From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Radoslav Gerganov <rgerganov@vmware.com>,
"balbi@kernel.org" <balbi@kernel.org>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>,
Krzysztof Opasiak <kopasiak90@gmail.com>
Subject: USB: gadget: f_hid: fix deadlock in f_hidg_write()
Date: Thu, 14 Mar 2019 08:37:47 -0700 [thread overview]
Message-ID: <1552577867.3042.17.camel@HansenPartnership.com> (raw)
On Tue, 2019-03-05 at 10:10 +0000, Radoslav Gerganov wrote:
> In f_hidg_write() the write_spinlock is acquired before calling
> usb_ep_queue() which causes a deadlock when dummy_hcd is being used.
> This is because dummy_queue() callbacks into f_hidg_req_complete()
> which tries to acquire the same spinlock. This is (part of) the
> backtrace when the deadlock occurs:
>
> 0xffffffffc06b1410 in f_hidg_req_complete
> 0xffffffffc06a590a in usb_gadget_giveback_request
> 0xffffffffc06cfff2 in dummy_queue
> 0xffffffffc06a4b96 in usb_ep_queue
> 0xffffffffc06b1eb6 in f_hidg_write
> 0xffffffff8127730b in __vfs_write
> 0xffffffff812774d1 in vfs_write
> 0xffffffff81277725 in SYSC_write
>
> Fix this by releasing the write_spinlock before calling
> usb_ep_queue()
This fixes a usb_f_hid deadlock I've also been seeing with a FIDO key
emulator. This is a serious bug in that it brings down my entire
system if I use the hid gadget in any way, so can we please get it
applied? It turns out to have been introduced by this commit:
commit 749494b6bdbbaf0899aa1c62a1ad74cd747bce47
Author: Krzysztof Opasiak <kopasiak90@gmail.com>
Date: Tue Jan 24 03:27:24 2017 +0100
usb: gadget: f_hid: fix: Move IN request allocation to set_alt()
So you can add
Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: stable@vger.kernel.org # 4.11+
Fixes: 749494b6bdbb ("usb: gadget: f_hid: fix: Move IN request allocation to set_alt()")
James
next reply other threads:[~2019-03-14 15:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-14 15:37 James Bottomley [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-03-20 8:59 USB: gadget: f_hid: fix deadlock in f_hidg_write() Felipe Balbi
2019-03-12 9:54 Radoslav Gerganov
2019-03-05 10:10 Radoslav Gerganov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1552577867.3042.17.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=balbi@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=kopasiak90@gmail.com \
--cc=linux-usb@vger.kernel.org \
--cc=rgerganov@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.