* [PATCH] usb: gadget: fix spinlock dead lock in gadgetfs
@ 2016-05-25 18:19 Bin Liu
2016-05-25 18:51 ` Alan Stern
0 siblings, 1 reply; 9+ messages in thread
From: Bin Liu @ 2016-05-25 18:19 UTC (permalink / raw)
To: Felipe Balbi, linux-usb; +Cc: b-liu, stable
[ 40.467381] =============================================
[ 40.473013] [ INFO: possible recursive locking detected ]
[ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
[ 40.483466] ---------------------------------------------
[ 40.489098] usb/733 is trying to acquire lock:
[ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
[ 40.502882]
[ 40.502882] but task is already holding lock:
[ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.517811]
[ 40.517811] other info that might help us debug this:
[ 40.524623] Possible unsafe locking scenario:
[ 40.524623]
[ 40.530798] CPU0
[ 40.533346] ----
[ 40.535894] lock(&(&dev->lock)->rlock);
[ 40.540088] lock(&(&dev->lock)->rlock);
[ 40.544284]
[ 40.544284] *** DEADLOCK ***
[ 40.544284]
[ 40.550461] May be due to missing lock nesting notation
[ 40.550461]
[ 40.557544] 2 locks held by usb/733:
[ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
[ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.578523]
[ 40.578523] stack backtrace:
[ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
[ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
[ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
[ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
[ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
[ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
[ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
[ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
[ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
[ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
[ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
[ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
[ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
[ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Bin Liu <b-liu@ti.com>
---
drivers/usb/gadget/legacy/inode.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index e64479f..1251e1d 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -938,8 +938,10 @@ ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
struct usb_ep *ep = dev->gadget->ep0;
struct usb_request *req = dev->req;
+ spin_unlock_irq (&dev->lock);
if ((retval = setup_req (ep, req, 0)) == 0)
retval = usb_ep_queue (ep, req, GFP_ATOMIC);
+ spin_lock_irq (&dev->lock);
dev->state = STATE_DEV_CONNECTED;
/* assume that was SET_CONFIGURATION */
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] usb: gadget: fix spinlock dead lock in gadgetfs
2016-05-25 18:19 [PATCH] usb: gadget: fix spinlock dead lock in gadgetfs Bin Liu
@ 2016-05-25 18:51 ` Alan Stern
2016-05-25 19:18 ` [PATCH v2] " Bin Liu
0 siblings, 1 reply; 9+ messages in thread
From: Alan Stern @ 2016-05-25 18:51 UTC (permalink / raw)
To: Bin Liu; +Cc: Felipe Balbi, linux-usb, stable
On Wed, 25 May 2016, Bin Liu wrote:
> [ 40.467381] =============================================
> [ 40.473013] [ INFO: possible recursive locking detected ]
> [ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
> [ 40.483466] ---------------------------------------------
> [ 40.489098] usb/733 is trying to acquire lock:
> [ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
> [ 40.502882]
> [ 40.502882] but task is already holding lock:
> [ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
> [ 40.517811]
> [ 40.517811] other info that might help us debug this:
> [ 40.524623] Possible unsafe locking scenario:
> [ 40.524623]
> [ 40.530798] CPU0
> [ 40.533346] ----
> [ 40.535894] lock(&(&dev->lock)->rlock);
> [ 40.540088] lock(&(&dev->lock)->rlock);
> [ 40.544284]
> [ 40.544284] *** DEADLOCK ***
> [ 40.544284]
> [ 40.550461] May be due to missing lock nesting notation
> [ 40.550461]
> [ 40.557544] 2 locks held by usb/733:
> [ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
> [ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
> [ 40.578523]
> [ 40.578523] stack backtrace:
> [ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
> [ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
> [ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
> [ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
> [ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
> [ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
> [ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
> [ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
> [ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
> [ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
> [ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
> [ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
> [ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
> [ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
> [ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
>
> Cc: <stable@vger.kernel.org> # v3.16+
> Signed-off-by: Bin Liu <b-liu@ti.com>
> ---
> drivers/usb/gadget/legacy/inode.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
> index e64479f..1251e1d 100644
> --- a/drivers/usb/gadget/legacy/inode.c
> +++ b/drivers/usb/gadget/legacy/inode.c
> @@ -938,8 +938,10 @@ ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
> struct usb_ep *ep = dev->gadget->ep0;
> struct usb_request *req = dev->req;
>
> + spin_unlock_irq (&dev->lock);
> if ((retval = setup_req (ep, req, 0)) == 0)
> retval = usb_ep_queue (ep, req, GFP_ATOMIC);
> + spin_lock_irq (&dev->lock);
Since you are enabling IRQs around this call to usb_ep_queue(), the
last argument should be changed to GFP_KERNEL.
