From patchwork Sun Oct 22 08:23:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe JAILLET X-Patchwork-Id: 829006 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ZpXaQd8T"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yKXcx4zphz9ryv for ; Sun, 22 Oct 2017 19:24:15 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=RBp54QMqCocZt08WoeYSlAbPod+MUzQnW0/j2EttzIc=; b=ZpX aQd8TYq9E6aAPjyoXxAXoAIzBOA1VY4U8wfD6PQauT5DJC+89RYiBRrrdYTpEhOEV11obAAo6/JX0 FAWB/yfjxn81gZM43Xrd4eKQLnwzgCAZC4HTcDT2xnUgYwGdkzy6Y5W1+SWwxPeYszdZCYIMQ1A2W OLFxHgAhDcNdSOKNGz7jX/iVYt6N77vkO/HI/2rzeaXXF+Yc1CwSNN6DAYdURPysDu8VdclcRrebA 0v0sp4mMRsu7tm4nX1LcTS0prNuHdJg2tHympWtOchorKvLNyQGaQ4YvGTlocErLuaTFomwBulobo AeOyH/IBPq/+sAzrCXBnApLvlXjyZBQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1e6BY8-0000Fh-Nj; Sun, 22 Oct 2017 08:24:00 +0000 Received: from smtp11.smtpout.orange.fr ([80.12.242.133] helo=smtp.smtpout.orange.fr) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1e6BY2-0000Eh-P1 for linux-mtd@lists.infradead.org; Sun, 22 Oct 2017 08:23:57 +0000 Received: from localhost.localdomain ([86.196.182.67]) by mwinf5d46 with ME id QYPP1w00H1TfVo603YPQW8; Sun, 22 Oct 2017 10:23:27 +0200 X-ME-Helo: localhost.localdomain X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI= X-ME-Date: Sun, 22 Oct 2017 10:23:27 +0200 X-ME-IP: 86.196.182.67 From: Christophe JAILLET To: dwmw2@infradead.org, computersforpeace@gmail.com, boris.brezillon@free-electrons.com, marek.vasut@gmail.com, richard@nod.at, cyrille.pitchen@wedev4u.fr Subject: [PATCH] mtd: cfi_cmdset_0001: Fix a potential double mutex_lock Date: Sun, 22 Oct 2017 10:23:01 +0200 Message-Id: <20171022082301.26220-1-christophe.jaillet@wanadoo.fr> X-Mailer: git-send-email 2.14.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171022_012355_139001_10BB57B5 X-CRM114-Status: UNSURE ( 9.35 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -4.7 (----) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-4.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [80.12.242.133 listed in list.dnswl.org] -2.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [80.12.242.133 listed in wl.mailspike.net] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (christophe.jaillet[at]wanadoo.fr) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kernel-janitors@vger.kernel.org, Christophe JAILLET , linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org If 'chip->state == FL_SYNCING', we will 'goto retry' with the mutex '&shared->lock' already taken. In such a case, the 'mutex_lock' at line 927 can never succeed. In order to avoid a deadlock, move the 'mutex_lock(&shared->lock)' at the very end of the block. This has been spotted with the following coccinelle script: @find@ expression x, t; @@ mutex_lock(x); ... when != mutex_unlock(x) mutex_lock(t); @@ expression find.t; expression find.x; @@ * mutex_lock(t); ... when != mutex_unlock(t) * mutex_lock(x); Fixes: 3afe7eb37f4d ("[MTD] [NOR] fix cfi_cmdset_0001 FL_SYNCING race (take 2)") Signed-off-by: Christophe JAILLET --- Review carefuly, untested. --- drivers/mtd/chips/cfi_cmdset_0001.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c index 5e1b68cbcd0a..bddf407a366d 100644 --- a/drivers/mtd/chips/cfi_cmdset_0001.c +++ b/drivers/mtd/chips/cfi_cmdset_0001.c @@ -952,7 +952,6 @@ static int get_chip(struct map_info *map, struct flchip *chip, unsigned long adr mutex_unlock(&contender->mutex); return ret; } - mutex_lock(&shared->lock); /* We should not own chip if it is already * in FL_SYNCING state. Put contender and retry. */ @@ -962,6 +961,8 @@ static int get_chip(struct map_info *map, struct flchip *chip, unsigned long adr goto retry; } mutex_unlock(&contender->mutex); + + mutex_lock(&shared->lock); } /* Check if we already have suspended erase