remoteproc: stm32_rproc: Add mutex protection for workqueue

Message ID 20230331160634.3113031-1-arnaud.pouliquen@foss.st.com
State New
Headers
Series remoteproc: stm32_rproc: Add mutex protection for workqueue |

Commit Message

Arnaud POULIQUEN March 31, 2023, 4:06 p.m. UTC
  The workqueue may execute late even after remoteproc is stopped or
stopping, some resources (rpmsg device and endpoint) have been
released in rproc_stop_subdevices(), then rproc_vq_interrupt()
accessing these resources will cause kennel dump.

Call trace:
virtqueue_add_inbuf
virtqueue_add_inbuf
rpmsg_recv_single
rpmsg_recv_done
vring_interrupt
stm32_rproc_mb_vq_work
process_one_work
worker_thread
kthread

Suggested-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

---
This patch is similar to the issue fixed in
commit 47e6ab07018e ("remoteproc: imx_dsp_rproc: Add mutex protection for workqueue")
---
 drivers/remoteproc/stm32_rproc.c | 8 ++++++++
 1 file changed, 8 insertions(+)
  

Comments

Mathieu Poirier April 3, 2023, 5:17 p.m. UTC | #1
On Fri, Mar 31, 2023 at 06:06:34PM +0200, Arnaud Pouliquen wrote:
> The workqueue may execute late even after remoteproc is stopped or
> stopping, some resources (rpmsg device and endpoint) have been
> released in rproc_stop_subdevices(), then rproc_vq_interrupt()
> accessing these resources will cause kennel dump.
> 
> Call trace:
> virtqueue_add_inbuf
> virtqueue_add_inbuf
> rpmsg_recv_single
> rpmsg_recv_done
> vring_interrupt
> stm32_rproc_mb_vq_work
> process_one_work
> worker_thread
> kthread
> 
> Suggested-by: Mathieu Poirier <mathieu.poirier@linaro.org>
> Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
>

I had forgotten about this issue - applied.

> ---
> This patch is similar to the issue fixed in
> commit 47e6ab07018e ("remoteproc: imx_dsp_rproc: Add mutex protection for workqueue")
> ---
>  drivers/remoteproc/stm32_rproc.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/drivers/remoteproc/stm32_rproc.c b/drivers/remoteproc/stm32_rproc.c
> index 7d782ed9e589..f618405cf420 100644
> --- a/drivers/remoteproc/stm32_rproc.c
> +++ b/drivers/remoteproc/stm32_rproc.c
> @@ -287,8 +287,16 @@ static void stm32_rproc_mb_vq_work(struct work_struct *work)
>  	struct stm32_mbox *mb = container_of(work, struct stm32_mbox, vq_work);
>  	struct rproc *rproc = dev_get_drvdata(mb->client.dev);
>  
> +	mutex_lock(&rproc->lock);
> +
> +	if (rproc->state != RPROC_RUNNING)
> +		goto unlock_mutex;
> +
>  	if (rproc_vq_interrupt(rproc, mb->vq_id) == IRQ_NONE)
>  		dev_dbg(&rproc->dev, "no message found in vq%d\n", mb->vq_id);
> +
> +unlock_mutex:
> +	mutex_unlock(&rproc->lock);
>  }
>  
>  static void stm32_rproc_mb_callback(struct mbox_client *cl, void *data)
> -- 
> 2.25.1
>
  

Patch

diff --git a/drivers/remoteproc/stm32_rproc.c b/drivers/remoteproc/stm32_rproc.c
index 7d782ed9e589..f618405cf420 100644
--- a/drivers/remoteproc/stm32_rproc.c
+++ b/drivers/remoteproc/stm32_rproc.c
@@ -287,8 +287,16 @@  static void stm32_rproc_mb_vq_work(struct work_struct *work)
 	struct stm32_mbox *mb = container_of(work, struct stm32_mbox, vq_work);
 	struct rproc *rproc = dev_get_drvdata(mb->client.dev);
 
+	mutex_lock(&rproc->lock);
+
+	if (rproc->state != RPROC_RUNNING)
+		goto unlock_mutex;
+
 	if (rproc_vq_interrupt(rproc, mb->vq_id) == IRQ_NONE)
 		dev_dbg(&rproc->dev, "no message found in vq%d\n", mb->vq_id);
+
+unlock_mutex:
+	mutex_unlock(&rproc->lock);
 }
 
 static void stm32_rproc_mb_callback(struct mbox_client *cl, void *data)