[xilinx-xlnx:xlnx_rebase_v5.10 65/1981] drivers/spi/spi-zynqmp-gqspi.c:968:3-9: preceding lock on line 959 (fwd)
wqyoung
quanyang.wang at windriver.com
Sat Dec 18 04:44:45 PST 2021
Hi Julia,
Thank you for reporting this.
This has been fixed by the commit d15525adb4b5 ("spi: spi-zynqmp-gqspi:
fix use-after-free in zynqmp_qspi_exec_op") which is in
linux-xlnx/master branch. I guess it is waiting to be merged into 5.10
branch.
Thanks,
Quanyang
On 2021/12/18 下午5:58, Julia Lawall wrote:
> Hello,
>
> Line 968 seems to need an unlock.
>
> julia
>
> ---------- Forwarded message ----------
> Date: Sat, 18 Dec 2021 03:01:38 +0800
> From: kernel test robot <lkp at intel.com>
> To: kbuild at lists.01.org
> Cc: lkp at intel.com, Julia Lawall <julia.lawall at lip6.fr>
> Subject: [xilinx-xlnx:xlnx_rebase_v5.10 65/1981]
> drivers/spi/spi-zynqmp-gqspi.c:968:3-9: preceding lock on line 959
>
> CC: kbuild-all at lists.01.org
> CC: linux-arm-kernel at lists.infradead.org
> TO: Quanyang Wang <quanyang.wang at windriver.com>
> CC: Michal Simek <monstr at monstr.eu>
> CC: Amit Kumar Mahapatra <amit.kumar-mahapatra at xilinx.com>
>
> tree: https://github.com/Xilinx/linux-xlnx xlnx_rebase_v5.10
> head: 87ec9a2d98a7a7dfc98b57348a0ec310fd170e4b
> commit: bc753db9c74d949b33bbb8b08a9b6340b57a444f [65/1981] spi: spi-zynqmp-gqspi: add mutex locking for exec_op
> :::::: branch date: 3 days ago
> :::::: commit date: 9 months ago
> config: x86_64-randconfig-c002-20211216 (https://download.01.org/0day-ci/archive/20211218/202112180238.NUlXfiNL-lkp@intel.com/config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp at intel.com>
> Reported-by: Julia Lawall <julia.lawall at lip6.fr>
>
>
> cocci warnings: (new ones prefixed by >>)
>>> drivers/spi/spi-zynqmp-gqspi.c:968:3-9: preceding lock on line 959
>
> vim +968 drivers/spi/spi-zynqmp-gqspi.c
>
> 9e3a000362aecb Naga Sureshkumar Relli 2018-03-26 934
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 935 /**
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 936 * zynqmp_qspi_exec_op() - Initiates the QSPI transfer
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 937 * @mem: The SPI memory
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 938 * @op: The memory operation to execute
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 939 *
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 940 * Executes a memory operation.
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 941 *
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 942 * This function first selects the chip and starts the memory operation.
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 943 *
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 944 * Return: 0 in case of success, a negative error code otherwise.
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 945 */
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 946 static int zynqmp_qspi_exec_op(struct spi_mem *mem,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 947 const struct spi_mem_op *op)
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 948 {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 949 struct zynqmp_qspi *xqspi = spi_controller_get_devdata
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 950 (mem->spi->master);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 951 int err = 0, i;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 952 u8 *tmpbuf;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 953 u32 genfifoentry = 0;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 954
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 955 dev_dbg(xqspi->dev, "cmd:%#x mode:%d.%d.%d.%d\n",
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 956 op->cmd.opcode, op->cmd.buswidth, op->addr.buswidth,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 957 op->dummy.buswidth, op->data.buswidth);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 958
> bc753db9c74d94 Quanyang Wang 2020-11-19 @959 mutex_lock(&xqspi->op_lock);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 960 zynqmp_qspi_config_op(xqspi, mem->spi);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 961 zynqmp_qspi_chipselect(mem->spi, false);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 962 genfifoentry |= xqspi->genfifocs;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 963 genfifoentry |= xqspi->genfifobus;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 964
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 965 if (op->cmd.opcode) {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 966 tmpbuf = kzalloc(op->cmd.nbytes, GFP_KERNEL | GFP_DMA);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 967 if (!tmpbuf)
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 @968 return -ENOMEM;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 969 tmpbuf[0] = op->cmd.opcode;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 970 reinit_completion(&xqspi->data_completion);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 971 xqspi->txbuf = tmpbuf;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 972 xqspi->rxbuf = NULL;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 973 xqspi->bytes_to_transfer = op->cmd.nbytes;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 974 xqspi->bytes_to_receive = 0;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 975 zynqmp_qspi_write_op(xqspi, op->cmd.buswidth, genfifoentry);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 976 zynqmp_gqspi_write(xqspi, GQSPI_CONFIG_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 977 zynqmp_gqspi_read(xqspi, GQSPI_CONFIG_OFST) |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 978 GQSPI_CFG_START_GEN_FIFO_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 979 zynqmp_gqspi_write(xqspi, GQSPI_IER_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 980 GQSPI_IER_GENFIFOEMPTY_MASK |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 981 GQSPI_IER_TXNOT_FULL_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 982 if (!wait_for_completion_interruptible_timeout
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 983 (&xqspi->data_completion, msecs_to_jiffies(1000))) {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 984 err = -ETIMEDOUT;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 985 kfree(tmpbuf);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 986 goto return_err;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 987 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 988 kfree(tmpbuf);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 989 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 990
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 991 if (op->addr.nbytes) {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 992 for (i = 0; i < op->addr.nbytes; i++) {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 993 *(((u8 *)xqspi->txbuf) + i) = op->addr.val >>
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 994 (8 * (op->addr.nbytes - i - 1));
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 995 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 996
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 997 reinit_completion(&xqspi->data_completion);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 998 xqspi->rxbuf = NULL;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 999 xqspi->bytes_to_transfer = op->addr.nbytes;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1000 xqspi->bytes_to_receive = 0;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1001 zynqmp_qspi_write_op(xqspi, op->addr.buswidth, genfifoentry);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1002 zynqmp_gqspi_write(xqspi, GQSPI_CONFIG_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1003 zynqmp_gqspi_read(xqspi,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1004 GQSPI_CONFIG_OFST) |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1005 GQSPI_CFG_START_GEN_FIFO_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1006 zynqmp_gqspi_write(xqspi, GQSPI_IER_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1007 GQSPI_IER_TXEMPTY_MASK |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1008 GQSPI_IER_GENFIFOEMPTY_MASK |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1009 GQSPI_IER_TXNOT_FULL_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1010 if (!wait_for_completion_interruptible_timeout
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1011 (&xqspi->data_completion, msecs_to_jiffies(1000))) {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1012 err = -ETIMEDOUT;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1013 goto return_err;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1014 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1015 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1016
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1017 if (op->dummy.nbytes) {
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1018 xqspi->txbuf = NULL;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1019 xqspi->rxbuf = NULL;
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1020 /*
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1021 * xqspi->bytes_to_transfer here represents the dummy circles
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1022 * per data line.
