usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq()

r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.

The patch just moves locking before calling r8a66597_sudmac_irq().

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Felipe Balbi <balbi@ti.com>

diff --git a/drivers/usb/gadget/r8a66597-udc.c b/drivers/usb/gadget/r8a66597-udc.c
index 51ea1690ca5dbbddb9911be9a163cec88dbf8a03..c6af649f324008bb31706baecac5d91497a27cd7 100644 (file)
--- a/drivers/usb/gadget/r8a66597-udc.c
+++ b/drivers/usb/gadget/r8a66597-udc.c
@@ -1469,11 +1469,11 @@ static irqreturn_t r8a66597_irq(int irq, void *_r8a66597)
        u16 savepipe;
        u16 mask0;
 
+       spin_lock(&r8a66597->lock);
+
        if (r8a66597_is_sudmac(r8a66597))
                r8a66597_sudmac_irq(r8a66597);
 
-       spin_lock(&r8a66597->lock);
-
        intsts0 = r8a66597_read(r8a66597, INTSTS0);
        intenb0 = r8a66597_read(r8a66597, INTENB0);