| Message ID | 1507325037-20889-1-git-send-email-khoroshilov@ispras.ru (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
On Fri 06 Oct 14:23 PDT 2017, Alexey Khoroshilov wrote: > If qcom_glink_tx() fails in qcom_glink_request_intent(), > it returns immediately leaving intent_req_lock mutex locked. > So the next tries to send intent request lead to deadlock. > > Found by Linux Driver Verification project (linuxtesting.org). > > Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Thanks Alexey. This was found by Dan Carpenter a few weeks ago, but I failed to send the pull request for it, will do so now. Regards, Bjorn -- To unsubscribe from this list: send the line "unsubscribe linux-remoteproc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 5a5e927ea50f..fecb1dafa8f3 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1197,7 +1197,7 @@ static int qcom_glink_request_intent(struct qcom_glink *glink, ret = qcom_glink_tx(glink, &cmd, sizeof(cmd), NULL, 0, true); if (ret) - return ret; + goto unlock; ret = wait_for_completion_timeout(&channel->intent_req_comp, 10 * HZ); if (!ret) { @@ -1207,6 +1207,7 @@ static int qcom_glink_request_intent(struct qcom_glink *glink, ret = channel->intent_req_result ? 0 : -ECANCELED; } +unlock: mutex_unlock(&channel->intent_req_lock); return ret; }
If qcom_glink_tx() fails in qcom_glink_request_intent(), it returns immediately leaving intent_req_lock mutex locked. So the next tries to send intent request lead to deadlock. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> --- drivers/rpmsg/qcom_glink_native.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)