BLASTing Linux Code

Jan Tobias Mühlberg and Gerald Lüttgen
Department of Computer Science, University of York, York YO10 5DD, U.K.

main page | next example

Commit Overview | Files | Comments

Checking Locking Properties: Example 5

Commit Overview

Commit Key 3515d0161d55d2fa1a340932625f94240a68c262
Subject [PATCH] late spinlock initialization in ieee1394/ohci
Description spinlock used in irq handler should be initialized before registering irq, even if we know that our device has interrupts disabled; handler is registered shared and taking spinlock is done unconditionally. As it is, we can and do get oopsen on boot for some configuration, depending on irq routing - I've got a reproducer.
Requires Linux 2.6.13 kernel source as from git://

--- a/drivers/ieee1394/ohci1394.c
+++ b/drivers/ieee1394/ohci1394.c
@@ -478,7 +478,6 @@ static void ohci_initialize(struct ti_oh
int num_ports, i;
- spin_lock_init(&ohci->event_lock);
/* Put some defaults to these undefined bus options */
buf = reg_read(ohci, OHCI1394_BusOptions);
@@ -3402,7 +3401,14 @@ static int __devinit ohci1394_pci_probe(
/* We hopefully don't have to pre-allocate IT DMA like we did
* for IR DMA above. Allocate it on-demand and mark inactive. */
ohci->it_legacy_context.ohci = NULL;
+ spin_lock_init(&ohci->event_lock);
+ /*
+ * interrupts are disabled, all right, but... due to SA_SHIRQ we
+ * might get called anyway. We'll see no event, of course, but
+ * we need to get to that "no event", so enough should be initialized
+ * by that point.
+ */
if (request_irq(dev->irq, ohci_irq_handler, SA_SHIRQ,
OHCI1394_DRIVER_NAME, ohci))
FAIL(-ENOMEM, "Failed to allocate shared interrupt %d", dev->irq);

(purple: line numbers and function names; red: line removed; green: line added)


Unmodified sources


In this case, a spinlock might be used uninitialised, which represents a violation of the usage rules of the spinlock API. However, this violation can only occur in an environment where several kernel threads are running concurrently and may interfere the initialisation of a device. Modelling this behaviour turned out to be impossible.


Jan Tobias Mühlberg, $Date$