> dev->state = STATE_DEV_CONNECTED;
>
> /* assume that was SET_CONFIGURATION */
You missed two other deadlock sources just like this one, in
gadgetfs_setup(): the two calls to usb_ep_queue() following the
"delegate:" statement label.
Alan Stern
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2] usb: gadget: fix spinlock dead lock in gadgetfs
2016-05-25 18:51 ` Alan Stern
@ 2016-05-25 19:18 ` Bin Liu
2016-05-25 19:24 ` Bin Liu
0 siblings, 1 reply; 9+ messages in thread
From: Bin Liu @ 2016-05-25 19:18 UTC (permalink / raw)
To: Felipe Balbi, linux-usb; +Cc: b-liu, stable
[ 40.467381] =============================================
[ 40.473013] [ INFO: possible recursive locking detected ]
[ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
[ 40.483466] ---------------------------------------------
[ 40.489098] usb/733 is trying to acquire lock:
[ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
[ 40.502882]
[ 40.502882] but task is already holding lock:
[ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.517811]
[ 40.517811] other info that might help us debug this:
[ 40.524623] Possible unsafe locking scenario:
[ 40.524623]
[ 40.530798] CPU0
[ 40.533346] ----
[ 40.535894] lock(&(&dev->lock)->rlock);
[ 40.540088] lock(&(&dev->lock)->rlock);
[ 40.544284]
[ 40.544284] *** DEADLOCK ***
[ 40.544284]
[ 40.550461] May be due to missing lock nesting notation
[ 40.550461]
[ 40.557544] 2 locks held by usb/733:
[ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
[ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.578523]
[ 40.578523] stack backtrace:
[ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
[ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
[ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
[ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
[ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
[ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
[ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
[ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
[ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
[ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
[ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
[ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
[ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
[ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Bin Liu <b-liu@ti.com>
---
v2:
- lock protects setup_req(), only unlock for usb_ep_queue()
- use GFP_KERNEL in usb_ep_queue()
- fix the same in two places in gadgetfs_setup() too
drivers/usb/gadget/legacy/inode.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index e64479f..a333e42 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -938,8 +938,11 @@ ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
struct usb_ep *ep = dev->gadget->ep0;
struct usb_request *req = dev->req;
- if ((retval = setup_req (ep, req, 0)) == 0)
- retval = usb_ep_queue (ep, req, GFP_ATOMIC);
+ if ((retval = setup_req (ep, req, 0)) == 0) {
+ spin_unlock_irq (&dev->lock);
+ retval = usb_ep_queue (ep, req, GFP_KERNEL);
+ spin_lock_irq (&dev->lock);
+ }
dev->state = STATE_DEV_CONNECTED;
/* assume that was SET_CONFIGURATION */
@@ -1457,8 +1460,11 @@ delegate:
w_length);
if (value < 0)
break;
+
+ spin_unlock_irq (&dev->lock);
value = usb_ep_queue (gadget->ep0, dev->req,
- GFP_ATOMIC);
+ GFP_KERNEL);
+ spin_lock_irq (&dev->lock);
if (value < 0) {
clean_req (gadget->ep0, dev->req);
break;
@@ -1481,7 +1487,10 @@ delegate:
if (value >= 0 && dev->state != STATE_DEV_SETUP) {
req->length = value;
req->zero = value < w_length;
- value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
+
+ spin_unlock_irq (&dev->lock);
+ value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
+ spin_lock_irq (&dev->lock);
if (value < 0) {
DBG (dev, "ep_queue --> %d\n", value);
req->status = 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v2] usb: gadget: fix spinlock dead lock in gadgetfs
2016-05-25 19:18 ` [PATCH v2] " Bin Liu
@ 2016-05-25 19:24 ` Bin Liu
2016-05-26 6:27 ` Felipe Balbi
0 siblings, 1 reply; 9+ messages in thread
From: Bin Liu @ 2016-05-25 19:24 UTC (permalink / raw)
To: Felipe Balbi, linux-usb; +Cc: stable
On Wed, May 25, 2016 at 02:18:34PM -0500, Bin Liu wrote:
> [ 40.467381] =============================================
> [ 40.473013] [ INFO: possible recursive locking detected ]
> [ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
> [ 40.483466] ---------------------------------------------
> [ 40.489098] usb/733 is trying to acquire lock:
> [ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
> [ 40.502882]
> [ 40.502882] but task is already holding lock:
> [ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
> [ 40.517811]
