From: Orson Zhai <orson.zhai@spreadtrum.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Zhongping Tan (谭中平)" <Zhongping.Tan@spreadtrum.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH] char: misc: Init misc->list in a safe way
Date: Wed, 28 Jun 2017 09:54:32 +0800 [thread overview]
Message-ID: <20170628015431.GA32195@spreadtrum.com> (raw)
In-Reply-To: <20170627062917.GA10376@kroah.com>
Hi Greg & Arnd,
On Tue, Jun 27, 2017 at 08:29:17AM +0200, Greg Kroah-Hartman wrote:
>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?
>
> A: No.
> Q: Should I include quotations after my reply?
>
> http://daringfireball.net/2007/07/on_top
We are so sorry for any troubles to you. I will take the role of Zhongping to
continue discussion here.
>
> On Tue, Jun 27, 2017 at 02:02:13AM +0000, Zhongping Tan (谭中平) wrote:
> > Ok, firstly we need to discuss the list usage, for list head we need
> > do initialization, but for list node we don't need initialization at
> > all.
>
> I don't understand, why is your misc driver touching that field at all?
> Do I need to go and make it "private" somehow?
There maybe some mis-understanding caused by not very well english expression.
I'll clarify what had happended to us.
>
> > And for misc_list head, we use LIST_HEAD to define and initialize
> > it. So I don't know why we put INIT_LIST_HEAD(&misc->list) in function
> > misc_register, any bugs when without it?
>
> Again, what is wrong with the code today? What driver is this causing
> problems for?
It maybe a little bit long story.
In recent, our test team report a crash of non-stop reboot test on a mobile phone after 46 hours.
After some investigation, we got the information as following,
&misc_list = 0xFFFFFFFF822AC780 -> (
next_=_0xFFFFFFFFA0087158 -> (
next = 0xFFFFFFFFA0087158 -> (
next = 0xFFFFFFFFA0087158,
prev = 0xFFFFFFFFA0087158 -> (
next = 0xFFFFFFFFA0087158,
prev = 0xFFFFFFFFA0087158)),
prev = 0xFFFFFFFFA0087158 -> (
next = 0xFFFFFFFFA0087158,
prev = 0xFFFFFFFFA0087158)),
prev = 0xFFFF88007BF55618)
it seems that misc_list fall into a loop which cause surfaceflinger (a service from Android) dead.
And we got futher more information after that,
(struct miscdevice*)0xFFFFFFFFA0087140 = 0xFFFFFFFFA0087140 -> (
minor = 20,
name = 0xFFFFFFFFA008606D -> "fm",
fops = 0xFFFFFFFFA0086700 -> (
owner = 0xFFFFFFFFA0087480,
llseek = 0x0,
read = 0xFFFFFFFFA0081860,
write = 0x0,
read_iter = 0x0,
write_iter = 0x0,
iterate = 0x0,
poll = 0x0,
unlocked_ioctl = 0xFFFFFFFFA00832C0,
compat_ioctl = 0xFFFFFFFFA0083870,
mmap = 0x0,
open = 0xFFFFFFFFA0081B80,
flush = 0x0,
release = 0xFFFFFFFFA00838C0,
fsync = 0x0,
aio_fsync = 0x0,
fasync = 0x0,
lock = 0x0,
sendpage = 0x0,
get_unmapped_area = 0x0,
check_flags = 0x0,
flock = 0x0,
splice_write = 0x0,
splice_read = 0x0,
setlease = 0x0,
fallocate = 0x0,
show_fdinfo = 0x0),
list = (
next = 0xFFFFFFFFA0087158,
prev = 0xFFFFFFFFA0087158),
parent = 0x0,
this_device = 0xFFFF88007BD32000,
groups = 0x0,
nodename = 0x0,
mode = 0)
We found the device is "fm". We highly suspect that fm driver call misc_register twice and reinitialize list to make ->pre & ->next pointing to himself.
Meanwhile, we checked fm driver and found nothing obviously wrong in the code.
Consider that this is a crash after 46 hours continuous power-on/off, it maybe caused by some special cases we are hard to know for now.
We think it might make some sence to add protection code into misc_register() at first.
Hope this could help to understand our situation.
We'll try to provide any detail inforamtion about this if necessary.
Thanks,
Orson
>
> thanks,
>
> greg k-h
next prev parent reply other threads:[~2017-06-28 1:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-26 9:31 [RFC PATCH] char: misc: Init misc->list in a safe way Orson Zhai
2017-06-26 10:02 ` Arnd Bergmann
2017-06-26 11:48 ` Zhongping Tan (谭中平)
2017-06-26 12:28 ` Arnd Bergmann
[not found] ` <ca76fa84d77449bf84c2f3ddf29048a0@SHMBX02.spreadtrum.com>
2017-06-26 14:10 ` 答复: " Arnd Bergmann
2017-06-27 2:02 ` Zhongping Tan (谭中平)
2017-06-27 6:29 ` Greg Kroah-Hartman
2017-06-28 1:54 ` Orson Zhai [this message]
2017-06-28 5:18 ` Greg Kroah-Hartman
2017-06-28 10:34 ` Arnd Bergmann
2017-06-28 11:21 ` Greg Kroah-Hartman
2017-06-29 6:54 ` Chunyan Zhang
2017-06-29 7:03 ` Greg Kroah-Hartman
2017-06-29 7:30 ` Chunyan Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170628015431.GA32195@spreadtrum.com \
--to=orson.zhai@spreadtrum.com \
--cc=Zhongping.Tan@spreadtrum.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox