From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Bin Liu <b-liu@ti.com>,
Felipe Balbi <felipe.balbi@linux.intel.com>
Subject: [PATCH 4.4 30/32] usb: gadget: fix spinlock dead lock in gadgetfs
Date: Wed, 6 Jul 2016 18:19:40 -0700 [thread overview]
Message-ID: <20160707011627.702586191@linuxfoundation.org> (raw)
In-Reply-To: <20160707011626.475554429@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bin Liu <b-liu@ti.com>
commit d246dcb2331c5783743720e6510892eb1d2801d9 upstream.
[ 40.467381] =============================================
[ 40.473013] [ INFO: possible recursive locking detected ]
[ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
[ 40.483466] ---------------------------------------------
[ 40.489098] usb/733 is trying to acquire lock:
[ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
[ 40.502882]
[ 40.502882] but task is already holding lock:
[ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.517811]
[ 40.517811] other info that might help us debug this:
[ 40.524623] Possible unsafe locking scenario:
[ 40.524623]
[ 40.530798] CPU0
[ 40.533346] ----
[ 40.535894] lock(&(&dev->lock)->rlock);
[ 40.540088] lock(&(&dev->lock)->rlock);
[ 40.544284]
[ 40.544284] *** DEADLOCK ***
[ 40.544284]
[ 40.550461] May be due to missing lock nesting notation
[ 40.550461]
[ 40.557544] 2 locks held by usb/733:
[ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
[ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.578523]
[ 40.578523] stack backtrace:
[ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
[ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
[ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
[ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
[ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
[ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
[ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
[ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
[ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
[ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
[ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
[ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
[ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
[ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
This is caused by the spinlock bug in ep0_read().
Fix the two other deadlock sources in gadgetfs_setup() too.
Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/legacy/inode.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -937,8 +937,11 @@ ep0_read (struct file *fd, char __user *
struct usb_ep *ep = dev->gadget->ep0;
struct usb_request *req = dev->req;
- if ((retval = setup_req (ep, req, 0)) == 0)
- retval = usb_ep_queue (ep, req, GFP_ATOMIC);
+ if ((retval = setup_req (ep, req, 0)) == 0) {
+ spin_unlock_irq (&dev->lock);
+ retval = usb_ep_queue (ep, req, GFP_KERNEL);
+ spin_lock_irq (&dev->lock);
+ }
dev->state = STATE_DEV_CONNECTED;
/* assume that was SET_CONFIGURATION */
@@ -1456,8 +1459,11 @@ delegate:
w_length);
if (value < 0)
break;
+
+ spin_unlock (&dev->lock);
value = usb_ep_queue (gadget->ep0, dev->req,
- GFP_ATOMIC);
+ GFP_KERNEL);
+ spin_lock (&dev->lock);
if (value < 0) {
clean_req (gadget->ep0, dev->req);
break;
@@ -1480,11 +1486,14 @@ delegate:
if (value >= 0 && dev->state != STATE_DEV_SETUP) {
req->length = value;
req->zero = value < w_length;
- value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
+
+ spin_unlock (&dev->lock);
+ value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
if (value < 0) {
DBG (dev, "ep_queue --> %d\n", value);
req->status = 0;
}
+ return value;
}
/* device stalls when value < 0 */
next prev parent reply other threads:[~2016-07-07 1:20 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-07 1:19 [PATCH 4.4 00/32] 4.4.15-stable review Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 01/32] net_sched: fix pfifo_head_drop behavior vs backlog Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 02/32] net: Dont forget pr_fmt on net_dbg_ratelimited for CONFIG_DYNAMIC_DEBUG Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 03/32] sit: correct IP protocol used in ipip6_err Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 04/32] esp: Fix ESN generation under UDP encapsulation Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 05/32] netem: fix a use after free Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 06/32] ipmr/ip6mr: Initialize the last assert time of mfc entries Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 08/32] sock_diag: do not broadcast raw socket destruction Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 09/32] bpf, perf: delay release of BPF prog after grace period Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 10/32] neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit() Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 11/32] net: macb: fix default configuration for GMAC on AT91 Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 12/32] net: alx: Work around the DMA RX overflow issue Greg Kroah-Hartman
2016-07-07 1:19 ` Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 13/32] bpf: try harder on clones when writing into skb Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 14/32] AX.25: Close socket connection on session completion Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 15/32] crypto: vmx - Increase priority of aes-cbc cipher Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 16/32] crypto: ux500 - memmove the right size Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 17/32] crypto: user - re-add size check for CRYPTO_MSG_GETALG Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 18/32] USB: uas: Fix slave queue_depth not being set Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 19/32] usb: quirks: Fix sorting Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 20/32] usb: quirks: Add no-lpm quirk for Acer C120 LED Projector Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 21/32] usb: musb: only restore devctl when session was set in backup Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 22/32] usb: musb: Stop bulk endpoint while queue is rotated Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 23/32] usb: musb: Ensure rx reinit occurs for shared_fifo endpoints Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 24/32] usb: musb: host: correct cppi dma channel for isoch transfer Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 25/32] xhci: Cleanup only when releasing primary hcd Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 26/32] usb: xhci-plat: properly handle probe deferral for devm_clk_get() Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 27/32] USB: xhci: Add broken streams quirk for Frescologic device id 1009 Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 28/32] xhci: Fix handling timeouted commands on hosts in weird states Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 29/32] USB: mos7720: delete parport Greg Kroah-Hartman
2016-07-07 1:19 ` Greg Kroah-Hartman [this message]
2016-07-07 1:19 ` [PATCH 4.4 31/32] usb: host: ehci-tegra: Grab the correct UTMI pads reset Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 32/32] usb: dwc3: exynos: Fix deferred probing storm Greg Kroah-Hartman
2016-07-07 8:08 ` [PATCH 4.4 00/32] 4.4.15-stable review Nikolay Borisov
2016-07-07 19:11 ` Greg Kroah-Hartman
2016-07-07 13:29 ` Guenter Roeck
2016-07-07 19:14 ` Greg Kroah-Hartman
2016-07-07 16:53 ` Kevin Hilman
2016-07-07 19:15 ` Greg Kroah-Hartman
2016-07-07 22:21 ` Kevin Hilman
2016-07-07 17:55 ` Kevin Hilman
2016-07-08 3:46 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160707011627.702586191@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=b-liu@ti.com \
--cc=felipe.balbi@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.