Commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations") changes the holding of the per-connection mutex to be less restrictive because at the time of that commit per-connection mutexes were encapsulated by a per-driver level gb_dev.mutex.
Commit 8e1d6c336d74 ("greybus: loopback: drop bus aggregate calculation") on the other hand subtracts the driver level gb_dev.mutex but neglects to move the mutex back to the place it was prior to commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations"), as a result several members of the per connection struct gb_loopback are racy.
The solution is restoring the old location of mutex_unlock(&gb->mutex) as it was in commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations").
Fixes: 8e1d6c336d74 ("greybus: loopback: drop bus aggregate calculation")
Signed-off-by: Bryan O'Donoghue pure.logic@nexus-software.ie Cc: Johan Hovold johan@kernel.org Cc: Alex Elder elder@kernel.org Cc: Greg Kroah-Hartman gregkh@linuxfoundation.org Cc: Mitch Tasman tasman@leaflabs.com Cc: greybus-dev@lists.linaro.org Cc: devel@driverdev.osuosl.org Cc: linux-kernel@vger.kernel.org --- drivers/staging/greybus/loopback.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/staging/greybus/loopback.c b/drivers/staging/greybus/loopback.c index 3d92638..20d1b45 100644 --- a/drivers/staging/greybus/loopback.c +++ b/drivers/staging/greybus/loopback.c @@ -605,7 +605,6 @@ static int gb_loopback_async_operation(struct gb_loopback *gb, int type, op_async->ts = ktime_get(); op_async->pending = true; atomic_inc(&gb->outstanding_operations); - mutex_lock(&gb->mutex); ret = gb_operation_request_send(operation, gb_loopback_async_operation_callback, 0, @@ -622,7 +621,6 @@ static int gb_loopback_async_operation(struct gb_loopback *gb, int type, error: gb_loopback_async_operation_put(op_async); done: - mutex_unlock(&gb->mutex); return ret; }
@@ -1013,7 +1011,6 @@ static int gb_loopback_fn(void *data) type = gb->type; if (ktime_to_ns(gb->ts) == 0) gb->ts = ktime_get(); - mutex_unlock(&gb->mutex);
/* Else operations to perform */ if (gb->async) { @@ -1041,6 +1038,7 @@ static int gb_loopback_fn(void *data) gb_loopback_calculate_stats(gb, !!error); } gb->send_count++; + mutex_unlock(&gb->mutex);
if (us_wait) { if (us_wait < 20000)
On Mon, Nov 06, 2017 at 01:32:19AM +0000, Bryan O'Donoghue wrote:
Commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations") changes the holding of the per-connection mutex to be less restrictive because at the time of that commit per-connection mutexes were encapsulated by a per-driver level gb_dev.mutex.
Commit 8e1d6c336d74 ("greybus: loopback: drop bus aggregate calculation") on the other hand subtracts the driver level gb_dev.mutex but neglects to move the mutex back to the place it was prior to commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations"), as a result several members of the per connection struct gb_loopback are racy.
The solution is restoring the old location of mutex_unlock(&gb->mutex) as it was in commit d9fb3754ecf8 ("greybus: loopback: Relax locking during loopback operations").
Fixes: 8e1d6c336d74 ("greybus: loopback: drop bus aggregate calculation")
Signed-off-by: Bryan O'Donoghue pure.logic@nexus-software.ie Cc: Johan Hovold johan@kernel.org Cc: Alex Elder elder@kernel.org Cc: Greg Kroah-Hartman gregkh@linuxfoundation.org Cc: Mitch Tasman tasman@leaflabs.com Cc: greybus-dev@lists.linaro.org Cc: devel@driverdev.osuosl.org Cc: linux-kernel@vger.kernel.org
This looks like it addresses both my comments on v1 (mutex and error stats). Thanks for tracking it down.
Reviewed-by: Johan Hovold johan@kernel.org
Johan