From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com ([134.134.136.24]:43041 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932322AbaGUPvh (ORCPT ); Mon, 21 Jul 2014 11:51:37 -0400 Message-ID: <53CD3859.2090800@linux.intel.com> Date: Mon, 21 Jul 2014 08:57:13 -0700 From: Srinivas Pandruvada MIME-Version: 1.0 To: Reyad Attiyat CC: linux-iio@vger.kernel.org Subject: Re: Kernel panic when hid-sensor-hub is removed References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Sender: linux-iio-owner@vger.kernel.org List-Id: linux-iio@vger.kernel.org Hi Reyad, On 07/19/2014 12:42 PM, Reyad Attiyat wrote: > Hey Srinivas, > > I noticed a kernel panic when the hid-sensor-hub is removed and a > trigger/buffer has been setup. My device changes it's HID ID depending > on which microsoft keyboard is attached. This change removes the USB > device and reattaches it. I belive the kernel panic happens since it's > trying to send a usb packet after the device is gone. The usb packet > is created by hid_sensor_power_state() when the trigger predisabled > callback is called. > > I have a fix that checks hid_device->status before calling > hid_sensor_power_state() but I had to set hid_device->status, to > removed, earlier in hid-core hid_destroy_device() for this to work. > I think this should be checked at the level of hid_hw_request. IIO level device driver here shouldn't access hid device struct. Check with Jiri, if not in the hid_hw_request may be can do in the sensor_hub_set_feature. Thanks, Srinivas > I'll post the kernel panic below. > Do you think using hid_device status is appropriate or should some > other variable be used, maybe one per hid sensor hub device? > > > [ 234.449988] BUG: unable to handle kernel NULL pointer dereference > at 0000000000000058 > [ 234.450134] IP: [] hid_submit_ctrl+0x7f/0x290 > [ 234.450234] PGD 0 > [ 234.450275] Oops: 0002 [#1] PREEMPT SMP > [ 234.450348] Modules linked in: uinput ip6t_rpfilter ip6t_REJECT > fuse xt_conntrack ebtable_nat ebtable_broute bridge stp llc > ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 > nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw > ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 > nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle > iptable_security iptable_raw mwifiex_usb mwifiex cfg80211 > x86_pkg_temp_thermal rfkill coretemp kvm_intel hid_sensor_rotation > hid_sensor_als hid_sensor_accel_3d hid_sensor_gyro_3d > hid_sensor_magn_3d(O) hid_sensor_incl_3d hid_sensor_trigger kvm > hid_sensor_iio_common industrialio_triggered_buffer > snd_hda_codec_realtek kfifo_buf snd_hda_codec_generic > snd_hda_codec_hdmi industrialio snd_hda_intel iTCO_wdt > iTCO_vendor_support snd_hda_controller > [ 234.451613] snd_hda_codec vfat fat crc32_pclmul snd_hwdep > crc32c_intel uvcvideo snd_seq ghash_clmulni_intel videobuf2_vmalloc > videobuf2_memops microcode videobuf2_core v4l2_common snd_seq_device > videodev joydev