Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a7b5df8 authored by Johan Hovold's avatar Johan Hovold Committed by Jiri Kosina
Browse files

HID: cp2112: fix sleep-while-atomic 



A recent commit fixing DMA-buffers on stack added a shared transfer
buffer protected by a spinlock. This is broken as the USB HID request
callbacks can sleep. Fix this up by replacing the spinlock with a mutex.

Fixes: 1ffb3c40 ("HID: cp2112: make transfer buffers DMA capable")
Cc: stable <stable@vger.kernel.org>	# 4.9
Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
Reviewed-by: default avatarBenjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
parent 877a021e

drivers/hid/hid-cp2112.c

+11 −15
Original line number Diff line number Diff line
@@ -168,7 +168,7 @@ struct cp2112_device { 
	atomic_t xfer_avail;

	struct gpio_chip gc;

	u8 *in_out_buffer;

	spinlock_t lock;

	struct mutex lock;



	struct gpio_desc *desc[8];

	bool gpio_poll;
@@ -186,10 +186,9 @@ static int cp2112_gpio_direction_input(struct gpio_chip *chip, unsigned offset) 
	struct cp2112_device *dev = gpiochip_get_data(chip);

	struct hid_device *hdev = dev->hdev;

	u8 *buf = dev->in_out_buffer;

	unsigned long flags;

	int ret;



	spin_lock_irqsave(&dev->lock, flags);

	mutex_lock(&dev->lock);



	ret = hid_hw_raw_request(hdev, CP2112_GPIO_CONFIG, buf,

				 CP2112_GPIO_CONFIG_LENGTH, HID_FEATURE_REPORT,
@@ -213,7 +212,7 @@ static int cp2112_gpio_direction_input(struct gpio_chip *chip, unsigned offset) 
	ret = 0;



exit:

	spin_unlock_irqrestore(&dev->lock, flags);

	mutex_unlock(&dev->lock);

	return ret <= 0 ? ret : -EIO;

}
@@ -222,10 +221,9 @@ static void cp2112_gpio_set(struct gpio_chip *chip, unsigned offset, int value) 
	struct cp2112_device *dev = gpiochip_get_data(chip);

	struct hid_device *hdev = dev->hdev;

	u8 *buf = dev->in_out_buffer;

	unsigned long flags;

	int ret;



	spin_lock_irqsave(&dev->lock, flags);

	mutex_lock(&dev->lock);



	buf[0] = CP2112_GPIO_SET;

	buf[1] = value ? 0xff : 0;
@@ -237,7 +235,7 @@ static void cp2112_gpio_set(struct gpio_chip *chip, unsigned offset, int value) 
	if (ret < 0)

		hid_err(hdev, "error setting GPIO values: %d\n", ret);



	spin_unlock_irqrestore(&dev->lock, flags);

	mutex_unlock(&dev->lock);

}



static int cp2112_gpio_get_all(struct gpio_chip *chip)
@@ -245,10 +243,9 @@ static int cp2112_gpio_get_all(struct gpio_chip *chip) 
	struct cp2112_device *dev = gpiochip_get_data(chip);

	struct hid_device *hdev = dev->hdev;

	u8 *buf = dev->in_out_buffer;

	unsigned long flags;

	int ret;



	spin_lock_irqsave(&dev->lock, flags);

	mutex_lock(&dev->lock);



	ret = hid_hw_raw_request(hdev, CP2112_GPIO_GET, buf,

				 CP2112_GPIO_GET_LENGTH, HID_FEATURE_REPORT,
@@ -262,7 +259,7 @@ static int cp2112_gpio_get_all(struct gpio_chip *chip) 
	ret = buf[1];



exit:

	spin_unlock_irqrestore(&dev->lock, flags);

	mutex_unlock(&dev->lock);



	return ret;

}
@@ -284,10 +281,9 @@ static int cp2112_gpio_direction_output(struct gpio_chip *chip, 
	struct cp2112_device *dev = gpiochip_get_data(chip);

	struct hid_device *hdev = dev->hdev;

	u8 *buf = dev->in_out_buffer;

	unsigned long flags;

	int ret;



	spin_lock_irqsave(&dev->lock, flags);

	mutex_lock(&dev->lock);



	ret = hid_hw_raw_request(hdev, CP2112_GPIO_CONFIG, buf,

				 CP2112_GPIO_CONFIG_LENGTH, HID_FEATURE_REPORT,
@@ -308,7 +304,7 @@ static int cp2112_gpio_direction_output(struct gpio_chip *chip, 
		goto fail;

	}



	spin_unlock_irqrestore(&dev->lock, flags);

	mutex_unlock(&dev->lock);



	/*

	 * Set gpio value when output direction is already set,
@@ -319,7 +315,7 @@ static int cp2112_gpio_direction_output(struct gpio_chip *chip, 
	return 0;



fail:

	spin_unlock_irqrestore(&dev->lock, flags);

	mutex_unlock(&dev->lock);

	return ret < 0 ? ret : -EIO;

}
@@ -1235,7 +1231,7 @@ static int cp2112_probe(struct hid_device *hdev, const struct hid_device_id *id) 
	if (!dev->in_out_buffer)

		return -ENOMEM;



	spin_lock_init(&dev->lock);

	mutex_init(&dev->lock);



	ret = hid_parse(hdev);

	if (ret) {