From: Radim Pavlik Date: Tue, 1 Jun 2021 10:48:18 +0000 (+0000) Subject: pinctrl: mcp23s08: fix race condition in irq handler X-Git-Tag: v5.4.133~95 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=c0b70153f13e0d8b8637ce59fa12f576242efe15;p=users%2Fdwmw2%2Flinux.git pinctrl: mcp23s08: fix race condition in irq handler [ Upstream commit 897120d41e7afd9da435cb00041a142aeeb53c07 ] Checking value of MCP_INTF in mcp23s08_irq suggests that the handler may be called even when there is no interrupt pending. But the actual interrupt could happened between reading MCP_INTF and MCP_GPIO. In this situation we got nothing from MCP_INTF, but the event gets acknowledged on the expander by reading MCP_GPIO. This leads to losing events. Fix the problem by not reading any register until we see something in MCP_INTF. The error was reproduced and fix tested on MCP23017. Signed-off-by: Radim Pavlik Link: https://lore.kernel.org/r/AM7PR06MB6769E1183F68DEBB252F665ABA3E9@AM7PR06MB6769.eurprd06.prod.outlook.com Signed-off-by: Linus Walleij Signed-off-by: Sasha Levin --- diff --git a/drivers/pinctrl/pinctrl-mcp23s08.c b/drivers/pinctrl/pinctrl-mcp23s08.c index d8bcbefcba890..9d5e2d9b6b932 100644 --- a/drivers/pinctrl/pinctrl-mcp23s08.c +++ b/drivers/pinctrl/pinctrl-mcp23s08.c @@ -459,6 +459,11 @@ static irqreturn_t mcp23s08_irq(int irq, void *data) if (mcp_read(mcp, MCP_INTF, &intf)) goto unlock; + if (intf == 0) { + /* There is no interrupt pending */ + return IRQ_HANDLED; + } + if (mcp_read(mcp, MCP_INTCAP, &intcap)) goto unlock; @@ -476,11 +481,6 @@ static irqreturn_t mcp23s08_irq(int irq, void *data) mcp->cached_gpio = gpio; mutex_unlock(&mcp->lock); - if (intf == 0) { - /* There is no interrupt pending */ - return IRQ_HANDLED; - } - dev_dbg(mcp->chip.parent, "intcap 0x%04X intf 0x%04X gpio_orig 0x%04X gpio 0x%04X\n", intcap, intf, gpio_orig, gpio);