iio: light: opt3001: fix deadlock due to concurrent flag access

[ Upstream commit f063a28002e3350088b4577c5640882bf4ea17ea ]

The threaded IRQ function in this driver is reading the flag twice: once to
lock a mutex and once to unlock it. Even though the code setting the flag
is designed to prevent it, there are subtle cases where the flag could be
true at the mutex_lock stage and false at the mutex_unlock stage. This
results in the mutex not being unlocked, resulting in a deadlock.

Fix it by making the opt3001_irq() code generally more robust, reading the
flag into a variable and using the variable value at both stages.

Fixes: 94a9b7b1809f ("iio: light: add support for TI's opt3001 light sensor")
Cc: stable@vger.kernel.org
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Link: https://patch.msgid.link/20250321-opt3001-irq-fix-v1-1-6c520d851562@bootlin.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
[ Adjust context ]
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/iio/light/opt3001.c b/drivers/iio/light/opt3001.c
index dc529cbe3805e297d99e9bb34c402e7013f1b559..25a45c4251fbd02d791bb52480c2ea04baf92088 100644 (file)
--- a/drivers/iio/light/opt3001.c
+++ b/drivers/iio/light/opt3001.c
@@ -692,8 +692,9 @@ static irqreturn_t opt3001_irq(int irq, void *_iio)
        struct opt3001 *opt = iio_priv(iio);
        int ret;
        bool wake_result_ready_queue = false;
+       bool ok_to_ignore_lock = opt->ok_to_ignore_lock;
 
-       if (!opt->ok_to_ignore_lock)
+       if (!ok_to_ignore_lock)
                mutex_lock(&opt->lock);
 
        ret = i2c_smbus_read_word_swapped(opt->client, OPT3001_CONFIGURATION);
@@ -730,7 +731,7 @@ static irqreturn_t opt3001_irq(int irq, void *_iio)
        }
 
 out:
-       if (!opt->ok_to_ignore_lock)
+       if (!ok_to_ignore_lock)
                mutex_unlock(&opt->lock);
 
        if (wake_result_ready_queue)