> [ 40.517811] other info that might help us debug this:
> [ 40.524623] Possible unsafe locking scenario:
> [ 40.524623]
> [ 40.530798] CPU0
> [ 40.533346] ----
> [ 40.535894] lock(&(&dev->lock)->rlock);
> [ 40.540088] lock(&(&dev->lock)->rlock);
> [ 40.544284]
> [ 40.544284] *** DEADLOCK ***
> [ 40.544284]
> [ 40.550461] May be due to missing lock nesting notation
> [ 40.550461]
> [ 40.557544] 2 locks held by usb/733:
> [ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
> [ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
> [ 40.578523]
> [ 40.578523] stack backtrace:
> [ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
> [ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
> [ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
> [ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
> [ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
> [ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
> [ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
> [ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
> [ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
> [ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
> [ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
> [ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
> [ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
> [ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
> [ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
>
> Cc: <stable@vger.kernel.org> # v3.16+
> Signed-off-by: Bin Liu <b-liu@ti.com>
> ---
> v2:
> - lock protects setup_req(), only unlock for usb_ep_queue()
> - use GFP_KERNEL in usb_ep_queue()
> - fix the same in two places in gadgetfs_setup() too
Never mind. Sent the patch too soon. It gives the following problem.
[ 179.810367] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:2724
_raw_spin_unlock_irq+0x24/0x2c
[ 179.819719] DEBUG_LOCKS_WARN_ON(current->hardirq_context)
Regards,
-Bin.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] usb: gadget: fix spinlock dead lock in gadgetfs
2016-05-25 19:24 ` Bin Liu
@ 2016-05-26 6:27 ` Felipe Balbi
2016-05-26 15:38 ` Bin Liu
0 siblings, 1 reply; 9+ messages in thread
From: Felipe Balbi @ 2016-05-26 6:27 UTC (permalink / raw)
To: Bin Liu, linux-usb; +Cc: stable
[-- Attachment #1: Type: text/plain, Size: 3531 bytes --]
Hi,
Bin Liu <b-liu@ti.com> writes:
> On Wed, May 25, 2016 at 02:18:34PM -0500, Bin Liu wrote:
>> [ 40.467381] =============================================
>> [ 40.473013] [ INFO: possible recursive locking detected ]
>> [ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
>> [ 40.483466] ---------------------------------------------
>> [ 40.489098] usb/733 is trying to acquire lock:
>> [ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
>> [ 40.502882]
>> [ 40.502882] but task is already holding lock:
>> [ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
>> [ 40.517811]
>> [ 40.517811] other info that might help us debug this:
>> [ 40.524623] Possible unsafe locking scenario:
>> [ 40.524623]
>> [ 40.530798] CPU0
>> [ 40.533346] ----
>> [ 40.535894] lock(&(&dev->lock)->rlock);
>> [ 40.540088] lock(&(&dev->lock)->rlock);
>> [ 40.544284]
>> [ 40.544284] *** DEADLOCK ***
>> [ 40.544284]
>> [ 40.550461] May be due to missing lock nesting notation
>> [ 40.550461]
>> [ 40.557544] 2 locks held by usb/733:
>> [ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
>> [ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
>> [ 40.578523]
>> [ 40.578523] stack backtrace:
>> [ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
>> [ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
>> [ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
>> [ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
>> [ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
>> [ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
>> [ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
>> [ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
>> [ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
>> [ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
>> [ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
>> [ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
>> [ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
>> [ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
>> [ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
>>
>> Cc: <stable@vger.kernel.org> # v3.16+
>> Signed-off-by: Bin Liu <b-liu@ti.com>
>> ---
>> v2:
>> - lock protects setup_req(), only unlock for usb_ep_queue()
>> - use GFP_KERNEL in usb_ep_queue()
>> - fix the same in two places in gadgetfs_setup() too
>
> Never mind. Sent the patch too soon. It gives the following problem.
