android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

i2c: xiic: Fix broken locking on tx_msg

Browse Source 
[ Upstream commit c119e7d00c916881913011e6f4c6ac349a41e4e2 ]

The tx_msg is set from multiple places, sometimes without locking,
which fall apart on any SMP system. Only ever access tx_msg inside
the driver mutex.

Signed-off-by: Marek Vasut <marex@denx.de>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Stable-dep-of: 1d4a1adbed25 ("i2c: xiic: Try re-initialization on bus busy timeout")
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Marek Vasut 2021-08-23 23:41:40 +02:00 committed by Greg Kroah-Hartman
parent dd70c8a89e
commit 6da4bbeb16
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
drivers/i2c/busses/i2c-xiic.c
View File

@ -170,7 +170,7 @@ struct xiic_i2c {
#define xiic_tx_space(i2c) ((i2c)->tx_msg->len - (i2c)->tx_pos)
#define xiic_rx_space(i2c) ((i2c)->rx_msg->len - (i2c)->rx_pos)
static int xiic_start_xfer(struct xiic_i2c *i2c);
static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num);
static void __xiic_start_xfer(struct xiic_i2c *i2c);
/*
@ -701,15 +701,25 @@ static void __xiic_start_xfer(struct xiic_i2c *i2c)
}
static int xiic_start_xfer(struct xiic_i2c *i2c)
static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num)
{
int ret;
mutex_lock(&i2c->lock);
ret = xiic_busy(i2c);
if (ret)
goto out;
i2c->tx_msg = msgs;
i2c->rx_msg = NULL;
i2c->nmsgs = num;
ret = xiic_reinit(i2c);
if (!ret)
__xiic_start_xfer(i2c);
out:
mutex_unlock(&i2c->lock);
return ret;
@ -727,14 +737,7 @@ static int xiic_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
if (err < 0)
return err;
err = xiic_busy(i2c);
if (err)
goto out;
i2c->tx_msg = msgs;
i2c->nmsgs = num;
err = xiic_start_xfer(i2c);
err = xiic_start_xfer(i2c, msgs, num);
if (err < 0) {
dev_err(adap->dev.parent, "Error xiic_start_xfer\n");
goto out;
@ -742,9 +745,11 @@ static int xiic_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
if (wait_event_timeout(i2c->wait, (i2c->state == STATE_ERROR) ||
(i2c->state == STATE_DONE), HZ)) {
mutex_lock(&i2c->lock);
err = (i2c->state == STATE_DONE) ? num : -EIO;
goto out;
} else {
mutex_lock(&i2c->lock);
i2c->tx_msg = NULL;
i2c->rx_msg = NULL;
i2c->nmsgs = 0;
@ -752,6 +757,7 @@ static int xiic_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
goto out;
}
out:
mutex_unlock(&i2c->lock);
pm_runtime_mark_last_busy(i2c->dev);
pm_runtime_put_autosuspend(i2c->dev);
return err;