HSI: cmt_speech: Fix double spin_lock

Release &hi->lock before calling `cs_hsi_control_read_error' to avoid deadlock.

The bug was found using EBA (https://github.com/models-team/eba), which reported
the following:

    Double lock
    first at drivers/hsi/clients/cmt_speech.c:443
    second at drivers/hsi/clients/cmt_speech.c:447
    In cs_hsi_read_on_control_complete defined at drivers/hsi/clients/cmt_speech.c:438:
    (!) drivers/hsi/clients/cmt_speech.c:443: spin_lock(& hi->lock);
    (?) drivers/hsi/clients/cmt_speech.c:445: msg->status == 4 -> true
    (!) drivers/hsi/clients/cmt_speech.c:447: cs_hsi_control_read_error(hi, msg);
        (!) drivers/hsi/clients/cmt_speech.c:407: __cs_hsi_error_pre(hi, msg, "control read",
                       & hi->control_state);
            (!) drivers/hsi/clients/cmt_speech.c:382: spin_lock(& hi->lock);

Signed-off-by: Iago Abal <mail@iagoabal.eu>
Signed-off-by: Sebastian Reichel <sre@kernel.org>

diff --git a/drivers/hsi/clients/cmt_speech.c b/drivers/hsi/clients/cmt_speech.c
index b16cfa4b2360c55dd81b4771a9a2723e04d27a34..3deef6cc7d7c230dfa3527b5a53b9089239c9de6 100644 (file)
--- a/drivers/hsi/clients/cmt_speech.c
+++ b/drivers/hsi/clients/cmt_speech.c
@@ -444,8 +444,8 @@ static void cs_hsi_read_on_control_complete(struct hsi_msg *msg)
        hi->control_state &= ~SSI_CHANNEL_STATE_READING;
        if (msg->status == HSI_STATUS_ERROR) {
                dev_err(&hi->cl->device, "Control RX error detected\n");
-               cs_hsi_control_read_error(hi, msg);
                spin_unlock(&hi->lock);
+               cs_hsi_control_read_error(hi, msg);
                goto out;
        }
        dev_dbg(&hi->cl->device, "Read on control: %08X\n", cmd);