PM / OPP: Call notifier without holding opp_table->lock
authorViresh Kumar <viresh.kumar@linaro.org>
Thu, 21 Sep 2017 17:44:36 +0000 (10:44 -0700)
committerRafael J. Wysocki <rafael.j.wysocki@intel.com>
Mon, 25 Sep 2017 22:44:32 +0000 (00:44 +0200)
The notifier callbacks may want to call some OPP helper routines which
may try to take the same opp_table->lock again and cause a deadlock. One
such usecase was reported by Chanwoo Choi, where calling
dev_pm_opp_disable() leads us to the devfreq's OPP notifier handler,
which further calls dev_pm_opp_find_freq_floor() and it deadlocks.

We don't really need the opp_table->lock to be held across the notifier
call though, all we want to make sure is that the 'opp' doesn't get
freed while being used from within the notifier chain. We can do it with
help of dev_pm_opp_get/put() as well. Let's do it.

Cc: 4.11+ <stable@vger.kernel.org> # 4.11+
Fixes: 5b650b388844 "PM / OPP: Take kref from _find_opp_table()"
Reported-by: Chanwoo Choi <cw00.choi@samsung.com>
Tested-by: Chanwoo Choi <cw00.choi@samsung.com>
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
drivers/base/power/opp/core.c

index a8cc14fd8ae49ff92cb2fc3dd593273aefd6e10d..a6de325306933b57928b8d16d741247e93274102 100644 (file)
@@ -1581,6 +1581,9 @@ static int _opp_set_availability(struct device *dev, unsigned long freq,
 
        opp->available = availability_req;
 
+       dev_pm_opp_get(opp);
+       mutex_unlock(&opp_table->lock);
+
        /* Notify the change of the OPP availability */
        if (availability_req)
                blocking_notifier_call_chain(&opp_table->head, OPP_EVENT_ENABLE,
@@ -1589,8 +1592,12 @@ static int _opp_set_availability(struct device *dev, unsigned long freq,
                blocking_notifier_call_chain(&opp_table->head,
                                             OPP_EVENT_DISABLE, opp);
 
+       dev_pm_opp_put(opp);
+       goto put_table;
+
 unlock:
        mutex_unlock(&opp_table->lock);
+put_table:
        dev_pm_opp_put_opp_table(opp_table);
        return r;
 }