>
> [ 179.810367] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:2724
> _raw_spin_unlock_irq+0x24/0x2c
> [ 179.819719] DEBUG_LOCKS_WARN_ON(current->hardirq_context)
thanks for letting us know. I'm dropping this from my queue. Please
resend final patch once you have it ;-)
--
balbi
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] usb: gadget: fix spinlock dead lock in gadgetfs
2016-05-26 6:27 ` Felipe Balbi
@ 2016-05-26 15:38 ` Bin Liu
2016-05-26 16:26 ` Felipe Balbi
0 siblings, 1 reply; 9+ messages in thread
From: Bin Liu @ 2016-05-26 15:38 UTC (permalink / raw)
To: Felipe Balbi; +Cc: linux-usb, stable
Hi,
On Thu, May 26, 2016 at 09:27:26AM +0300, Felipe Balbi wrote:
>
> Hi,
>
> Bin Liu <b-liu@ti.com> writes:
> > On Wed, May 25, 2016 at 02:18:34PM -0500, Bin Liu wrote:
> >> [ 40.467381] =============================================
> >> [ 40.473013] [ INFO: possible recursive locking detected ]
> >> [ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
> >> [ 40.483466] ---------------------------------------------
> >> [ 40.489098] usb/733 is trying to acquire lock:
> >> [ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
> >> [ 40.502882]
> >> [ 40.502882] but task is already holding lock:
> >> [ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
> >> [ 40.517811]
> >> [ 40.517811] other info that might help us debug this:
> >> [ 40.524623] Possible unsafe locking scenario:
> >> [ 40.524623]
> >> [ 40.530798] CPU0
> >> [ 40.533346] ----
> >> [ 40.535894] lock(&(&dev->lock)->rlock);
> >> [ 40.540088] lock(&(&dev->lock)->rlock);
> >> [ 40.544284]
> >> [ 40.544284] *** DEADLOCK ***
> >> [ 40.544284]
> >> [ 40.550461] May be due to missing lock nesting notation
> >> [ 40.550461]
> >> [ 40.557544] 2 locks held by usb/733:
> >> [ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
> >> [ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
> >> [ 40.578523]
> >> [ 40.578523] stack backtrace:
> >> [ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
> >> [ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
> >> [ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
> >> [ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
> >> [ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
> >> [ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
> >> [ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
> >> [ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
> >> [ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
> >> [ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
> >> [ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
> >> [ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
> >> [ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
> >> [ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
> >> [ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
> >>
> >> Cc: <stable@vger.kernel.org> # v3.16+
> >> Signed-off-by: Bin Liu <b-liu@ti.com>
> >> ---
> >> v2:
> >> - lock protects setup_req(), only unlock for usb_ep_queue()
> >> - use GFP_KERNEL in usb_ep_queue()
> >> - fix the same in two places in gadgetfs_setup() too
> >
> > Never mind. Sent the patch too soon. It gives the following problem.
