[PATCH] drm/nouveau/flcn/msgq: fix potential deadlock on &msgq->lock

Chengfeng Ye dg573847474 at gmail.com
Wed Sep 27 16:55:17 UTC 2023


As &msgq->lock is acquired under both irq context from
gp102_sec2_intr() and softirq context from gm20b_pmu_recv(),
thus irq should be disabled while acquiring that lock, otherwise
there would be potential deadlock.

gm20b_pmu_recv()
--> nvkm_falcon_msgq_recv()
--> nvkm_falcon_msgq_open()
--> spin_lock(&msgq->lock)
<interrupt>
   --> gp102_sec2_intr()
   --> nvkm_falcon_msgq_recv()
   --> nvkm_falcon_msgq_open()
   --> spin_lock(&msgq->lock)

This flaw was found by an experimental static analysis tool I am
developing for irq-related deadlock.

To prevent the potential problem, I change to spin_lock_irq() and
spin_unlock_irq() on the lock.

Signed-off-by: Chengfeng Ye <dg573847474 at gmail.com>
---
 drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c b/drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c
index 16b246fda666..5c3b43216ee8 100644
--- a/drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c
+++ b/drivers/gpu/drm/nouveau/nvkm/falcon/msgq.c
@@ -25,7 +25,7 @@
 static void
 nvkm_falcon_msgq_open(struct nvkm_falcon_msgq *msgq)
 {
-	spin_lock(&msgq->lock);
+	spin_lock_irq(&msgq->lock);
 	msgq->position = nvkm_falcon_rd32(msgq->qmgr->falcon, msgq->tail_reg);
 }
 
@@ -37,7 +37,7 @@ nvkm_falcon_msgq_close(struct nvkm_falcon_msgq *msgq, bool commit)
 	if (commit)
 		nvkm_falcon_wr32(falcon, msgq->tail_reg, msgq->position);
 
-	spin_unlock(&msgq->lock);
+	spin_unlock_irq(&msgq->lock);
 }
 
 bool
-- 
2.17.1



More information about the dri-devel mailing list