diff mbox series

[v2] iio: adc: exynos: do not rely on 'users' counter in ISR

Message ID 20201006041214.GA4145870@dtor-ws
State Superseded
Headers show
Series [v2] iio: adc: exynos: do not rely on 'users' counter in ISR | expand

Commit Message

Dmitry Torokhov Oct. 6, 2020, 4:12 a.m. UTC
The order in which 'users' counter is decremented vs calling drivers'
close() method is implementation specific, and we should not rely on
it. Let's introduce driver private flag and use it to signal ISR
to exit when device is being closed.

This has a side-effect of fixing issue of accessing inut->users
outside of input->mutex protection.

Reported-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
---

v2: switched from ordinary read/write to READ_ONCE/WRITE_ONCE per Michał
Mirosław 

 drivers/iio/adc/exynos_adc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Krzysztof Kozlowski Oct. 6, 2020, 7:08 a.m. UTC | #1
On Tue, 6 Oct 2020 at 06:12, <dmitry.torokhov@gmail.com> wrote:
>

> The order in which 'users' counter is decremented vs calling drivers'

> close() method is implementation specific, and we should not rely on

> it. Let's introduce driver private flag and use it to signal ISR

> to exit when device is being closed.

>

> This has a side-effect of fixing issue of accessing inut->users

> outside of input->mutex protection.

>

> Reported-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>

> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

> ---

>

> v2: switched from ordinary read/write to READ_ONCE/WRITE_ONCE per Michał

> Mirosław

>

>  drivers/iio/adc/exynos_adc.c | 7 ++++++-

>  1 file changed, 6 insertions(+), 1 deletion(-)


Acked-by: Krzysztof Kozlowski <krzk@kernel.org>


Best regards,
Krzysztof
Michał Mirosław Oct. 6, 2020, 7:39 p.m. UTC | #2
On Mon, Oct 05, 2020 at 09:12:14PM -0700, dmitry.torokhov@gmail.com wrote:
> The order in which 'users' counter is decremented vs calling drivers'

> close() method is implementation specific, and we should not rely on

> it. Let's introduce driver private flag and use it to signal ISR

> to exit when device is being closed.

> 

> This has a side-effect of fixing issue of accessing inut->users

> outside of input->mutex protection.

[...]

Reviewed-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>

(after with a fix mentioned below)

> --- a/drivers/iio/adc/exynos_adc.c

> +++ b/drivers/iio/adc/exynos_adc.c

[...]
> @@ -712,6 +715,7 @@ static int exynos_adc_ts_open(struct input_dev *dev)

>  {

>  	struct exynos_adc *info = input_get_drvdata(dev);

>  

> +	WRITE_ONCE(info->ts_enabled, true);

>  	enable_irq(info->tsirq);

>  

>  	return 0;

> @@ -721,6 +725,7 @@ static void exynos_adc_ts_close(struct input_dev *dev)

>  {

>  	struct exynos_adc *info = input_get_drvdata(dev);

>  

> +	WRITE_ONCE(info->ts_enabled, true);

>  	disable_irq(info->tsirq);


Shouldn't 'true' be 'false' here?

Best Regards,
Michał Mirosław
Dmitry Torokhov Oct. 6, 2020, 9:50 p.m. UTC | #3
On Tue, Oct 06, 2020 at 09:39:07PM +0200, Michał Mirosław wrote:
> On Mon, Oct 05, 2020 at 09:12:14PM -0700, dmitry.torokhov@gmail.com wrote:

> > The order in which 'users' counter is decremented vs calling drivers'

> > close() method is implementation specific, and we should not rely on

> > it. Let's introduce driver private flag and use it to signal ISR

> > to exit when device is being closed.

> > 

> > This has a side-effect of fixing issue of accessing inut->users

> > outside of input->mutex protection.

> [...]

> 

> Reviewed-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>

> (after with a fix mentioned below)

> 

> > --- a/drivers/iio/adc/exynos_adc.c

> > +++ b/drivers/iio/adc/exynos_adc.c

> [...]

> > @@ -712,6 +715,7 @@ static int exynos_adc_ts_open(struct input_dev *dev)

> >  {

> >  	struct exynos_adc *info = input_get_drvdata(dev);

> >  

> > +	WRITE_ONCE(info->ts_enabled, true);

> >  	enable_irq(info->tsirq);

> >  

> >  	return 0;

> > @@ -721,6 +725,7 @@ static void exynos_adc_ts_close(struct input_dev *dev)

> >  {

> >  	struct exynos_adc *info = input_get_drvdata(dev);

> >  

> > +	WRITE_ONCE(info->ts_enabled, true);

> >  	disable_irq(info->tsirq);

> 

> Shouldn't 'true' be 'false' here?


I swear if we disable cut-n-paste functionality there will be markable
reduction in bug rates...

Thanks for noticing this!

-- 
Dmitry
diff mbox series

Patch

diff --git a/drivers/iio/adc/exynos_adc.c b/drivers/iio/adc/exynos_adc.c
index 22131a677445..6c705fe599a3 100644
--- a/drivers/iio/adc/exynos_adc.c
+++ b/drivers/iio/adc/exynos_adc.c
@@ -7,6 +7,7 @@ 
  *  Copyright (C) 2013 Naveen Krishna Chatradhi <ch.naveen@samsung.com>
  */
 
+#include <linux/compiler.h>
 #include <linux/module.h>
 #include <linux/platform_device.h>
 #include <linux/interrupt.h>
@@ -135,6 +136,8 @@  struct exynos_adc {
 	u32			value;
 	unsigned int            version;
 
+	bool			ts_enabled;
+
 	bool			read_ts;
 	u32			ts_x;
 	u32			ts_y;
@@ -633,7 +636,7 @@  static irqreturn_t exynos_ts_isr(int irq, void *dev_id)
 	bool pressed;
 	int ret;
 
-	while (info->input->users) {
+	while (READ_ONCE(info->ts_enabled)) {
 		ret = exynos_read_s3c64xx_ts(dev, &x, &y);
 		if (ret == -ETIMEDOUT)
 			break;
@@ -712,6 +715,7 @@  static int exynos_adc_ts_open(struct input_dev *dev)
 {
 	struct exynos_adc *info = input_get_drvdata(dev);
 
+	WRITE_ONCE(info->ts_enabled, true);
 	enable_irq(info->tsirq);
 
 	return 0;
@@ -721,6 +725,7 @@  static void exynos_adc_ts_close(struct input_dev *dev)
 {
 	struct exynos_adc *info = input_get_drvdata(dev);
 
+	WRITE_ONCE(info->ts_enabled, true);
 	disable_irq(info->tsirq);
 }