ARM: 7136/1: pl330: Fix a race condition

If two requests have been submitted and one of them is running, if you
call pl330_chan_ctrl(ch_id, PL330_OP_START), there's a window of time
between the spin_lock_irqsave() and the _state() check in which the
running transaction may finish.  In that case, we don't receive the
interrupt (because they are disabled), but _start() sees that the DMA
is stopped, so it starts it.  The problem is that it sends the
transaction that has just finished again, because pl330_update()
hasn't mark it as done yet.

This patch fixes this race condition by not calling _start() if the
DMA is already executing transactions.  When interrupts are reenabled,
pl330_update() will call _start().

Reference: <1317892206[email protected]>

Signed-off-by: Javi Merino <[email protected]>
Acked-by: Jassi Brar <[email protected]>
Signed-off-by: Russell King <[email protected]>

diff --git a/arch/arm/common/pl330.c b/arch/arm/common/pl330.c
index 97912fa48782563527a3b56cc9b60c1acee008f3..7129cfbdacd6887920cf28994625be7b35f65503 100644 (file)
--- a/arch/arm/common/pl330.c
+++ b/arch/arm/common/pl330.c
@@ -1546,7 +1546,7 @@ int pl330_chan_ctrl(void *ch_id, enum pl330_chan_op op)
 
                /* Start the next */
        case PL330_OP_START:
-               if (!_start(thrd))
+               if (!_thrd_active(thrd) && !_start(thrd))
                        ret = -EIO;
                break;