From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Radoslav Gerganov <rgerganov@vmware.com>,
"balbi@kernel.org" <balbi@kernel.org>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>,
Krzysztof Opasiak <kopasiak90@gmail.com>
Subject: USB: gadget: f_hid: fix deadlock in f_hidg_write()
Date: Thu, 14 Mar 2019 08:37:47 -0700 [thread overview]
Message-ID: <1552577867.3042.17.camel@HansenPartnership.com> (raw)
On Tue, 2019-03-05 at 10:10 +0000, Radoslav Gerganov wrote:
> In f_hidg_write() the write_spinlock is acquired before calling
> usb_ep_queue() which causes a deadlock when dummy_hcd is being used.
> This is because dummy_queue() callbacks into f_hidg_req_complete()
> which tries to acquire the same spinlock. This is (part of) the
> backtrace when the deadlock occurs:
>
> 0xffffffffc06b1410 in f_hidg_req_complete
> 0xffffffffc06a590a in usb_gadget_giveback_request
> 0xffffffffc06cfff2 in dummy_queue
> 0xffffffffc06a4b96 in usb_ep_queue
> 0xffffffffc06b1eb6 in f_hidg_write
> 0xffffffff8127730b in __vfs_write
> 0xffffffff812774d1 in vfs_write
> 0xffffffff81277725 in SYSC_write
>
> Fix this by releasing the write_spinlock before calling
> usb_ep_queue()
This fixes a usb_f_hid deadlock I've also been seeing with a FIDO key
emulator. This is a serious bug in that it brings down my entire
system if I use the hid gadget in any way, so can we please get it
applied? It turns out to have been introduced by this commit:
commit 749494b6bdbbaf0899aa1c62a1ad74cd747bce47
Author: Krzysztof Opasiak <kopasiak90@gmail.com>
Date: Tue Jan 24 03:27:24 2017 +0100
usb: gadget: f_hid: fix: Move IN request allocation to set_alt()
So you can add
Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: stable@vger.kernel.org # 4.11+
Fixes: 749494b6bdbb ("usb: gadget: f_hid: fix: Move IN request allocation to set_alt()")
James
next reply other threads:[~2019-03-14 15:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-14 15:37 James Bottomley [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-03-20 8:59 USB: gadget: f_hid: fix deadlock in f_hidg_write() Felipe Balbi
2019-03-12 9:54 Radoslav Gerganov
2019-03-05 10:10 Radoslav Gerganov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1552577867.3042.17.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=balbi@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=kopasiak90@gmail.com \
--cc=linux-usb@vger.kernel.org \
--cc=rgerganov@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).