mei: bus: use correct lock ordering

The correct lock order is
  cl_bus_lock
    device_lock
      me_clients_rwsem

This order was violated in bus rescan and remove routines
when me_client_rwsem was locked before cl_bus_lock.

Chain exists of:
[    4.321653]   &dev->device_lock --> &dev->me_clients_rwsem -->
&dev->cl_bus_lock
[    4.321653]
[    4.321679]  Possible unsafe locking scenario:
[    4.321679]
[    4.321693]        CPU0                    CPU1
[    4.321701]        ----                    ----
[    4.321709]   lock(&dev->cl_bus_lock);
[    4.321720]
lock(&dev->me_clients_rwsem);
[    4.321733]                                lock(&dev->cl_bus_lock);
[    4.321745]   lock(&dev->device_lock);
[    4.321755]
[    4.321755]  *** DEADLOCK ***
[    4.321755]

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Tomas Winkler 2015-10-28 14:34:34 +02:00 коммит произвёл Greg Kroah-Hartman
Родитель 2be7010cad
Коммит 2da55cfd60
1 изменённых файлов: 13 добавлений и 5 удалений

Просмотреть файл

@ -830,17 +830,20 @@ static void mei_cl_bus_dev_stop(struct mei_cl_device *cldev)
* mei_cl_bus_dev_destroy - destroy me client devices object * mei_cl_bus_dev_destroy - destroy me client devices object
* *
* @cldev: me client device * @cldev: me client device
*
* Locking: called under "dev->cl_bus_lock" lock
*/ */
static void mei_cl_bus_dev_destroy(struct mei_cl_device *cldev) static void mei_cl_bus_dev_destroy(struct mei_cl_device *cldev)
{ {
WARN_ON(!mutex_is_locked(&cldev->bus->cl_bus_lock));
if (!cldev->is_added) if (!cldev->is_added)
return; return;
device_del(&cldev->dev); device_del(&cldev->dev);
mutex_lock(&cldev->bus->cl_bus_lock);
list_del_init(&cldev->bus_list); list_del_init(&cldev->bus_list);
mutex_unlock(&cldev->bus->cl_bus_lock);
cldev->is_added = 0; cldev->is_added = 0;
put_device(&cldev->dev); put_device(&cldev->dev);
@ -866,8 +869,10 @@ void mei_cl_bus_remove_devices(struct mei_device *bus)
{ {
struct mei_cl_device *cldev, *next; struct mei_cl_device *cldev, *next;
mutex_lock(&bus->cl_bus_lock);
list_for_each_entry_safe(cldev, next, &bus->device_list, bus_list) list_for_each_entry_safe(cldev, next, &bus->device_list, bus_list)
mei_cl_bus_remove_device(cldev); mei_cl_bus_remove_device(cldev);
mutex_unlock(&bus->cl_bus_lock);
} }
@ -877,12 +882,16 @@ void mei_cl_bus_remove_devices(struct mei_device *bus)
* *
* @bus: mei device * @bus: mei device
* @me_cl: me client * @me_cl: me client
*
* Locking: called under "dev->cl_bus_lock" lock
*/ */
static void mei_cl_bus_dev_init(struct mei_device *bus, static void mei_cl_bus_dev_init(struct mei_device *bus,
struct mei_me_client *me_cl) struct mei_me_client *me_cl)
{ {
struct mei_cl_device *cldev; struct mei_cl_device *cldev;
WARN_ON(!mutex_is_locked(&bus->cl_bus_lock));
dev_dbg(bus->dev, "initializing %pUl", mei_me_cl_uuid(me_cl)); dev_dbg(bus->dev, "initializing %pUl", mei_me_cl_uuid(me_cl));
if (me_cl->bus_added) if (me_cl->bus_added)
@ -892,10 +901,8 @@ static void mei_cl_bus_dev_init(struct mei_device *bus,
if (!cldev) if (!cldev)
return; return;
mutex_lock(&cldev->bus->cl_bus_lock);
me_cl->bus_added = true; me_cl->bus_added = true;
list_add_tail(&cldev->bus_list, &bus->device_list); list_add_tail(&cldev->bus_list, &bus->device_list);
mutex_unlock(&cldev->bus->cl_bus_lock);
} }
@ -910,12 +917,13 @@ void mei_cl_bus_rescan(struct mei_device *bus)
struct mei_cl_device *cldev, *n; struct mei_cl_device *cldev, *n;
struct mei_me_client *me_cl; struct mei_me_client *me_cl;
mutex_lock(&bus->cl_bus_lock);
down_read(&bus->me_clients_rwsem); down_read(&bus->me_clients_rwsem);
list_for_each_entry(me_cl, &bus->me_clients, list) list_for_each_entry(me_cl, &bus->me_clients, list)
mei_cl_bus_dev_init(bus, me_cl); mei_cl_bus_dev_init(bus, me_cl);
up_read(&bus->me_clients_rwsem); up_read(&bus->me_clients_rwsem);
mutex_lock(&bus->cl_bus_lock);
list_for_each_entry_safe(cldev, n, &bus->device_list, bus_list) { list_for_each_entry_safe(cldev, n, &bus->device_list, bus_list) {
if (!mei_me_cl_is_active(cldev->me_cl)) { if (!mei_me_cl_is_active(cldev->me_cl)) {