From: Orson Zhai <orson.zhai@spreadtrum.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Zhongping Tan (谭中平)" <Zhongping.Tan@spreadtrum.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH] char: misc: Init misc->list in a safe way
Date: Wed, 28 Jun 2017 09:54:32 +0800 [thread overview]
Message-ID: <20170628015431.GA32195@spreadtrum.com> (raw)
In-Reply-To: <20170627062917.GA10376@kroah.com>
Hi Greg & Arnd,
On Tue, Jun 27, 2017 at 08:29:17AM +0200, Greg Kroah-Hartman wrote:
>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?
>
> A: No.
> Q: Should I include quotations after my reply?
>
> http://daringfireball.net/2007/07/on_top
We are so sorry for any troubles to you. I will take the role of Zhongping to
continue discussion here.
>
> On Tue, Jun 27, 2017 at 02:02:13AM +0000, Zhongping Tan (谭中平) wrote:
> > Ok, firstly we need to discuss the list usage, for list head we need
> > do initialization, but for list node we don't need initialization at
> > all.
>
> I don't understand, why is your misc driver touching that field at all?
> Do I need to go and make it "private" somehow?
There maybe some mis-understanding caused by not very well english expression.
I'll clarify what had happended to us.
>
> > And for misc_list head, we use LIST_HEAD to define and initialize
> > it. So I don't know why we put INIT_LIST_HEAD(&misc->list) in function
> > misc_register, any bugs when without it?
>
> Again, what is wrong with the code today? What driver is this causing
> problems for?
It maybe a little bit long story.
In recent, our test team report a crash of non-stop reboot test on a mobile phone after 46 hours.
After some investigation, we got the information as following,
&misc_list = 0xFFFFFFFF822AC780 -> (
next_=_0xFFFFFFFFA0087158 -> (
next = 0xFFFFFFFFA0087158 -> (
next = 0xFFFFFFFFA0087158,
prev = 0xFFFFFFFFA0087158 -> (
next = 0xFFFFFFFFA0087158,
prev = 0xFFFFFFFFA0087158)),
prev = 0xFFFFFFFFA0087158 -> (
next = 0xFFFFFFFFA0087158,
prev = 0xFFFFFFFFA0087158)),
prev = 0xFFFF88007BF55618)
it seems that misc_list fall into a loop which cause surfaceflinger (a service from Android) dead.
And we got futher more information after that,
(struct miscdevice*)0xFFFFFFFFA0087140 = 0xFFFFFFFFA0087140 -> (
minor = 20,
name = 0xFFFFFFFFA008606D -> "fm",
fops = 0xFFFFFFFFA0086700 -> (
owner = 0xFFFFFFFFA0087480,
llseek = 0x0,
read = 0xFFFFFFFFA0081860,
write = 0x0,
read_iter = 0x0,
write_iter = 0x0,
iterate = 0x0,
poll = 0x0,
unlocked_ioctl = 0xFFFFFFFFA00832C0,
compat_ioctl = 0xFFFFFFFFA0083870,
mmap = 0x0,
open = 0xFFFFFFFFA0081B80,
flush = 0x0,
release = 0xFFFFFFFFA00838C0,
fsync = 0x0,
aio_fsync = 0x0,
fasync = 0x0,
lock = 0x0,
sendpage = 0x0,
get_unmapped_area = 0x0,
check_flags = 0x0,
flock = 0x0,
splice_write = 0x0,
splice_read = 0x0,
setlease = 0x0,
fallocate = 0x0,
show_fdinfo = 0x0),
list = (
next = 0xFFFFFFFFA0087158,
prev = 0xFFFFFFFFA0087158),
parent = 0x0,
this_device = 0xFFFF88007BD32000,
groups = 0x0,
nodename = 0x0,
mode = 0)
We found the device is "fm". We highly suspect that fm driver call misc_register twice and reinitialize list to make ->pre & ->next pointing to himself.
Meanwhile, we checked fm driver and found nothing obviously wrong in the code.
Consider that this is a crash after 46 hours continuous power-on/off, it maybe caused by some special cases we are hard to know for now.
We think it might make some sence to add protection code into misc_register() at first.
Hope this could help to understand our situation.
We'll try to provide any detail inforamtion about this if necessary.
Thanks,
Orson
>
> thanks,
>
> greg k-h
next prev parent reply other threads:[~2017-06-28 1:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-26 9:31 [RFC PATCH] char: misc: Init misc->list in a safe way Orson Zhai
2017-06-26 10:02 ` Arnd Bergmann
2017-06-26 11:48 ` Zhongping Tan (谭中平)
2017-06-26 12:28 ` Arnd Bergmann
[not found] ` <ca76fa84d77449bf84c2f3ddf29048a0@SHMBX02.spreadtrum.com>
2017-06-26 14:10 ` 答复: " Arnd Bergmann
2017-06-27 2:02 ` Zhongping Tan (谭中平)
2017-06-27 6:29 ` Greg Kroah-Hartman
2017-06-28 1:54 ` Orson Zhai [this message]
2017-06-28 5:18 ` Greg Kroah-Hartman
2017-06-28 10:34 ` Arnd Bergmann
2017-06-28 11:21 ` Greg Kroah-Hartman
2017-06-29 6:54 ` Chunyan Zhang
2017-06-29 7:03 ` Greg Kroah-Hartman
2017-06-29 7:30 ` Chunyan Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170628015431.GA32195@spreadtrum.com \
--to=orson.zhai@spreadtrum.com \
--cc=Zhongping.Tan@spreadtrum.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.