mei: bus: use correct lock ordering
authorTomas Winkler <tomas.winkler@intel.com>
Wed, 28 Oct 2015 12:34:34 +0000 (14:34 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 29 Oct 2015 00:02:16 +0000 (09:02 +0900)
The correct lock order is
  cl_bus_lock
    device_lock
      me_clients_rwsem

This order was violated in bus rescan and remove routines
when me_client_rwsem was locked before cl_bus_lock.

Chain exists of:
[    4.321653]   &dev->device_lock --> &dev->me_clients_rwsem -->
&dev->cl_bus_lock
[    4.321653]
[    4.321679]  Possible unsafe locking scenario:
[    4.321679]
[    4.321693]        CPU0                    CPU1
[    4.321701]        ----                    ----
[    4.321709]   lock(&dev->cl_bus_lock);
[    4.321720]
lock(&dev->me_clients_rwsem);
[    4.321733]                                lock(&dev->cl_bus_lock);
[    4.321745]   lock(&dev->device_lock);
[    4.321755]
[    4.321755]  *** DEADLOCK ***
[    4.321755]

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/misc/mei/bus.c

index 160e084ae800f671f916e2991bd693d1ce8c3b38..46403e48be4fa146205571feff77ca3dae589e3f 100644 (file)
@@ -830,17 +830,20 @@ static void mei_cl_bus_dev_stop(struct mei_cl_device *cldev)
  * mei_cl_bus_dev_destroy - destroy me client devices object
  *
  * @cldev: me client device
+ *
+ * Locking: called under "dev->cl_bus_lock" lock
  */
 static void mei_cl_bus_dev_destroy(struct mei_cl_device *cldev)
 {
+
+       WARN_ON(!mutex_is_locked(&cldev->bus->cl_bus_lock));
+
        if (!cldev->is_added)
                return;
 
        device_del(&cldev->dev);
 
-       mutex_lock(&cldev->bus->cl_bus_lock);
        list_del_init(&cldev->bus_list);
-       mutex_unlock(&cldev->bus->cl_bus_lock);
 
        cldev->is_added = 0;
        put_device(&cldev->dev);
@@ -866,8 +869,10 @@ void mei_cl_bus_remove_devices(struct mei_device *bus)
 {
        struct mei_cl_device *cldev, *next;
 
+       mutex_lock(&bus->cl_bus_lock);
        list_for_each_entry_safe(cldev, next, &bus->device_list, bus_list)
                mei_cl_bus_remove_device(cldev);
+       mutex_unlock(&bus->cl_bus_lock);
 }
 
 
@@ -877,12 +882,16 @@ void mei_cl_bus_remove_devices(struct mei_device *bus)
  *
  * @bus: mei device
  * @me_cl: me client
+ *
+ * Locking: called under "dev->cl_bus_lock" lock
  */
 static void mei_cl_bus_dev_init(struct mei_device *bus,
                                struct mei_me_client *me_cl)
 {
        struct mei_cl_device *cldev;
 
+       WARN_ON(!mutex_is_locked(&bus->cl_bus_lock));
+
        dev_dbg(bus->dev, "initializing %pUl", mei_me_cl_uuid(me_cl));
 
        if (me_cl->bus_added)
@@ -892,10 +901,8 @@ static void mei_cl_bus_dev_init(struct mei_device *bus,
        if (!cldev)
                return;
 
-       mutex_lock(&cldev->bus->cl_bus_lock);
        me_cl->bus_added = true;
        list_add_tail(&cldev->bus_list, &bus->device_list);
-       mutex_unlock(&cldev->bus->cl_bus_lock);
 
 }
 
@@ -910,12 +917,13 @@ void mei_cl_bus_rescan(struct mei_device *bus)
        struct mei_cl_device *cldev, *n;
        struct mei_me_client *me_cl;
 
+       mutex_lock(&bus->cl_bus_lock);
+
        down_read(&bus->me_clients_rwsem);
        list_for_each_entry(me_cl, &bus->me_clients, list)
                mei_cl_bus_dev_init(bus, me_cl);
        up_read(&bus->me_clients_rwsem);
 
-       mutex_lock(&bus->cl_bus_lock);
        list_for_each_entry_safe(cldev, n, &bus->device_list, bus_list) {
 
                if (!mei_me_cl_is_active(cldev->me_cl)) {