From ab709208e8d3cbbd3ba7df62e34b49d08cbfe18e Mon Sep 17 00:00:00 2001 From: Xia Yang Date: Mon, 28 Oct 2013 17:51:50 -0700 Subject: [PATCH] misc: cec: Fix bug potentially cause system hang Remove wait_event_interruptible() from interrupt context Change init_done to be atomic_t and reset as early as possible Bug 1395893 Change-Id: Ib0cf423a3405293000b0c0d9aa105da5bba22e53 Signed-off-by: Xia Yang Reviewed-on: http://git-master/r/304631 (cherry picked from commit ef034436a3c8aaf7a9ce5dd9ebaf8dc90dbcce4b) Signed-off-by: Xia Yang Reviewed-on: http://git-master/r/346042 Reviewed-on: http://git-master/r/1164141 (cherry picked from commit 76e681f957b27323227c9990679631636084b6ae) --- drivers/misc/tegra-cec/tegra_cec.c | 19 +++++++++++-------- drivers/misc/tegra-cec/tegra_cec.h | 3 ++- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/drivers/misc/tegra-cec/tegra_cec.c b/drivers/misc/tegra-cec/tegra_cec.c index df7f08f4..0b6db11f 100644 --- a/drivers/misc/tegra-cec/tegra_cec.c +++ b/drivers/misc/tegra-cec/tegra_cec.c @@ -47,7 +47,8 @@ int tegra_cec_open(struct inode *inode, struct file *file) struct tegra_cec, misc_dev); dev_dbg(cec->dev, "%s\n", __func__); - wait_event_interruptible(cec->init_waitq, cec->init_done == 1); + wait_event_interruptible(cec->init_waitq, + atomic_read(&cec->init_done) == 1); file->private_data = cec; return 0; @@ -70,7 +71,8 @@ ssize_t tegra_cec_write(struct file *file, const char __user *buffer, count = 4; - wait_event_interruptible(cec->init_waitq, cec->init_done == 1); + wait_event_interruptible(cec->init_waitq, + atomic_read(&cec->init_done) == 1); if (copy_from_user(&write_buff, buffer, count)) return -EFAULT; @@ -106,7 +108,8 @@ ssize_t tegra_cec_read(struct file *file, char __user *buffer, struct tegra_cec *cec = file->private_data; count = 2; - wait_event_interruptible(cec->init_waitq, cec->init_done == 1); + wait_event_interruptible(cec->init_waitq, + atomic_read(&cec->init_done) == 1); if (cec->rx_wake == 0) if (file->f_flags & O_NONBLOCK) @@ -128,8 +131,6 @@ static irqreturn_t tegra_cec_irq_handler(int irq, void *data) struct tegra_cec *cec = dev_get_drvdata(dev); unsigned long status; - wait_event_interruptible(cec->init_waitq, cec->init_done == 1); - status = readl(cec->cec_base + TEGRA_CEC_INT_STAT); if (!status) @@ -186,8 +187,6 @@ static void tegra_cec_init(struct tegra_cec *cec) dev_notice(cec->dev, "%s started\n", __func__); - cec->init_done = 0; - writel(0x00, cec->cec_base + TEGRA_CEC_HW_CONTROL); writel(0x00, cec->cec_base + TEGRA_CEC_INT_MASK); writel(0xffffffff, cec->cec_base + TEGRA_CEC_INT_STAT); @@ -245,7 +244,7 @@ static void tegra_cec_init(struct tegra_cec *cec) TEGRA_CEC_INT_MASK_RX_REGISTER_OVERRUN), cec->cec_base + TEGRA_CEC_INT_MASK); - cec->init_done = 1; + atomic_set(&cec->init_done, 1); wake_up_interruptible(&cec->init_waitq); dev_notice(cec->dev, "%s Done.\n", __func__); @@ -302,6 +301,8 @@ static int tegra_cec_probe(struct platform_device *pdev) goto cec_error; } + atomic_set(&cec->init_done, 0); + cec->clk = clk_get(&pdev->dev, "cec"); if (IS_ERR_OR_NULL(cec->clk)) { @@ -379,6 +380,8 @@ static int tegra_cec_suspend(struct platform_device *pdev, pm_message_t state) /* cancel the work queue */ cancel_work_sync(&cec->work); + atomic_set(&cec->init_done, 0); + clk_disable(cec->clk); dev_notice(&pdev->dev, "suspended\n"); diff --git a/drivers/misc/tegra-cec/tegra_cec.h b/drivers/misc/tegra-cec/tegra_cec.h index 814e7ba8..2ed99bbe 100644 --- a/drivers/misc/tegra-cec/tegra_cec.h +++ b/drivers/misc/tegra-cec/tegra_cec.h @@ -17,6 +17,7 @@ */ #include +#include struct tegra_cec { @@ -31,7 +32,7 @@ struct tegra_cec { unsigned int rx_wake; unsigned int tx_wake; unsigned short rx_buffer; - unsigned int init_done; + atomic_t init_done; struct work_struct work; }; static int tegra_cec_remove(struct platform_device *pdev);