> >
> > [ 179.810367] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:2724
> > _raw_spin_unlock_irq+0x24/0x2c
> > [ 179.819719] DEBUG_LOCKS_WARN_ON(current->hardirq_context)
>
> thanks for letting us know. I'm dropping this from my queue. Please
> resend final patch once you have it ;-)
It turned out to be a very easy fix ;)
I have v3 ready, but checkpatch.pl complains the followings. I don't
think this patch should fix them, since the whole driver is coded like
that. Any comments?
WARNING: space prohibited between function name and open parenthesis '('
#68: FILE: drivers/usb/gadget/legacy/inode.c:941:
+ if ((retval = setup_req (ep, req, 0)) == 0) {
ERROR: do not use assignment in if condition
#68: FILE: drivers/usb/gadget/legacy/inode.c:941:
+ if ((retval = setup_req (ep, req, 0)) == 0) {
WARNING: space prohibited between function name and open parenthesis '('
#69: FILE: drivers/usb/gadget/legacy/inode.c:942:
+ spin_unlock_irq (&dev->lock);
WARNING: space prohibited between function name and open parenthesis '('
#70: FILE: drivers/usb/gadget/legacy/inode.c:943:
+ retval = usb_ep_queue (ep, req, GFP_KERNEL);
WARNING: space prohibited between function name and open parenthesis '('
#71: FILE: drivers/usb/gadget/legacy/inode.c:944:
+ spin_lock_irq (&dev->lock);
WARNING: space prohibited between function name and open parenthesis '('
#81: FILE: drivers/usb/gadget/legacy/inode.c:1464:
+ spin_unlock (&dev->lock);
WARNING: space prohibited between function name and open parenthesis '('
#85: FILE: drivers/usb/gadget/legacy/inode.c:1467:
+ spin_lock (&dev->lock);
WARNING: space prohibited between function name and open parenthesis '('
#95: FILE: drivers/usb/gadget/legacy/inode.c:1491:
+ spin_unlock (&dev->lock);
WARNING: space prohibited between function name and open parenthesis '('
#96: FILE: drivers/usb/gadget/legacy/inode.c:1492:
+ value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
total: 1 errors, 8 warnings, 40 lines checked
Regards,
-Bin.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] usb: gadget: fix spinlock dead lock in gadgetfs
2016-05-26 15:38 ` Bin Liu
@ 2016-05-26 16:26 ` Felipe Balbi
2016-05-26 16:36 ` Bin Liu
0 siblings, 1 reply; 9+ messages in thread
From: Felipe Balbi @ 2016-05-26 16:26 UTC (permalink / raw)
To: Bin Liu; +Cc: linux-usb, stable
[-- Attachment #1: Type: text/plain, Size: 4092 bytes --]
>> Bin Liu <b-liu@ti.com> writes:
>> > On Wed, May 25, 2016 at 02:18:34PM -0500, Bin Liu wrote:
>> >> [ 40.467381] =============================================
>> >> [ 40.473013] [ INFO: possible recursive locking detected ]
>> >> [ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
>> >> [ 40.483466] ---------------------------------------------
>> >> [ 40.489098] usb/733 is trying to acquire lock:
>> >> [ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
>> >> [ 40.502882]
>> >> [ 40.502882] but task is already holding lock:
>> >> [ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
>> >> [ 40.517811]
>> >> [ 40.517811] other info that might help us debug this:
>> >> [ 40.524623] Possible unsafe locking scenario:
>> >> [ 40.524623]
>> >> [ 40.530798] CPU0
>> >> [ 40.533346] ----
>> >> [ 40.535894] lock(&(&dev->lock)->rlock);
>> >> [ 40.540088] lock(&(&dev->lock)->rlock);
>> >> [ 40.544284]
>> >> [ 40.544284] *** DEADLOCK ***
>> >> [ 40.544284]
>> >> [ 40.550461] May be due to missing lock nesting notation
>> >> [ 40.550461]
>> >> [ 40.557544] 2 locks held by usb/733:
>> >> [ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
>> >> [ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
>> >> [ 40.578523]
>> >> [ 40.578523] stack backtrace:
>> >> [ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
>> >> [ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
>> >> [ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
>> >> [ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
>> >> [ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
>> >> [ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
>> >> [ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
>> >> [ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
>> >> [ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
>> >> [ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
>> >> [ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
>> >> [ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
>> >> [ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
>> >> [ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
>> >> [ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
>> >>
>> >> Cc: <stable@vger.kernel.org> # v3.16+
>> >> Signed-off-by: Bin Liu <b-liu@ti.com>
>> >> ---
>> >> v2:
>> >> - lock protects setup_req(), only unlock for usb_ep_queue()
>> >> - use GFP_KERNEL in usb_ep_queue()
>> >> - fix the same in two places in gadgetfs_setup() too
>> >
>> > Never mind. Sent the patch too soon. It gives the following problem.
