diff options
| author | Sumit Kumar <sumit.kumar@oss.qualcomm.com> | 2026-04-14 09:29:40 +0300 |
|---|---|---|
| committer | Manivannan Sadhasivam <manivannan.sadhasivam@oss.qualcomm.com> | 2026-05-12 17:30:53 +0300 |
| commit | 9dece4435d396e9877e27483552b910ba8654169 (patch) | |
| tree | ccff19c854cf1f38875ee9ef52b49707bd7e4100 | |
| parent | 86f6dc05ea051fa03ebc03174bc00f734593465d (diff) | |
| download | linux-9dece4435d396e9877e27483552b910ba8654169.tar.xz | |
bus: mhi: ep: Fix potential deadlock in mhi_ep_reset_worker()
There is a potential deadlock scenario in mhi_ep_reset_worker() where
the state_lock mutex is acquired twice in the same call chain:
mhi_ep_reset_worker()
mutex_lock(&mhi_cntrl->state_lock)
mhi_ep_power_up()
mhi_ep_set_ready_state()
mutex_lock(&mhi_cntrl->state_lock) <- Deadlock
Fix this by releasing the state_lock before calling mhi_ep_power_up().
The lock is only needed to protect current MHI state read operation. The
lock can be safely released before proceeding with the power up sequence.
Fixes: 7a97b6b47353 ("bus: mhi: ep: Add support for handling MHI_RESET")
Signed-off-by: Sumit Kumar <sumit.kumar@oss.qualcomm.com>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@oss.qualcomm.com>
Link: https://patch.msgid.link/20260414-reset_worker_deadlock-v2-1-42fd682b45db@oss.qualcomm.com
| -rw-r--r-- | drivers/bus/mhi/ep/main.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index 0277e1ab1198..425525e232f9 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -1087,11 +1087,12 @@ static void mhi_ep_reset_worker(struct work_struct *work) mhi_ep_power_down(mhi_cntrl); - mutex_lock(&mhi_cntrl->state_lock); - /* Reset MMIO to signal host that the MHI_RESET is completed in endpoint */ mhi_ep_mmio_reset(mhi_cntrl); + + mutex_lock(&mhi_cntrl->state_lock); cur_state = mhi_cntrl->mhi_state; + mutex_unlock(&mhi_cntrl->state_lock); /* * Only proceed further if the reset is due to SYS_ERR. The host will @@ -1100,8 +1101,6 @@ static void mhi_ep_reset_worker(struct work_struct *work) */ if (cur_state == MHI_STATE_SYS_ERR) mhi_ep_power_up(mhi_cntrl); - - mutex_unlock(&mhi_cntrl->state_lock); } /* |
