Re: BUG: scheduling while atomic in f_fs when gadget remove driver

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michal Nazarewicz <mina86@mina86.com>
To: Chen Yu <chenyu56@huawei.com>,
	Felipe Balbi <felipe.balbi@linux.intel.com>,
	gregkh@linuxfoundation.org
Cc: wangbinghui@hisilicon.com, linux-kernel@vger.kernel.org,
	linux-usb@vger.kernel.org, John Stultz <john.stultz@linaro.org>,
	Amit Pundir <amit.pundir@linaro.org>,
	Guodong Xu <guodong.xu@linaro.org>
Subject: Re: BUG: scheduling while atomic in f_fs when gadget remove driver
Date: Wed, 28 Sep 2016 18:31:55 +0200	[thread overview]
Message-ID: <xa1t4m50ugsk.fsf@mina86.com> (raw)
In-Reply-To: <261ada71-8a5d-6e89-7fac-6b6ba88218d7@huawei.com>

On Wed, Sep 28 2016, Chen Yu wrote:
> I will try to fix it, but I'm engaged in other tasks and can not spend
> much time on it.
>
> Do you have any suggestions about how to fix it?

epfile->ep is protected by ffs->eps_lock which brings us to realisation
that there is another bug in the code and we need to do this:

------- >8 -------------------------------------------------------------
>From 0ce6cc5e2440800243eff06c6952cba0f976da2f Mon Sep 17 00:00:00 2001
From: Michal Nazarewicz <mina86@mina86.com>
Date: Wed, 28 Sep 2016 18:10:42 +0200
Subject: [PATCH] usb: gadget: f_fs: edit epfile->ep under lock

epfile->ep is protected by ffs->eps_lock (not epfile->mutex) so clear it
while holding the spin lock.

Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Fixes: 9353afbbfa7b ("buffer data from ‘oversized’ OUT requests")
---
 drivers/usb/gadget/function/f_fs.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 0aeed85..759f5d4 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1725,17 +1725,17 @@ static void ffs_func_eps_disable(struct ffs_function *func)
 	unsigned long flags;
 
 	do {
-		if (epfile)
-			mutex_lock(&epfile->mutex);
 		spin_lock_irqsave(&func->ffs->eps_lock, flags);
 		/* pending requests get nuked */
 		if (likely(ep->ep))
 			usb_ep_disable(ep->ep);
 		++ep;
+		if (epfile)
+			epfile->ep = NULL;
 		spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
 
 		if (epfile) {
-			epfile->ep = NULL;
+			mutex_lock(&epfile->mutex);
 			kfree(epfile->read_buffer);
 			epfile->read_buffer = NULL;
 			mutex_unlock(&epfile->mutex);
------- >8 -------------------------------------------------------------

With that done, the only thing which needs a mutex is
epfile->read_buffer.

The read_buffer pointer shouldn’t be that big of an issue (it could be
protected by the same eps_lock).  The real problem is freeing the
memory.

We cannot do it while __ffs_epfile_read_buffered is reading data from
it.  We cannot blindly schedule it to happen later either since in the
meanwhile __ffs_epfile_read_buffered could have freed it.

-- 
Best regards
ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ
«If at first you don’t succeed, give up skydiving»

next prev parent reply	other threads:[~2016-09-28 16:34 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-27  9:44 BUG: scheduling while atomic in f_fs when gadget remove driver Chen Yu
2016-09-27 10:01 ` Felipe Balbi
2016-09-28  9:47   ` Chen Yu
2016-09-28 16:31     ` Michal Nazarewicz [this message]
2016-09-28 21:38       ` Michal Nazarewicz
2016-09-30  1:49         ` Chen Yu
2016-10-03 19:19         ` John Stultz
2016-10-03 20:07           ` Michal Nazarewicz
2016-10-03 20:16             ` John Stultz
2016-10-03 23:36               ` John Stultz
2016-10-04  0:07 ` [PATCH 1/2] usb: gadget: f_fs: edit epfile->ep under lock Michal Nazarewicz
2016-10-04  0:07   ` [PATCH 2/2] usb: gadget: f_fs: stop sleeping in ffs_func_eps_disable Michal Nazarewicz
2016-10-04  0:26     ` John Stultz
2016-10-08  6:52     ` Chen Yu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0aeed85 dfblob:759f5d4 )
 OR (
bs:"usb: gadget: f_fs: edit epfile->ep under lock" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xa1t4m50ugsk.fsf@mina86.com \
    --to=mina86@mina86.com \
    --cc=amit.pundir@linaro.org \
    --cc=chenyu56@huawei.com \
    --cc=felipe.balbi@linux.intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=guodong.xu@linaro.org \
    --cc=john.stultz@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=wangbinghui@hisilicon.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.