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1023 */
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1024 xqspi->bytes_to_transfer = op->dummy.nbytes * 8 / op->dummy.buswidth;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1025 xqspi->bytes_to_receive = 0;
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1026 /*
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1027 * Using op->data.buswidth instead of op->dummy.buswidth since
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1028 * the specification requires that the dummy.buswidth should
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1029 * be the same as data.buswidth.
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1030 */
> 5e19e3ddfa5d4b Quanyang Wang 2020-11-16 1031 zynqmp_qspi_write_op(xqspi, op->data.buswidth,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1032 genfifoentry);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1033 zynqmp_gqspi_write(xqspi, GQSPI_CONFIG_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1034 zynqmp_gqspi_read(xqspi, GQSPI_CONFIG_OFST) |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1035 GQSPI_CFG_START_GEN_FIFO_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1036 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1037
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1038 if (op->data.nbytes) {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1039 reinit_completion(&xqspi->data_completion);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1040 if (op->data.dir == SPI_MEM_DATA_OUT) {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1041 xqspi->txbuf = (u8 *)op->data.buf.out;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1042 xqspi->rxbuf = NULL;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1043 xqspi->bytes_to_transfer = op->data.nbytes;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1044 xqspi->bytes_to_receive = 0;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1045 zynqmp_qspi_write_op(xqspi, op->data.buswidth,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1046 genfifoentry);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1047 zynqmp_gqspi_write(xqspi, GQSPI_CONFIG_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1048 zynqmp_gqspi_read
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1049 (xqspi, GQSPI_CONFIG_OFST) |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1050 GQSPI_CFG_START_GEN_FIFO_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1051 zynqmp_gqspi_write(xqspi, GQSPI_IER_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1052 GQSPI_IER_TXEMPTY_MASK |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1053 GQSPI_IER_GENFIFOEMPTY_MASK |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1054 GQSPI_IER_TXNOT_FULL_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1055 } else {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1056 xqspi->txbuf = NULL;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1057 xqspi->rxbuf = (u8 *)op->data.buf.in;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1058 xqspi->bytes_to_receive = op->data.nbytes;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1059 xqspi->bytes_to_transfer = 0;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1060 zynqmp_qspi_read_op(xqspi, op->data.buswidth,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1061 genfifoentry);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1062 zynqmp_gqspi_write(xqspi, GQSPI_CONFIG_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1063 zynqmp_gqspi_read
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1064 (xqspi, GQSPI_CONFIG_OFST) |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1065 GQSPI_CFG_START_GEN_FIFO_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1066 if (xqspi->mode == GQSPI_MODE_DMA) {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1067 zynqmp_gqspi_write
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1068 (xqspi, GQSPI_QSPIDMA_DST_I_EN_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1069 GQSPI_QSPIDMA_DST_I_EN_DONE_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1070 } else {
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1071 zynqmp_gqspi_write(xqspi, GQSPI_IER_OFST,
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1072 GQSPI_IER_GENFIFOEMPTY_MASK |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1073 GQSPI_IER_RXNEMPTY_MASK |
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1074 GQSPI_IER_RXEMPTY_MASK);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1075 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1076 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1077 if (!wait_for_completion_interruptible_timeout
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1078 (&xqspi->data_completion, msecs_to_jiffies(1000)))
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1079 err = -ETIMEDOUT;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1080 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1081
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1082 return_err:
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1083
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1084 zynqmp_qspi_chipselect(mem->spi, true);
> bc753db9c74d94 Quanyang Wang 2020-11-19 1085 mutex_unlock(&xqspi->op_lock);
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1086
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1087 return err;
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1088 }
> 1c26372e5aa9e5 Amit Kumar Mahapatra 2020-09-24 1089
>
> :::::: The code at line 968 was first introduced by commit
> :::::: 1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e spi: spi-zynqmp-gqspi: Update driver to use spi-mem framework
>
> :::::: TO: Amit Kumar Mahapatra <amit.kumar-mahapatra at xilinx.com>
> :::::: CC: Mark Brown <broonie at kernel.org>
>
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
More information about the linux-arm-kernel
mailing list