +367,7 @@ struct bdisp_filter_addr { > */ > int bdisp_hw_reset(struct bdisp_dev *bdisp) > { > - unsigned int i; > + u32 tmp; > > dev_dbg(bdisp->dev, "%s\n", __func__); > > @@ -379,15 +380,14 @@ int bdisp_hw_reset(struct bdisp_dev *bdisp) > writel(0, bdisp->regs + BLT_CTL); > > /* Wait for reset done */ > - for (i = 0; i < POLL_RST_MAX; i++) { > - if (readl(bdisp->regs + BLT_STA1) & BLT_STA1_IDLE) > - break; > - msleep(POLL_RST_DELAY_MS); > - } > - if (i == POLL_RST_MAX) As recommended by Mauro, please add this comment: Despite the large timeout, most of the time the reset happens without needing any delays > + if (readl_poll_timeout_atomic(bdisp->regs + BLT_STA1, tmp, > + (tmp & BLT_STA1_IDLE), POLL_RST_DELAY_MS, > + POLL_RST_DELAY_MS * POLL_RST_MAX)) { read_poll_timeout expects US timings, not MS. > dev_err(bdisp->dev, "Reset timeout\n"); > + return -EAGAIN; > + } > > - return (i == POLL_RST_MAX) ? -EAGAIN : 0; > + return 0; > } > > /**
On 2017/12/19 18:43, Fabien DESSENNE wrote: > Hi, > > > On 16/12/17 12:54, Jia-Ju Bai wrote: >> The driver may sleep under a spinlock. >> The function call path is: >> bdisp_device_run (acquire the spinlock) >> bdisp_hw_reset >> msleep --> may sleep >> >> To fix it, readl_poll_timeout_atomic is used to replace msleep. >> >> This bug is found by my static analysis tool(DSAC) and >> checked by my code review. >> >> Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> >> --- >> drivers/media/platform/sti/bdisp/bdisp-hw.c | 16 ++++++++-------- >> 1 file changed, 8 insertions(+), 8 deletions(-) >> >> diff --git a/drivers/media/platform/sti/bdisp/bdisp-hw.c b/drivers/media/platform/sti/bdisp/bdisp-hw.c >> index b7892f3..e94a371 100644 >> --- a/drivers/media/platform/sti/bdisp/bdisp-hw.c >> +++ b/drivers/media/platform/sti/bdisp/bdisp-hw.c >> @@ -5,6 +5,7 @@ >> */ >> >> #include <linux/delay.h> > This delay.h include is no more needed, remove it. > >> +#include <linux/iopoll.h> >> >> #include "bdisp.h" >> #include "bdisp-filter.h" >> @@ -366,7 +367,7 @@ struct bdisp_filter_addr { >> */ >> int bdisp_hw_reset(struct bdisp_dev *bdisp) >> { >> - unsigned int i; >> + u32 tmp; >> >> dev_dbg(bdisp->dev, "%s\n", __func__); >> >> @@ -379,15 +380,14 @@ int bdisp_hw_reset(struct bdisp_dev *bdisp) >> writel(0, bdisp->regs + BLT_CTL); >> >> /* Wait for reset done */ >> - for (i = 0; i < POLL_RST_MAX; i++) { >> - if (readl(bdisp->regs + BLT_STA1) & BLT_STA1_IDLE) >> - break; >> - msleep(POLL_RST_DELAY_MS); >> - } >> - if (i == POLL_RST_MAX) > As recommended by Mauro, please add this comment: > Despite the large timeout, most of the time the reset happens without > needing any delays > >> + if (readl_poll_timeout_atomic(bdisp->regs + BLT_STA1, tmp, >> + (tmp & BLT_STA1_IDLE), POLL_RST_DELAY_MS, >> + POLL_RST_DELAY_MS * POLL_RST_MAX)) { > read_poll_timeout expects US timings, not MS. > >> dev_err(bdisp->dev, "Reset timeout\n"); >> + return -EAGAIN; >> + } >> >> - return (i == POLL_RST_MAX) ? -EAGAIN : 0; >> + return 0; >> } >> >> /** Hi, Okay, I have submitted a new patch according to your advice :) Thanks, Jia-Ju Bai
diff --git a/drivers/media/platform/sti/bdisp/bdisp-hw.c b/drivers/media/platform/sti/bdisp/bdisp-hw.c index b7892f3..e94a371 100644 --- a/drivers/media/platform/sti/bdisp/bdisp-hw.c +++ b/drivers/media/platform/sti/bdisp/bdisp-hw.c @@ -5,6 +5,7 @@ */ #include <linux/delay.h> +#include <linux/iopoll.h> #include "bdisp.h" #include "bdisp-filter.h" @@ -366,7 +367,7 @@ struct bdisp_filter_addr { */ int bdisp_hw_reset(struct bdisp_dev *bdisp) { - unsigned int i; + u32 tmp; dev_dbg(bdisp->dev, "%s\n", __func__); @@ -379,15 +380,14 @@ int bdisp_hw_reset(struct bdisp_dev *bdisp) writel(0, bdisp->regs + BLT_CTL); /* Wait for reset done */ - for (i = 0; i < POLL_RST_MAX; i++) { - if (readl(bdisp->regs + BLT_STA1) & BLT_STA1_IDLE) - break; - msleep(POLL_RST_DELAY_MS); - } - if (i == POLL_RST_MAX) + if (readl_poll_timeout_atomic(bdisp->regs + BLT_STA1, tmp, + (tmp & BLT_STA1_IDLE), POLL_RST_DELAY_MS, + POLL_RST_DELAY_MS * POLL_RST_MAX)) { dev_err(bdisp->dev, "Reset timeout\n"); + return -EAGAIN; + } - return (i == POLL_RST_MAX) ? -EAGAIN : 0; + return 0; } /**
The driver may sleep under a spinlock. The function call path is: bdisp_device_run (acquire the spinlock) bdisp_hw_reset msleep --> may sleep To fix it, readl_poll_timeout_atomic is used to replace msleep. This bug is found by my static analysis tool(DSAC) and checked by my code review. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> --- drivers/media/platform/sti/bdisp/bdisp-hw.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)