mei: bus: call mei_cl_read_start under device lock

commit bc46b45a421a64a0895dd41a34d3d2086e1ac7f6 upstream.

Ensure that mei_cl_read_start is called under the device lock
also in the bus layer. The function updates global ctrl_wr_list
which should be locked.

Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c
index 1a173d0af694407312b5a45bbe0d0bde70e0d12b..a77643954523aec43de661a491018d9b7c39df10 100644 (file)
--- a/drivers/misc/mei/bus.c
+++ b/drivers/misc/mei/bus.c
@@ -222,17 +222,23 @@ EXPORT_SYMBOL_GPL(mei_cldev_recv);
 static void mei_cl_bus_event_work(struct work_struct *work)
 {
        struct mei_cl_device *cldev;
+       struct mei_device *bus;
 
        cldev = container_of(work, struct mei_cl_device, event_work);
 
+       bus = cldev->bus;
+
        if (cldev->event_cb)
                cldev->event_cb(cldev, cldev->events, cldev->event_context);
 
        cldev->events = 0;
 
        /* Prepare for the next read */
-       if (cldev->events_mask & BIT(MEI_CL_EVENT_RX))
+       if (cldev->events_mask & BIT(MEI_CL_EVENT_RX)) {
+               mutex_lock(&bus->device_lock);
                mei_cl_read_start(cldev->cl, 0, NULL);
+               mutex_unlock(&bus->device_lock);
+       }
 }
 
 /**
@@ -296,6 +302,7 @@ int mei_cldev_register_event_cb(struct mei_cl_device *cldev,
                                unsigned long events_mask,
                                mei_cldev_event_cb_t event_cb, void *context)
 {
+       struct mei_device *bus = cldev->bus;
        int ret;
 
        if (cldev->event_cb)
@@ -308,15 +315,17 @@ int mei_cldev_register_event_cb(struct mei_cl_device *cldev,
        INIT_WORK(&cldev->event_work, mei_cl_bus_event_work);
 
        if (cldev->events_mask & BIT(MEI_CL_EVENT_RX)) {
+               mutex_lock(&bus->device_lock);
                ret = mei_cl_read_start(cldev->cl, 0, NULL);
+               mutex_unlock(&bus->device_lock);
                if (ret && ret != -EBUSY)
                        return ret;
        }
 
        if (cldev->events_mask & BIT(MEI_CL_EVENT_NOTIF)) {
-               mutex_lock(&cldev->cl->dev->device_lock);
+               mutex_lock(&bus->device_lock);
                ret = mei_cl_notify_request(cldev->cl, NULL, event_cb ? 1 : 0);
-               mutex_unlock(&cldev->cl->dev->device_lock);
+               mutex_unlock(&bus->device_lock);
                if (ret)
                        return ret;
        }