From: Alexey Khoroshilov <khoroshilov@ispras.ru>
Date: Wed, 29 May 2013 20:51:37 +0000 (+0400)
Subject: usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq()
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f37d49ad6e3d351fcf3cd042953ff273b6cd47e0;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

usb: gadget: r8a66597-udc: do not unlock unheld spinlock in r8a66597_sudmac_irq()

r8a66597_irq() processes sudmac part (r8a66597_sudmac_irq()) before locking r8a66597->lock.
But transfer_complete(), that is called inside (r8a66597_sudmac_irq()->sudmac_finish()->transfer_complete()),
expects r8a66597->lock is locked. As a result unheld spinlock can be unlocked.

The patch just moves locking before calling r8a66597_sudmac_irq().

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Felipe Balbi <balbi@ti.com>
---

diff --git a/drivers/usb/gadget/r8a66597-udc.c b/drivers/usb/gadget/r8a66597-udc.c
index 51ea1690ca5d..c6af649f3240 100644
--- a/drivers/usb/gadget/r8a66597-udc.c
+++ b/drivers/usb/gadget/r8a66597-udc.c
@@ -1469,11 +1469,11 @@ static irqreturn_t r8a66597_irq(int irq, void *_r8a66597)
 	u16 savepipe;
 	u16 mask0;
 
+	spin_lock(&r8a66597->lock);
+
 	if (r8a66597_is_sudmac(r8a66597))
 		r8a66597_sudmac_irq(r8a66597);
 
-	spin_lock(&r8a66597->lock);
-
 	intsts0 = r8a66597_read(r8a66597, INTSTS0);
 	intenb0 = r8a66597_read(r8a66597, INTENB0);