From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Bin Liu <b-liu@ti.com>,
Felipe Balbi <felipe.balbi@linux.intel.com>
Subject: [PATCH 4.4 30/32] usb: gadget: fix spinlock dead lock in gadgetfs
Date: Wed, 6 Jul 2016 18:19:40 -0700 [thread overview]
Message-ID: <20160707011627.702586191@linuxfoundation.org> (raw)
In-Reply-To: <20160707011626.475554429@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bin Liu <b-liu@ti.com>
commit d246dcb2331c5783743720e6510892eb1d2801d9 upstream.
[ 40.467381] =============================================
[ 40.473013] [ INFO: possible recursive locking detected ]
[ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
[ 40.483466] ---------------------------------------------
[ 40.489098] usb/733 is trying to acquire lock:
[ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
[ 40.502882]
[ 40.502882] but task is already holding lock:
[ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.517811]
[ 40.517811] other info that might help us debug this:
[ 40.524623] Possible unsafe locking scenario:
[ 40.524623]
[ 40.530798] CPU0
[ 40.533346] ----
[ 40.535894] lock(&(&dev->lock)->rlock);
[ 40.540088] lock(&(&dev->lock)->rlock);
[ 40.544284]
[ 40.544284] *** DEADLOCK ***
[ 40.544284]
[ 40.550461] May be due to missing lock nesting notation
[ 40.550461]
[ 40.557544] 2 locks held by usb/733:
[ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
[ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.578523]
[ 40.578523] stack backtrace:
[ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
[ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
[ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
[ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
[ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
[ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
[ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
[ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
[ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
[ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
[ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
[ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
[ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
[ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
This is caused by the spinlock bug in ep0_read().
Fix the two other deadlock sources in gadgetfs_setup() too.
Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/legacy/inode.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -937,8 +937,11 @@ ep0_read (struct file *fd, char __user *
struct usb_ep *ep = dev->gadget->ep0;
struct usb_request *req = dev->req;
- if ((retval = setup_req (ep, req, 0)) == 0)
- retval = usb_ep_queue (ep, req, GFP_ATOMIC);
+ if ((retval = setup_req (ep, req, 0)) == 0) {
+ spin_unlock_irq (&dev->lock);
+ retval = usb_ep_queue (ep, req, GFP_KERNEL);
+ spin_lock_irq (&dev->lock);
+ }
dev->state = STATE_DEV_CONNECTED;
/* assume that was SET_CONFIGURATION */
@@ -1456,8 +1459,11 @@ delegate:
w_length);
if (value < 0)
break;
+
+ spin_unlock (&dev->lock);
value = usb_ep_queue (gadget->ep0, dev->req,
- GFP_ATOMIC);
+ GFP_KERNEL);
+ spin_lock (&dev->lock);
if (value < 0) {
clean_req (gadget->ep0, dev->req);
break;
@@ -1480,11 +1486,14 @@ delegate:
if (value >= 0 && dev->state != STATE_DEV_SETUP) {
req->length = value;
req->zero = value < w_length;
- value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
+
+ spin_unlock (&dev->lock);
+ value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
if (value < 0) {
DBG (dev, "ep_queue --> %d\n", value);
req->status = 0;
}
+ return value;
}
/* device stalls when value < 0 */
next prev parent reply other threads:[~2016-07-07 1:19 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-07 1:19 [PATCH 4.4 00/32] 4.4.15-stable review Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 01/32] net_sched: fix pfifo_head_drop behavior vs backlog Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 02/32] net: Dont forget pr_fmt on net_dbg_ratelimited for CONFIG_DYNAMIC_DEBUG Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 03/32] sit: correct IP protocol used in ipip6_err Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 04/32] esp: Fix ESN generation under UDP encapsulation Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 05/32] netem: fix a use after free Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 06/32] ipmr/ip6mr: Initialize the last assert time of mfc entries Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 08/32] sock_diag: do not broadcast raw socket destruction Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 09/32] bpf, perf: delay release of BPF prog after grace period Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 10/32] neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit() Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 11/32] net: macb: fix default configuration for GMAC on AT91 Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 12/32] net: alx: Work around the DMA RX overflow issue Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 13/32] bpf: try harder on clones when writing into skb Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 14/32] AX.25: Close socket connection on session completion Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 15/32] crypto: vmx - Increase priority of aes-cbc cipher Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 16/32] crypto: ux500 - memmove the right size Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 17/32] crypto: user - re-add size check for CRYPTO_MSG_GETALG Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 18/32] USB: uas: Fix slave queue_depth not being set Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 19/32] usb: quirks: Fix sorting Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 20/32] usb: quirks: Add no-lpm quirk for Acer C120 LED Projector Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 21/32] usb: musb: only restore devctl when session was set in backup Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 22/32] usb: musb: Stop bulk endpoint while queue is rotated Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 23/32] usb: musb: Ensure rx reinit occurs for shared_fifo endpoints Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 24/32] usb: musb: host: correct cppi dma channel for isoch transfer Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 25/32] xhci: Cleanup only when releasing primary hcd Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 26/32] usb: xhci-plat: properly handle probe deferral for devm_clk_get() Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 27/32] USB: xhci: Add broken streams quirk for Frescologic device id 1009 Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 28/32] xhci: Fix handling timeouted commands on hosts in weird states Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 29/32] USB: mos7720: delete parport Greg Kroah-Hartman
2016-07-07 1:19 ` Greg Kroah-Hartman [this message]
2016-07-07 1:19 ` [PATCH 4.4 31/32] usb: host: ehci-tegra: Grab the correct UTMI pads reset Greg Kroah-Hartman
2016-07-07 1:19 ` [PATCH 4.4 32/32] usb: dwc3: exynos: Fix deferred probing storm Greg Kroah-Hartman
2016-07-07 8:08 ` [PATCH 4.4 00/32] 4.4.15-stable review Nikolay Borisov
2016-07-07 19:11 ` Greg Kroah-Hartman
2016-07-07 13:29 ` Guenter Roeck
2016-07-07 19:14 ` Greg Kroah-Hartman
2016-07-07 16:53 ` Kevin Hilman
2016-07-07 19:15 ` Greg Kroah-Hartman
2016-07-07 22:21 ` Kevin Hilman
2016-07-07 17:55 ` Kevin Hilman
2016-07-08 3:46 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160707011627.702586191@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=b-liu@ti.com \
--cc=felipe.balbi@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).