[media] s5p-jpeg: fix recursive spinlock acquisition

v4l2_m2m_job_finish(), which is called from the interrupt handler with
slock acquired, can call the device_run() hook immediately if another
context was in the queue. This hook also acquires slock, resulting in
a deadlock for this scenario.

Fix this by releasing slock right before calling v4l2_m2m_job_finish().
This is safe to do as the state of the hardware cannot change before
v4l2_m2m_job_finish() is called anyway.

Signed-off-by: Alexandre Courbot <acourbot@chromium.org>
Acked-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>

diff --git a/drivers/media/platform/s5p-jpeg/jpeg-core.c b/drivers/media/platform/s5p-jpeg/jpeg-core.c
index 1da2c94..d1e3ebb 100644 (file)
--- a/drivers/media/platform/s5p-jpeg/jpeg-core.c
+++ b/drivers/media/platform/s5p-jpeg/jpeg-core.c
@@ -2642,13 +2642,13 @@ static irqreturn_t s5p_jpeg_irq(int irq, void *dev_id)
        if (curr_ctx->mode == S5P_JPEG_ENCODE)
                vb2_set_plane_payload(&dst_buf->vb2_buf, 0, payload_size);
        v4l2_m2m_buf_done(dst_buf, state);
-       v4l2_m2m_job_finish(jpeg->m2m_dev, curr_ctx->fh.m2m_ctx);
 
        curr_ctx->subsampling = s5p_jpeg_get_subsampling_mode(jpeg->regs);
        spin_unlock(&jpeg->slock);
 
        s5p_jpeg_clear_int(jpeg->regs);
 
+       v4l2_m2m_job_finish(jpeg->m2m_dev, curr_ctx->fh.m2m_ctx);
        return IRQ_HANDLED;
 }
 
@@ -2707,11 +2707,12 @@ static irqreturn_t exynos4_jpeg_irq(int irq, void *priv)
                v4l2_m2m_buf_done(dst_vb, VB2_BUF_STATE_ERROR);
        }
 
-       v4l2_m2m_job_finish(jpeg->m2m_dev, curr_ctx->fh.m2m_ctx);
        if (jpeg->variant->version == SJPEG_EXYNOS4)
                curr_ctx->subsampling = exynos4_jpeg_get_frame_fmt(jpeg->regs);
 
        spin_unlock(&jpeg->slock);
+
+       v4l2_m2m_job_finish(jpeg->m2m_dev, curr_ctx->fh.m2m_ctx);
        return IRQ_HANDLED;
 }
 
@@ -2770,10 +2771,15 @@ static irqreturn_t exynos3250_jpeg_irq(int irq, void *dev_id)
        if (curr_ctx->mode == S5P_JPEG_ENCODE)
                vb2_set_plane_payload(&dst_buf->vb2_buf, 0, payload_size);
        v4l2_m2m_buf_done(dst_buf, state);
-       v4l2_m2m_job_finish(jpeg->m2m_dev, curr_ctx->fh.m2m_ctx);
 
        curr_ctx->subsampling =
                        exynos3250_jpeg_get_subsampling_mode(jpeg->regs);
+
+       spin_unlock(&jpeg->slock);
+
+       v4l2_m2m_job_finish(jpeg->m2m_dev, curr_ctx->fh.m2m_ctx);
+       return IRQ_HANDLED;
+
 exit_unlock:
        spin_unlock(&jpeg->slock);
        return IRQ_HANDLED;