>> >
>> > [ 179.810367] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:2724
>> > _raw_spin_unlock_irq+0x24/0x2c
>> > [ 179.819719] DEBUG_LOCKS_WARN_ON(current->hardirq_context)
>>
>> thanks for letting us know. I'm dropping this from my queue. Please
>> resend final patch once you have it ;-)
>
> It turned out to be a very easy fix ;)
>
> I have v3 ready, but checkpatch.pl complains the followings. I don't
> think this patch should fix them, since the whole driver is coded like
> that. Any comments?
Let's fix it with a follow-up patch. Can you do that one too, btw? I can
do it, if you don't wanna deal with that; but I'm also open to receiving
free patches heh
--
balbi
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] usb: gadget: fix spinlock dead lock in gadgetfs
2016-05-26 16:26 ` Felipe Balbi
@ 2016-05-26 16:36 ` Bin Liu
2016-05-26 16:43 ` [PATCH v3] " Bin Liu
0 siblings, 1 reply; 9+ messages in thread
From: Bin Liu @ 2016-05-26 16:36 UTC (permalink / raw)
To: Felipe Balbi; +Cc: linux-usb, stable
Hi,
On Thu, May 26, 2016 at 07:26:44PM +0300, Felipe Balbi wrote:
>
> >> Bin Liu <b-liu@ti.com> writes:
> >> > On Wed, May 25, 2016 at 02:18:34PM -0500, Bin Liu wrote:
> >> >> [ 40.467381] =============================================
> >> >> [ 40.473013] [ INFO: possible recursive locking detected ]
> >> >> [ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
> >> >> [ 40.483466] ---------------------------------------------
> >> >> [ 40.489098] usb/733 is trying to acquire lock:
> >> >> [ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
> >> >> [ 40.502882]
> >> >> [ 40.502882] but task is already holding lock:
> >> >> [ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
> >> >> [ 40.517811]
> >> >> [ 40.517811] other info that might help us debug this:
> >> >> [ 40.524623] Possible unsafe locking scenario:
> >> >> [ 40.524623]
> >> >> [ 40.530798] CPU0
> >> >> [ 40.533346] ----
> >> >> [ 40.535894] lock(&(&dev->lock)->rlock);
> >> >> [ 40.540088] lock(&(&dev->lock)->rlock);
> >> >> [ 40.544284]
> >> >> [ 40.544284] *** DEADLOCK ***
> >> >> [ 40.544284]
> >> >> [ 40.550461] May be due to missing lock nesting notation
> >> >> [ 40.550461]
> >> >> [ 40.557544] 2 locks held by usb/733:
> >> >> [ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
> >> >> [ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
> >> >> [ 40.578523]
> >> >> [ 40.578523] stack backtrace:
> >> >> [ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
> >> >> [ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
> >> >> [ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
> >> >> [ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
> >> >> [ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
> >> >> [ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
> >> >> [ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
> >> >> [ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
> >> >> [ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
> >> >> [ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
> >> >> [ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
> >> >> [ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
> >> >> [ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
> >> >> [ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
> >> >> [ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
> >> >>
> >> >> Cc: <stable@vger.kernel.org> # v3.16+
> >> >> Signed-off-by: Bin Liu <b-liu@ti.com>
> >> >> ---
> >> >> v2:
> >> >> - lock protects setup_req(), only unlock for usb_ep_queue()
> >> >> - use GFP_KERNEL in usb_ep_queue()
> >> >> - fix the same in two places in gadgetfs_setup() too
> >> >
> >> > Never mind. Sent the patch too soon. It gives the following problem.
