iio: light: opt3001: fix deadlock due to concurrent flag access

[ Upstream commit f063a28002e3350088b4577c5640882bf4ea17ea ]

The threaded IRQ function in this driver is reading the flag twice: once to
lock a mutex and once to unlock it. Even though the code setting the flag
is designed to prevent it, there are subtle cases where the flag could be
true at the mutex_lock stage and false at the mutex_unlock stage. This
results in the mutex not being unlocked, resulting in a deadlock.

Fix it by making the opt3001_irq() code generally more robust, reading the
flag into a variable and using the variable value at both stages.

Fixes: 94a9b7b1809f ("iio: light: add support for TI's opt3001 light sensor")
Cc: stable@vger.kernel.org
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Link: https://patch.msgid.link/20250321-opt3001-irq-fix-v1-1-6c520d851562@bootlin.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
[ Adjust context ]
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/iio/light/opt3001.c b/drivers/iio/light/opt3001.c
index ff01fc9fc0b2a1b288776ab77884afa1dd0bb651..b2bf928bd4cd3071cb4e9f809c5e6fe705320593 100644 (file)
--- a/drivers/iio/light/opt3001.c
+++ b/drivers/iio/light/opt3001.c
@@ -692,8 +692,9 @@ static irqreturn_t opt3001_irq(int irq, void *_iio)
        struct opt3001 *opt = iio_priv(iio);
        int ret;
        bool wake_result_ready_queue = false;
+       bool ok_to_ignore_lock = opt->ok_to_ignore_lock;
 
-       if (!opt->ok_to_ignore_lock)
+       if (!ok_to_ignore_lock)
                mutex_lock(&opt->lock);
 
        ret = i2c_smbus_read_word_swapped(opt->client, OPT3001_CONFIGURATION);
@@ -730,7 +731,7 @@ static irqreturn_t opt3001_irq(int irq, void *_iio)
        }
 
 out:
-       if (!opt->ok_to_ignore_lock)
+       if (!ok_to_ignore_lock)
                mutex_unlock(&opt->lock);
 
        if (wake_result_ready_queue)