From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot <syzbot+deb6abc36aad4008f407@syzkaller.appspotmail.com>,
"Fabio M. De Francesco" <fmdefrancesco@gmail.com>,
Hillf Danton <hdanton@sina.com>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Subject: [PATCH 5.10 26/80] Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
Date: Tue, 6 Sep 2022 15:30:23 +0200 [thread overview]
Message-ID: <20220906132818.030426732@linuxfoundation.org> (raw)
In-Reply-To: <20220906132816.936069583@linuxfoundation.org>
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 98e01215708b6d416345465c09dce2bd4868c67a upstream.
syzbot is reporting hung task at __input_unregister_device() [1], for
iforce_close() waiting at wait_event_interruptible() with dev->mutex held
is blocking input_disconnect_device() from __input_unregister_device().
It seems that the cause is simply that commit c2b27ef672992a20 ("Input:
iforce - wait for command completion when closing the device") forgot to
call wake_up() after clear_bit().
Fix this problem by introducing a helper that calls clear_bit() followed
by wake_up_all().
Reported-by: syzbot <syzbot+deb6abc36aad4008f407@syzkaller.appspotmail.com>
Fixes: c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device")
Tested-by: syzbot <syzbot+deb6abc36aad4008f407@syzkaller.appspotmail.com>
Suggested-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Co-developed-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/887021c3-4f13-40ce-c8b9-aa6e09faa3a7@I-love.SAKURA.ne.jp
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/joystick/iforce/iforce-serio.c | 6 +++---
drivers/input/joystick/iforce/iforce-usb.c | 8 ++++----
drivers/input/joystick/iforce/iforce.h | 6 ++++++
3 files changed, 13 insertions(+), 7 deletions(-)
--- a/drivers/input/joystick/iforce/iforce-serio.c
+++ b/drivers/input/joystick/iforce/iforce-serio.c
@@ -39,7 +39,7 @@ static void iforce_serio_xmit(struct ifo
again:
if (iforce->xmit.head == iforce->xmit.tail) {
- clear_bit(IFORCE_XMIT_RUNNING, iforce->xmit_flags);
+ iforce_clear_xmit_and_wake(iforce);
spin_unlock_irqrestore(&iforce->xmit_lock, flags);
return;
}
@@ -64,7 +64,7 @@ again:
if (test_and_clear_bit(IFORCE_XMIT_AGAIN, iforce->xmit_flags))
goto again;
- clear_bit(IFORCE_XMIT_RUNNING, iforce->xmit_flags);
+ iforce_clear_xmit_and_wake(iforce);
spin_unlock_irqrestore(&iforce->xmit_lock, flags);
}
@@ -169,7 +169,7 @@ static irqreturn_t iforce_serio_irq(stru
iforce_serio->cmd_response_len = iforce_serio->len;
/* Signal that command is done */
- wake_up(&iforce->wait);
+ wake_up_all(&iforce->wait);
} else if (likely(iforce->type)) {
iforce_process_packet(iforce, iforce_serio->id,
iforce_serio->data_in,
--- a/drivers/input/joystick/iforce/iforce-usb.c
+++ b/drivers/input/joystick/iforce/iforce-usb.c
@@ -30,7 +30,7 @@ static void __iforce_usb_xmit(struct ifo
spin_lock_irqsave(&iforce->xmit_lock, flags);
if (iforce->xmit.head == iforce->xmit.tail) {
- clear_bit(IFORCE_XMIT_RUNNING, iforce->xmit_flags);
+ iforce_clear_xmit_and_wake(iforce);
spin_unlock_irqrestore(&iforce->xmit_lock, flags);
return;
}
@@ -58,9 +58,9 @@ static void __iforce_usb_xmit(struct ifo
XMIT_INC(iforce->xmit.tail, n);
if ( (n=usb_submit_urb(iforce_usb->out, GFP_ATOMIC)) ) {
- clear_bit(IFORCE_XMIT_RUNNING, iforce->xmit_flags);
dev_warn(&iforce_usb->intf->dev,
"usb_submit_urb failed %d\n", n);
+ iforce_clear_xmit_and_wake(iforce);
}
/* The IFORCE_XMIT_RUNNING bit is not cleared here. That's intended.