> >> >
> >> > [ 179.810367] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:2724
> >> > _raw_spin_unlock_irq+0x24/0x2c
> >> > [ 179.819719] DEBUG_LOCKS_WARN_ON(current->hardirq_context)
> >>
> >> thanks for letting us know. I'm dropping this from my queue. Please
> >> resend final patch once you have it ;-)
> >
> > It turned out to be a very easy fix ;)
> >
> > I have v3 ready, but checkpatch.pl complains the followings. I don't
> > think this patch should fix them, since the whole driver is coded like
> > that. Any comments?
>
> Let's fix it with a follow-up patch. Can you do that one too, btw? I can
> do it, if you don't wanna deal with that; but I'm also open to receiving
> free patches heh
I'd like to do it, but I have a pile of other suff to do. (I still
remember I owe you a g-zero test with dwc3...)
Regards,
-Bin.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v3] usb: gadget: fix spinlock dead lock in gadgetfs
2016-05-26 16:36 ` Bin Liu
@ 2016-05-26 16:43 ` Bin Liu
0 siblings, 0 replies; 9+ messages in thread
From: Bin Liu @ 2016-05-26 16:43 UTC (permalink / raw)
To: Felipe Balbi, linux-usb; +Cc: b-liu, stable
[ 40.467381] =============================================
[ 40.473013] [ INFO: possible recursive locking detected ]
[ 40.478651] 4.6.0-08691-g7f3db9a #37 Not tainted
[ 40.483466] ---------------------------------------------
[ 40.489098] usb/733 is trying to acquire lock:
[ 40.493734] (&(&dev->lock)->rlock){-.....}, at: [<bf129288>] ep0_complete+0x18/0xdc [gadgetfs]
[ 40.502882]
[ 40.502882] but task is already holding lock:
[ 40.508967] (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.517811]
[ 40.517811] other info that might help us debug this:
[ 40.524623] Possible unsafe locking scenario:
[ 40.524623]
[ 40.530798] CPU0
[ 40.533346] ----
[ 40.535894] lock(&(&dev->lock)->rlock);
[ 40.540088] lock(&(&dev->lock)->rlock);
[ 40.544284]
[ 40.544284] *** DEADLOCK ***
[ 40.544284]
[ 40.550461] May be due to missing lock nesting notation
[ 40.550461]
[ 40.557544] 2 locks held by usb/733:
[ 40.561271] #0: (&f->f_pos_lock){+.+.+.}, at: [<c02a6114>] __fdget_pos+0x40/0x48
[ 40.569219] #1: (&(&dev->lock)->rlock){-.....}, at: [<bf12a420>] ep0_read+0x20/0x5e0 [gadgetfs]
[ 40.578523]
[ 40.578523] stack backtrace:
[ 40.583075] CPU: 0 PID: 733 Comm: usb Not tainted 4.6.0-08691-g7f3db9a #37
[ 40.590246] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 40.596625] [<c010ffbc>] (unwind_backtrace) from [<c010c1bc>] (show_stack+0x10/0x14)
[ 40.604718] [<c010c1bc>] (show_stack) from [<c04207fc>] (dump_stack+0xb0/0xe4)
[ 40.612267] [<c04207fc>] (dump_stack) from [<c01886ec>] (__lock_acquire+0xf68/0x1994)
[ 40.620440] [<c01886ec>] (__lock_acquire) from [<c0189528>] (lock_acquire+0xd8/0x238)
[ 40.628621] [<c0189528>] (lock_acquire) from [<c06ad6b4>] (_raw_spin_lock_irqsave+0x38/0x4c)
[ 40.637440] [<c06ad6b4>] (_raw_spin_lock_irqsave) from [<bf129288>] (ep0_complete+0x18/0xdc [gadgetfs])
