From patchwork Fri May 5 05:37:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 758854 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3wK0z50PRlz9s8F for ; Fri, 5 May 2017 15:37:37 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752378AbdEEFhf (ORCPT ); Fri, 5 May 2017 01:37:35 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:36926 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751630AbdEEFhf (ORCPT ); Fri, 5 May 2017 01:37:35 -0400 Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v455bVQK006482 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 5 May 2017 05:37:32 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0021.oracle.com (8.13.8/8.14.4) with ESMTP id v455bVZL020351 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 5 May 2017 05:37:31 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v455bUFc025564; Fri, 5 May 2017 05:37:30 GMT Received: from mwanda (/197.254.35.146) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 04 May 2017 22:37:30 -0700 Date: Fri, 5 May 2017 08:37:23 +0300 From: Dan Carpenter To: Thierry Reding Cc: Jonathan Hunter , linux-tegra@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH] firmware: tegra: fix locking bugs in bpmp Message-ID: <20170505053723.53qi4ob3df4ri2v4@mwanda> MIME-Version: 1.0 Content-Disposition: inline X-Mailer: git-send-email haha only kidding User-Agent: NeoMutt/20170113 (1.7.2) X-Source-IP: aserv0021.oracle.com [141.146.126.233] Sender: linux-tegra-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-tegra@vger.kernel.org There are a bunch of error paths were we don't unlock the bpmp->threaded lock. Also if __tegra_bpmp_channel_write() fails then we returned success instead of an error code. Fixes: 983de5f97169 ("firmware: tegra: Add BPMP support") Signed-off-by: Dan Carpenter --- To unsubscribe from this list: send the line "unsubscribe linux-tegra" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/firmware/tegra/bpmp.c b/drivers/firmware/tegra/bpmp.c index 84e4c9a58a0c..dffdfb4e9da0 100644 --- a/drivers/firmware/tegra/bpmp.c +++ b/drivers/firmware/tegra/bpmp.c @@ -211,14 +211,17 @@ static ssize_t tegra_bpmp_channel_read(struct tegra_bpmp_channel *channel, int index; index = tegra_bpmp_channel_get_thread_index(channel); - if (index < 0) - return index; + if (index < 0) { + err = index; + goto unlock; + } spin_lock_irqsave(&bpmp->lock, flags); err = __tegra_bpmp_channel_read(channel, data, size); clear_bit(index, bpmp->threaded.allocated); spin_unlock_irqrestore(&bpmp->lock, flags); +unlock: up(&bpmp->threaded.lock); return err; @@ -256,35 +259,40 @@ tegra_bpmp_write_threaded(struct tegra_bpmp *bpmp, unsigned int mrq, index = find_first_zero_bit(bpmp->threaded.allocated, count); if (index == count) { - channel = ERR_PTR(-EBUSY); - goto unlock; + err = -EBUSY; + goto err_unlock; } channel = tegra_bpmp_channel_get_thread(bpmp, index); if (!channel) { - channel = ERR_PTR(-EINVAL); - goto unlock; + err = -EINVAL; + goto err_unlock; } if (!tegra_bpmp_master_free(channel)) { - channel = ERR_PTR(-EBUSY); - goto unlock; + err = -EBUSY; + goto err_unlock; } set_bit(index, bpmp->threaded.allocated); err = __tegra_bpmp_channel_write(channel, mrq, MSG_ACK | MSG_RING, data, size); - if (err < 0) { - clear_bit(index, bpmp->threaded.allocated); - goto unlock; - } + if (err < 0) + goto err_clear_allocated; set_bit(index, bpmp->threaded.busy); -unlock: spin_unlock_irqrestore(&bpmp->lock, flags); return channel; + +err_clear_allocated: + clear_bit(index, bpmp->threaded.allocated); +err_unlock: + spin_unlock_irqrestore(&bpmp->lock, flags); + up(&bpmp->threaded.lock); + + return ERR_PTR(err); } static ssize_t tegra_bpmp_channel_write(struct tegra_bpmp_channel *channel,