snd_pcm hid_sensor_hub media snd_timer snd > hid_multitouch i2c_i801 mei_me lpc_ich mei tpm_infineon soundcore > tpm_tis tpm i2c_hid i2c_designware_platform i2c_designware_core > binfmt_misc i915 i2c_algo_bit drm_kms_helper drm sd_mod i2c_core video > [ 234.452205] CPU: 2 PID: 39 Comm: khubd Tainted: G IO > 3.16.0-rc5+ #112 > [ 234.452284] Hardware name: Microsoft Corporation Surface Pro > 2/Surface Pro 2, BIOS 2.03.0250 09/06/2013 > [ 234.452383] task: ffff880118aba6e0 ti: ffff8800daf80000 task.ti: > ffff8800daf80000 > [ 234.452461] RIP: 0010:[] [] > hid_submit_ctrl+0x7f/0x290 > [ 234.452558] RSP: 0018:ffff8800daf83750 EFLAGS: 00010086 > [ 234.452616] RAX: 0000000080000300 RBX: ffff88003f60c000 RCX: 0000000000000000 > [ 234.452690] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff880117f78000 > [ 234.452767] RBP: ffff8800daf83788 R08: 0000000000000001 R09: 0000000000000001 > [ 234.452842] R10: 0000000000000001 R11: 0000000000000000 R12: ffff880117f78000 > [ 234.452919] R13: ffff88003f11a290 R14: 000000000000000c R15: ffff880091cb3ab8 > [ 234.452993] FS: 0000000000000000(0000) GS:ffff88011b000000(0000) > knlGS:0000000000000000 > [ 234.453077] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 234.453139] CR2: 0000000000000058 CR3: 0000000001c11000 CR4: 00000000001407e0 > [ 234.453216] Stack: > [ 234.453241] ffff880117f3dcd0 ffff880117f78000 ffff88003f60c000 > ffff880117f78000 > [ 234.453335] ffff880117f78000 ffff88003f11a290 0000000000000000 > ffff8800daf837b0 > [ 234.453431] ffffffff81617707 ffff880117f78000 ffff88003f60c000 > 0000000000000013 > [ 234.453527] Call Trace: > [ 234.453565] [] usbhid_restart_ctrl_queue+0x87/0x140 > [ 234.453641] [] usbhid_submit_report+0x2c8/0x370 > [ 234.453711] [] usbhid_request+0x1a/0x30 > [ 234.453783] [] sensor_hub_set_feature+0x8b/0xd0 > [hid_sensor_hub] > [ 234.453867] [] hid_sensor_power_state+0x84/0x110 > [hid_sensor_trigger] > [ 234.453920] [] > hid_sensor_data_rdy_trigger_set_state+0x19/0x20 [hid_sensor_trigger] > [ 234.453981] [] > iio_triggered_buffer_predisable+0xa7/0xb0 [industrialio] > [ 234.454035] [] iio_disable_all_buffers+0x3a/0xc0 > [industrialio] > [ 234.454084] [] iio_device_unregister+0x53/0x80 > [industrialio] > [ 234.454130] [] hid_accel_3d_remove+0x2a/0x50 > [hid_sensor_accel_3d] > [ 234.454179] [] platform_drv_remove+0x1d/0x40 > [ 234.454217] [] __device_release_driver+0x7f/0xf0 > [ 234.454255] [] device_release_driver+0x25/0x40 > [ 234.454293] [] bus_remove_device+0x11c/0x1a0 > [ 234.454329] [] device_del+0x136/0x1e0 > [ 234.454369] [] ? mfd_cell_disable+0x80/0x80 > [ 234.454406] [] platform_device_del+0x21/0xc0 > [ 234.454443] [] platform_device_unregister+0x12/0x30 > [ 234.454482] [] mfd_remove_devices_fn+0x43/0x50 > [ 234.454518] [] device_for_each_child+0x43/0x70 > [ 234.454555] [] mfd_remove_devices+0x25/0x30 > [ 234.454595] [] sensor_hub_remove+0x87/0x140 > [hid_sensor_hub] > [ 234.454639] [] hid_device_remove+0x6b/0xd0 > [ 234.454677] [] __device_release_driver+0x7f/0xf0 > [ 234.454734] [] device_release_driver+0x25/0x40 > [ 234.454765] [] bus_remove_device+0x11c/0x1a0 > [ 234.454795] [] device_del+0x136/0x1e0 > [ 234.454822] [] hid_destroy_device+0x27/0x60 > [ 234.454852] [] usbhid_disconnect+0x22/0x50 > [ 234.454883] [] usb_unbind_interface+0x77/0x2b0 > [ 234.454914] [] __device_release_driver+0x7f/0xf0 > [ 234.454945] [] device_release_driver+0x25/0x40 > [ 234.454975] [] bus_remove_device+0x11c/0x1a0 > [ 234.455005] [] device_del+0x136/0x1e0 > [ 234.456529] [] usb_disable_device+0x91/0x2a0 > [ 234.457652] [] usb_disconnect+0x96/0x2e0 > [ 234.458812] [] hub_thread+0xb5a/0x1840 > [ 234.459947] [] ? _raw_spin_unlock_irq+0x2c/0x60 > [ 234.461043] [] ? abort_exclusive_wait+0xb0/0xb0 > [ 234.462179] [] ? hub_port_debounce+0x140/0x140 > [ 234.463258] [] kthread+0xf9/0x110 > [ 234.464328] [] ? insert_kthread_work+0x80/0x80 > [ 234.465404] [] ret_from_fork+0x7c/0xb0 > [ 234.466437] [] ? insert_kthread_work+0x80/0x80 > [ 234.467431] Code: 8d 74 10 01 48 8b 87 a8 19 00 00 48 8b 53 30 48 > 8b 00 8b 80 70 ff ff ff c1 e0 08 84 c9 0f 85 e9 00 00 00 0d 00 00 00 > 80 4d 85 ff <89> 42 58 48 8b 43 30 44 89 b0 88 00 00 00 74 2e 48 8b bb > 48 18 > [ 234.468523] RIP [] hid_submit_ctrl+0x7f/0x290 > [ 234.469501] RSP > [ 234.470430] CR2: 0000000000000058 > [ 234.478900] ---[ end trace a68f124f1f3439e3 ]--- > [ 234.478904] BUG: sleeping function called from invalid context at > kernel/locking/rwsem.c:41 > [ 234.478905] in_atomic(): 1, irqs_disabled(): 1, pid: 39, name: khubd > [ 234.478906] INFO: lockdep is turned off. > [ 234.478907] irq event stamp: 88244 > [ 234.478908] hardirqs last enabled at (88243): [] > _raw_spin_unlock_irqrestore+0x65/0x90 > [ 234.478912] hardirqs last disabled at (88244): [] > _raw_spin_lock_irqsave+0x2b/0xa0 > [ 234.478914] softirqs last enabled at (88204): [] > __do_softirq+0x21b/0x4e0 > [ 234.478917] softirqs last disabled at (88185): [] > irq_exit+0xc5/0xd0 > [ 234.478919] Preemption disabled at:[] > usbhid_submit_report+0x38/0x370 > > [ 234.478924] CPU: 2 PID: 39 Comm: khubd Tainted: G D IO > 3.16.0-rc5+ #112 > [ 234.478926] Hardware name: Microsoft Corporation Surface Pro > 2/Surface Pro 2, BIOS 2.03.0250 09/06/2013 > [ 234.478927] ffffffff81a4e169 ffff8800daf833b8 ffffffff8179924a > 0000000000000000 > [ 234.478929] ffff8800daf833e0 ffffffff810cbf20 ffff880118a6e2b8 > ffff880118a6e328 > [ 234.478932] ffff8800daf836a8 ffff8800daf83408 ffffffff817a056a > ffff8800daf83418 > [ 234.478934] Call Trace: > [ 234.478937] [] dump_stack+0x4e/0x7a > [ 234.478940] [] __might_sleep+0x170/0x260 > [ 234.478942] [] down_read+0x2a/0xa0 > [ 234.478946] [] exit_signals+0x24/0x130 > [ 234.478948] [] do_exit+0xbd/0xd90 > [ 234.478952] [] ? kmsg_dump+0x145/0x210 > [ 234.478954] [] ? kmsg_dump+0x22/0x210 > [ 234.478958] [] oops_end+0x9b/0xe0 > [ 234.478961] [] no_context+0x12c/0x300 > [ 234.478963] [] __bad_area_nosemaphore+0x8d/0x220 > [ 234.478965] [] bad_area_nosemaphore+0x13/0x20 > [ 234.478967] [] __do_page_fault+0xce/0x620 > [ 234.478970] [] ? __wake_up+0x44/0x50 > [ 234.478973] [] ? debug_smp_processor_id+0x17/0x20 > [ 234.478976] [] ? get_lock_stats+0x2b/0x60 > [ 234.478978] [] ? put_lock_stats.isra.29+0xe/0x30 > [ 234.478980] [] ? lock_release_holdtime.part.30+0xde/0x160 > [ 234.478983] [] ? trace_hardirqs_off_thunk+0x3a/0x3c > [ 234.478985] [] do_page_fault+0x22/0x30 > [ 234.478988] [] page_fault+0x28/0x30 > [ 234.478991] [] ? hid_submit_ctrl+0x7f/0x290 > [ 234.478993] [] usbhid_restart_ctrl_queue+0x87/0x140 > [ 234.478996] [] usbhid_submit_report+0x2c8/0x370 > [ 234.478998] [] usbhid_request+0x1a/0x30 > [ 234.479004] [] sensor_hub_set_feature+0x8b/0xd0 > [hid_sensor_hub] > [ 234.479008] [] hid_sensor_power_state+0x84/0x110 > [hid_sensor_trigger] > [ 234.479011] [] > hid_sensor_data_rdy_trigger_set_state+0x19/0x20 [hid_sensor_trigger] > [ 234.479016] [] > iio_triggered_buffer_predisable+0xa7/0xb0 [industrialio] > [ 234.479020] [] iio_disable_all_buffers+0x3a/0xc0 > [industrialio] > [ 234.479024] [] iio_device_unregister+0x53/0x80 > [industrialio] > [ 234.479027] [] hid_accel_3d_remove+0x2a/0x50 > [hid_sensor_accel_3d] > [ 234.479030] [] platform_drv_remove+0x1d/0x40 > [ 234.479033] [] __device_release_driver+0x7f/0xf0 > [ 234.479036] [] device_release_driver+0x25/0x40 > [ 234.479038] [] bus_remove_device+0x11c/0x1a0 > [ 234.479040] [] device_del+0x136/0x1e0 > [ 234.479042] [] ? mfd_cell_disable+0x80/0x80 > [ 234.479045] [] platform_device_del+0x21/0xc0 > [ 234.479047] [] platform_device_unregister+0x12/0x30 > [ 234.479049] [] mfd_remove_devices_fn+0x43/0x50 > [ 234.479051] [] device_for_each_child+0x43/0x70 > [ 234.479053] [] mfd_remove_devices+0x25/0x30 > [ 234.479057] [] sensor_hub_remove+0x87/0x140 > [hid_sensor_hub] > [ 234.479059] [] hid_device_remove+0x6b/0xd0 > [ 234.479063] [] __device_release_driver+0x7f/0xf0 > [ 234.479065] [] device_release_driver+0x25/0x40 > [ 234.479067] [] bus_remove_device+0x11c/0x1a0 > [ 234.479069] [] device_del+0x136/0x1e0 > [ 234.479071] [] hid_destroy_device+0x27/0x60 > [ 234.479074] [] usbhid_disconnect+0x22/0x50 > [ 234.479076] [] usb_unbind_interface+0x77/0x2b0 > [ 234.479079] [] __device_release_driver+0x7f/0xf0 > [ 234.479081] [] device_release_driver+0x25/0x40 > [ 234.479083] [] bus_remove_device+0x11c/0x1a0 > [ 234.479085] [] device_del+0x136/0x1e0 > [ 234.479088] [] usb_disable_device+0x91/0x2a0 > [ 234.479090] [] usb_disconnect+0x96/0x2e0 > [ 234.479092] [] hub_thread+0xb5a/0x1840 > [ 234.479094] [] ? _raw_spin_unlock_irq+0x2c/0x60 > [ 234.479096] [] ? abort_exclusive_wait+0xb0/0xb0 > [ 234.479098] [] ? hub_port_debounce+0x140/0x140 > [ 234.479101] [] kthread+0xf9/0x110 > [ 234.479103] [] ? insert_kthread_work+0x80/0x80 > [ 234.479106] [] ret_from_fork+0x7c/0xb0 > [ 234.479107] [] ? insert_kthread_work+0x80/0x80 > > Thanks, > Reyad Attiyat >