pinctrl: mcp23s08: fix race condition in irq handler

[ Upstream commit 897120d41e7afd9da435cb00041a142aeeb53c07 ]

Checking value of MCP_INTF in mcp23s08_irq suggests that the handler may be
called even when there is no interrupt pending.

But the actual interrupt could happened between reading MCP_INTF and MCP_GPIO.
In this situation we got nothing from MCP_INTF, but the event gets acknowledged
on the expander by reading MCP_GPIO. This leads to losing events.

Fix the problem by not reading any register until we see something in MCP_INTF.

The error was reproduced and fix tested on MCP23017.

Signed-off-by: Radim Pavlik <radim.pavlik@tbs-biometrics.com>
Link: https://lore.kernel.org/r/AM7PR06MB6769E1183F68DEBB252F665ABA3E9@AM7PR06MB6769.eurprd06.prod.outlook.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/pinctrl/pinctrl-mcp23s08.c b/drivers/pinctrl/pinctrl-mcp23s08.c
index ce2d801..799d596 100644 (file)
--- a/drivers/pinctrl/pinctrl-mcp23s08.c
+++ b/drivers/pinctrl/pinctrl-mcp23s08.c
@@ -351,6 +351,11 @@ static irqreturn_t mcp23s08_irq(int irq, void *data)
        if (mcp_read(mcp, MCP_INTF, &intf))
                goto unlock;
 
+       if (intf == 0) {
+               /* There is no interrupt pending */
+               return IRQ_HANDLED;
+       }
+
        if (mcp_read(mcp, MCP_INTCAP, &intcap))
                goto unlock;
 
@@ -368,11 +373,6 @@ static irqreturn_t mcp23s08_irq(int irq, void *data)
        mcp->cached_gpio = gpio;
        mutex_unlock(&mcp->lock);
 
-       if (intf == 0) {
-               /* There is no interrupt pending */
-               return IRQ_HANDLED;
-       }
-
        dev_dbg(mcp->chip.parent,
                "intcap 0x%04X intf 0x%04X gpio_orig 0x%04X gpio 0x%04X\n",
                intcap, intf, gpio_orig, gpio);