From: Yang Shen shenyang39@huawei.com
mainline inclusion from mainline-v5.16-rc1 commit fc6c01f0cd10b89c4b01dd2940e0b0cda1bd82fb category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4W3EG CVE: NA
--------------------------------
When remove the driver and executing the task occur at the same time, the following deadlock will be triggered:
Chain exists of: sva_lock --> uacce_mutex --> &qm->qps_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&qm->qps_lock); lock(uacce_mutex); lock(&qm->qps_lock); lock(sva_lock);
And the lock 'qps_lock' is used to protect qp. Therefore, it's reasonable cycle is to continue until the qp memory is released. So move the release lock infront of 'uacce_remove'.
Signed-off-by: Yang Shen shenyang39@huawei.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Yang Shen shenyang39@huawei.com Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- drivers/crypto/hisilicon/qm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c index edcd4282d951..cfd8d7ace24b 100644 --- a/drivers/crypto/hisilicon/qm.c +++ b/drivers/crypto/hisilicon/qm.c @@ -3406,6 +3406,7 @@ void hisi_qm_uninit(struct hisi_qm *qm) dma_free_coherent(dev, qm->qdma.size, qm->qdma.va, qm->qdma.dma); } + up_write(&qm->qps_lock);
hisi_qm_set_state(qm, VF_NOT_READY);
@@ -3415,8 +3416,6 @@ void hisi_qm_uninit(struct hisi_qm *qm) uacce_remove(qm->uacce); qm->uacce = NULL; } - - up_write(&qm->qps_lock); } EXPORT_SYMBOL_GPL(hisi_qm_uninit);