Re: [PATCH v3] hid-sony: Prevent crash when rumble effects are still loaded at USB disconnect

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Cameron Gutman <aicommander@gmail.com>
To: Manuel Reimer <mail+linux-input@m-reimer.de>
Cc: linux-input <linux-input@vger.kernel.org>, jikos@kernel.org
Subject: Re: [PATCH v3] hid-sony: Prevent crash when rumble effects are still loaded at USB disconnect
Date: Sat, 11 Jun 2016 12:37:08 -0500	[thread overview]
Message-ID: <575C4C44.4070401@gmail.com> (raw)
In-Reply-To: <a5670e69-cd2b-36c1-a3b6-5a11afedc16d@m-reimer.de>



On 06/11/2016 05:00 AM, Manuel Reimer wrote:
> Hello,
> 
> I did some more testing. Now I added printk messages to start and end of ml_effect_timer and to hl_ff_destroy. Result:
> 
> [  513.493511] ml_effect_timer start
> [  513.746964] ml_effect_timer end
> [  515.107003] hid-sony: Sending to uninitialized device failed!
> [  515.333520] hid-sony: Sending to uninitialized device failed!
> [  515.415381] hid-sony: Sending to uninitialized device failed!
> [  520.476860] ml_effect_timer start
> [  520.677003] BUG: unable to handle kernel NULL pointer dereference at 00000000000000d8
> 
> The hid-sony messages are created by my last patch to fix the hid-sony driver. They show that some sending attempts have been cancelled, as the device is about to be destroyed.
> 
> Quite some time after that there in fact is another attempt to call ml_effect_timer, so the timer still was active. Tomorrow I'll add additional printk lines to the hid-sony destroy function to see if this finished executing before this unwanted timer call arrives.
> 
> This also shows that ml_ff_destroy is not the right place to cancel the timer. ml_ff_destroy is called as soon as I exit fftest. It is not called at all on USB disconnect.
> 
> I now guess this can also be reproduced with the xpad driver, but it requires some fiddling with fftest. It took me ten minutes this time to get the bug triggered. I think the way to trigger the bug is to start effect 5 and shortly after that effect 4. With some luck the USB plug is pulled before event 4 is actually started.
> 

Can you try applying the following patch on a clean source tree and see if it resolves your issue?

diff --git a/drivers/input/ff-memless.c b/drivers/input/ff-memless.c
index fcc6c33..6366e9a 100644
--- a/drivers/input/ff-memless.c
+++ b/drivers/input/ff-memless.c
@@ -501,6 +501,7 @@ static void ml_ff_destroy(struct ff_device *ff)
 {
        struct ml_device *ml = ff->private;
 
+       del_timer_sync(&ml->timer);
        kfree(ml->private);
 }

next prev parent reply	other threads:[~2016-06-11 17:37 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-29 12:11 [PATCH] hid-sony: Prevent crash when rumble effects are still loaded at USB disconnect Manuel Reimer
2016-05-29 17:11 ` Cameron Gutman
2016-05-30  4:45   ` mail
2016-05-30 19:15   ` Manuel Reimer
2016-06-02 17:53     ` [PATCH v2] " Manuel Reimer
2016-06-05 12:59       ` [PATCH v3] " Manuel Reimer
2016-06-07  5:38         ` Cameron Gutman
2016-06-07 15:55           ` Manuel Reimer
2016-06-11 10:00             ` Manuel Reimer
2016-06-11 17:37               ` Cameron Gutman [this message]
2016-06-11 19:15                 ` Cameron Gutman
2016-06-12 10:01                   ` Manuel Reimer
     [not found]                     ` <20160612155643.d2218913a4f9ff42dec938e3@ao2.it>
2016-06-14 18:31                       ` Manuel Reimer

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fcc6c33 dfblob:6366e9a )
 OR (
bs:"Re: [PATCH v3] hid-sony: Prevent crash when rumble effects are still loaded at USB disconnect" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=575C4C44.4070401@gmail.com \
    --to=aicommander@gmail.com \
    --cc=jikos@kernel.org \
    --cc=linux-input@vger.kernel.org \
    --cc=mail+linux-input@m-reimer.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.