* Hans de Goede <[email protected]> wrote:
> +int iosf_mbi_block_punit_i2c_access(void)
> +{
> + unsigned long start, end;
> + int ret = 0;
> + u32 sem;
> +
> + if (WARN_ON(!mbi_pdev || !iosf_mbi_sem_address))
> + return -ENXIO;
> +
> + mutex_lock(&iosf_mbi_block_punit_i2c_access_count_mutex);
> +
> + if (iosf_mbi_block_punit_i2c_access_count > 0)
> + goto out;
> +
> + mutex_lock(&iosf_mbi_punit_mutex);
> + blocking_notifier_call_chain(&iosf_mbi_pmic_bus_access_notifier,
> + MBI_PMIC_BUS_ACCESS_BEGIN, NULL);
> +
> + /*
> + * Disallow the CPU to enter C6 or C7 state, entering these states
> + * requires the punit to talk to the pmic and if this happens while
> + * we're holding the semaphore, the SoC hangs.
> + */
> + pm_qos_update_request(&iosf_mbi_pm_qos, 0);
> +
> + /* host driver writes to side band semaphore register */
> + ret = iosf_mbi_write(BT_MBI_UNIT_PMC, MBI_REG_WRITE,
> + iosf_mbi_sem_address, PUNIT_SEMAPHORE_ACQUIRE);
> + if (ret) {
> + dev_err(&mbi_pdev->dev, "Error punit semaphore request
> failed\n");
> + goto out;
> + }
Isn't this error path leaking the iosf_mbi_punit_mutex held mutex? The 'out'
label only unlocks
iosf_mbi_block_punit_i2c_access_count_mutex:
> + /* host driver waits for bit 0 to be set in semaphore register */
> + start = jiffies;
> + end = start + msecs_to_jiffies(SEMAPHORE_TIMEOUT);
> + do {
> + ret = iosf_mbi_get_sem(&sem);
> + if (!ret && sem) {
> + iosf_mbi_sem_acquired = jiffies;
> + dev_dbg(&mbi_pdev->dev, "punit semaphore acquired after
> %ums\n",
> + jiffies_to_msecs(jiffies - start));
> + /*
> + * Success, keep iosf_mbi_punit_mutex locked till
> + * iosf_mbi_unblock_punit_i2c_access() gets called.
> + */
> + goto out;
Ditto - although this does claim that this is done intentionally.
> + }
> +
> + usleep_range(1000, 2000);
> + } while (time_before(jiffies, end));
> +
> + ret = -ETIMEDOUT;
> + dev_err(&mbi_pdev->dev, "Error punit semaphore timed out, resetting\n");
> + iosf_mbi_reset_semaphore();
> + mutex_unlock(&iosf_mbi_punit_mutex);
> +
> + if (!iosf_mbi_get_sem(&sem))
> + dev_err(&mbi_pdev->dev, "PUNIT SEM: %d\n", sem);
> +out:
> + if (!WARN_ON(ret))
> + iosf_mbi_block_punit_i2c_access_count++;
> +
> + mutex_unlock(&iosf_mbi_block_punit_i2c_access_count_mutex);
> +
> + return ret;
> +}
> +EXPORT_SYMBOL(iosf_mbi_block_punit_i2c_access);
So this is a rather unusual looking locking pattern.
So if this is all intended and works fine then at minimum the semantics of the
function should
be explained - right now it has no description whatsoever.
Thanks,
Ingo