@@ -175,15 +175,15 @@ static void iforce_usb_out(struct urb *u
struct iforce *iforce = &iforce_usb->iforce;
if (urb->status) {
- clear_bit(IFORCE_XMIT_RUNNING, iforce->xmit_flags);
dev_dbg(&iforce_usb->intf->dev, "urb->status %d, exiting\n",
urb->status);
+ iforce_clear_xmit_and_wake(iforce);
return;
}
__iforce_usb_xmit(iforce);
- wake_up(&iforce->wait);
+ wake_up_all(&iforce->wait);
}
static int iforce_usb_probe(struct usb_interface *intf,
--- a/drivers/input/joystick/iforce/iforce.h
+++ b/drivers/input/joystick/iforce/iforce.h
@@ -119,6 +119,12 @@ static inline int iforce_get_id_packet(s
response_data, response_len);
}
+static inline void iforce_clear_xmit_and_wake(struct iforce *iforce)
+{
+ clear_bit(IFORCE_XMIT_RUNNING, iforce->xmit_flags);
+ wake_up_all(&iforce->wait);
+}
+
/* Public functions */
/* iforce-main.c */
int iforce_init_device(struct device *parent, u16 bustype,
next prev parent reply other threads:[~2022-09-06 13:41 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-06 13:29 [PATCH 5.10 00/80] 5.10.142-rc1 review Greg Kroah-Hartman
2022-09-06 13:29 ` [PATCH 5.10 01/80] drm/msm/dsi: fix the inconsistent indenting Greg Kroah-Hartman
2022-09-06 13:29 ` [PATCH 5.10 02/80] drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 03/80] drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 04/80] drm/msm/dsi: Fix number of regulators for SDM660 Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 05/80] platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 06/80] iio: adc: mcp3911: make use of the sign bit Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 07/80] bpf, cgroup: Fix kernel BUG in purge_effective_progs Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 08/80] ieee802154/adf7242: defer destroy_workqueue call Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 09/80] ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 10/80] ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 11/80] wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 12/80] Revert "xhci: turn off port power in shutdown" Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 13/80] net: sched: tbf: dont call qdisc_put() while holding tree lock Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 14/80] net/sched: fix netdevice reference leaks in attach_default_qdiscs() Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 15/80] ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 16/80] kcm: fix strp_init() order and cleanup Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 17/80] sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 18/80] tcp: annotate data-race around challenge_timestamp Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 19/80] Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 20/80] net/smc: Remove redundant refcount increase Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 21/80] serial: fsl_lpuart: RS485 RTS polariy is inverse Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 22/80] staging: rtl8712: fix use after free bugs Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 23/80] powerpc: align syscall table for ppc32 Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 24/80] vt: Clear selection before changing the font Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 25/80] tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete Greg Kroah-Hartman
2022-09-06 13:30 ` Greg Kroah-Hartman [this message]
2022-09-06 13:30 ` [PATCH 5.10 27/80] iio: ad7292: Prevent regulator double disable Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 28/80] iio: adc: mcp3911: use correct formula for AD conversion Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 29/80] misc: fastrpc: fix memory corruption on probe Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 30/80] misc: fastrpc: fix memory corruption on open Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 31/80] USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 32/80] binder: fix UAF of ref->proc caused by race condition Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 33/80] drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 34/80] clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 35/80] Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 36/80] clk: core: Fix runtime PM sequence in clk_core_unprepare() Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 37/80] Input: rk805-pwrkey - fix module autoloading Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 38/80] clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 39/80] clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 40/80] clk: bcm: rpi: Prevent out-of-bounds access Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 41/80] clk: bcm: rpi: Add missing newline Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 42/80] hwmon: (gpio-fan) Fix array out of bounds access Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 43/80] gpio: pca953x: Add mutex_lock for regcache sync in PM Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 44/80] KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 45/80] xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 46/80] mm: pagewalk: Fix race between unmap and page walker Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 47/80] xen-blkback: Advertise feature-persistent as user requested Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 48/80] xen-blkfront: " Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 49/80] thunderbolt: Use the actual buffer in tb_async_error() Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 50/80] media: mceusb: Use new usb_control_msg_*() routines Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 51/80] xhci: Add grace period after xHC start to prevent premature runtime suspend Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 52/80] USB: serial: cp210x: add Decagon UCA device id Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 53/80] USB: serial: option: add support for OPPO R11 diag port Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 54/80] USB: serial: option: add Quectel EM060K modem Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 55/80] USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 56/80] usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 57/80] usb: dwc2: fix wrong order of phy_power_on and phy_init Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 58/80] USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 59/80] usb-storage: Add ignore-residue quirk for NXP PN7462AU Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 60/80] s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 61/80] s390: fix nospec table alignments Greg Kroah-Hartman
2022-09-06 13:30 ` [PATCH 5.10 62/80] USB: core: Prevent nested device-reset calls Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 63/80] usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 64/80] driver core: Dont probe devices after bus_type.match() probe deferral Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 65/80] wifi: mac80211: Dont finalize CSA in IBSS mode if state is disconnected Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 66/80] wifi: mac80211: Fix UAF in ieee80211_scan_rx() Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 67/80] ip: fix triggering of icmp redirect Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 68/80] net: Use u64_stats_fetch_begin_irq() for stats fetch Greg Kroah-Hartman
2022-09-06 13:31 ` Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 69/80] net: mac802154: Fix a condition in the receive path Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 70/80] ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 71/80] ALSA: seq: oss: Fix data-race for max_midi_devs access Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 72/80] ALSA: seq: Fix data-race at module auto-loading Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 73/80] drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 74/80] btrfs: harden identification of a stale device Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 75/80] mmc: core: Fix UHS-I SD 1.8V workaround branch Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 76/80] usb: dwc3: fix PHY disable sequence Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 77/80] usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 78/80] usb: dwc3: disable USB core PHY management Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 79/80] USB: serial: ch341: fix lost character on LCR updates Greg Kroah-Hartman
2022-09-06 13:31 ` [PATCH 5.10 80/80] USB: serial: ch341: fix disabled rx timer on older devices Greg Kroah-Hartman
2022-09-06 18:22 ` [PATCH 5.10 00/80] 5.10.142-rc1 review Florian Fainelli
2022-09-06 21:00 ` Naresh Kamboju
2022-09-06 21:42 ` Pavel Machek
2022-09-06 21:49 ` Shuah Khan
2022-09-07 4:43 ` Guenter Roeck
2022-09-07 9:38 ` Sudip Mukherjee (Codethink)
2022-09-08 4:04 ` Rudi Heitbaum
2022-09-08 10:50 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220906132818.030426732@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dmitry.torokhov@gmail.com \
--cc=fmdefrancesco@gmail.com \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=stable@vger.kernel.org \
--cc=syzbot+deb6abc36aad4008f407@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.