[ 40.647339] [<bf129288>] (ep0_complete [gadgetfs]) from [<bf10a728>] (musb_g_giveback+0x118/0x1b0 [musb_hdrc])
[ 40.657842] [<bf10a728>] (musb_g_giveback [musb_hdrc]) from [<bf108768>] (musb_g_ep0_queue+0x16c/0x188 [musb_hdrc])
[ 40.668772] [<bf108768>] (musb_g_ep0_queue [musb_hdrc]) from [<bf12a944>] (ep0_read+0x544/0x5e0 [gadgetfs])
[ 40.678963] [<bf12a944>] (ep0_read [gadgetfs]) from [<c0284470>] (__vfs_read+0x20/0x110)
[ 40.687414] [<c0284470>] (__vfs_read) from [<c0285324>] (vfs_read+0x88/0x114)
[ 40.694864] [<c0285324>] (vfs_read) from [<c0286150>] (SyS_read+0x44/0x9c)
[ 40.702051] [<c0286150>] (SyS_read) from [<c0107820>] (ret_fast_syscall+0x0/0x1c)
This is caused by the spinlock bug in ep0_read().
Fix the two other deadlock sources in gadgetfs_setup() too.
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Bin Liu <b-liu@ti.com>
---
v3:
- update commit comments mentioning the fix in gadgetfs_setup()
- use spin_(un)lock() for fix in gadgetfs_setup(), instead of
spin_(un)lock_irq(), since locked by spin_lock()
v2:
- lock protects setup_req(), only unlock for usb_ep_queue()
- use GFP_KERNEL in usb_ep_queue()
- fix the same in two places in gadgetfs_setup() too
drivers/usb/gadget/legacy/inode.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index e64479f..aa3707b 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -938,8 +938,11 @@ ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
struct usb_ep *ep = dev->gadget->ep0;
struct usb_request *req = dev->req;
- if ((retval = setup_req (ep, req, 0)) == 0)
- retval = usb_ep_queue (ep, req, GFP_ATOMIC);
+ if ((retval = setup_req (ep, req, 0)) == 0) {
+ spin_unlock_irq (&dev->lock);
+ retval = usb_ep_queue (ep, req, GFP_KERNEL);
+ spin_lock_irq (&dev->lock);
+ }
dev->state = STATE_DEV_CONNECTED;
/* assume that was SET_CONFIGURATION */
@@ -1457,8 +1460,11 @@ delegate:
w_length);
if (value < 0)
break;
+
+ spin_unlock (&dev->lock);
value = usb_ep_queue (gadget->ep0, dev->req,
- GFP_ATOMIC);
+ GFP_KERNEL);
+ spin_lock (&dev->lock);
if (value < 0) {
clean_req (gadget->ep0, dev->req);
break;
@@ -1481,11 +1487,14 @@ delegate:
if (value >= 0 && dev->state != STATE_DEV_SETUP) {
req->length = value;
req->zero = value < w_length;
- value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
+
+ spin_unlock (&dev->lock);
+ value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
if (value < 0) {
DBG (dev, "ep_queue --> %d\n", value);
req->status = 0;
}
+ return value;
}
/* device stalls when value < 0 */
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
end of thread, other threads:[~2016-05-26 16:43 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-25 18:19 [PATCH] usb: gadget: fix spinlock dead lock in gadgetfs Bin Liu
2016-05-25 18:51 ` Alan Stern
2016-05-25 19:18 ` [PATCH v2] " Bin Liu
2016-05-25 19:24 ` Bin Liu
2016-05-26 6:27 ` Felipe Balbi
2016-05-26 15:38 ` Bin Liu
2016-05-26 16:26 ` Felipe Balbi
2016-05-26 16:36 ` Bin Liu
2016-05-26 16:43 ` [PATCH v3] " Bin Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox