From: Alexey Khoroshilov Date: Wed, 29 May 2013 20:51:37 +0000 (+0400) Subject: usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq() X-Git-Tag: firefly_0821_release~176^2~5847^2~60^2~47 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=f37d49ad6e3d351fcf3cd042953ff273b6cd47e0;p=firefly-linux-kernel-4.4.55.git usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq() r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock. But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()), expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked. The patch just moves locking before calling r8a66597_sudmac_irq(). Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: Felipe Balbi --- diff --git a/drivers/usb/gadget/r8a66597-udc.c b/drivers/usb/gadget/r8a66597-udc.c index 51ea1690ca5d..c6af649f3240 100644 --- a/drivers/usb/gadget/r8a66597-udc.c +++ b/drivers/usb/gadget/r8a66597-udc.c @@ -1469,11 +1469,11 @@ static irqreturn_t r8a66597_irq(int irq, void *_r8a66597) u16 savepipe; u16 mask0; + spin_lock(&r8a66597->lock); + if (r8a66597_is_sudmac(r8a66597)) r8a66597_sudmac_irq(r8a66597); - spin_lock(&r8a66597->lock); - intsts0 = r8a66597_read(r8a66597, INTSTS0); intenb0 = r8a66597_read(r8a66597, INTENB0);