| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTi=870hxExeRmA56nzm3Ptuo06gkB1cWUXjKxin5@mail.gmail.com>
Date: Wed, 19 Jan 2011 17:19:46 +0800
From: Dave Young <hidave.darkstar@...il.com>
To: Yang Ruirui <ruirui.r.yang@...to.com>
Cc: Greg Kroah-Hartman <gregkh@...e.de>,
Mian Yousaf Kaukab <mian.yousaf.kaukab@...ricsson.com>,
Linus Walleij <linus.walleij@...ricsson.com>,
Heikki Krogerus <ext-heikki.krogerus@...ia.com>,
Tejun Heo <tj@...nel.org>,
Samuel Ortiz <sameo@...ux.intel.com>, Hema HK <hemahk@...com>,
linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb otg: use atomic notifier instead of blocking notifier
On Wed, Jan 19, 2011 at 5:22 PM, Yang Ruirui <ruirui.r.yang@...to.com> wrote:
>
> following bug happens with meego 2.6.35 kernel on nokia n900:
>
> [ 28.693756] BUG: sleeping function called from invalid context at kernel/rwsem.c:21
> [ 28.693786] in_atomic(): 1, irqs_disabled(): 128, pid: 706, name: udisks-part-id
> [ 28.693817] 1 lock held by udisks-part-id/706:
> [ 28.693817] #0: (&(&musb->lock)->rlock){-.-...}, at: [<c0278590>] musb_g_disconnect+0x90/0x148
> [ 28.693908] irq event stamp: 1169
> [ 28.693908] hardirqs last enabled at (1168): [<c00c4b3c>] kmem_cache_alloc+0xd0/0x128
> [ 28.693969] hardirqs last disabled at (1169): [<c002da34>] __irq_svc+0x34/0xb4
> [ 28.694000] softirqs last enabled at (0): [<c0054bcc>] copy_process+0x304/0xe18
> [ 28.694030] softirqs last disabled at (0): [<(null)>] (null)
> [ 28.694091] [<c00326a0>] (unwind_backtrace+0x0/0xec) from [<c037e6b0>] (down_read+0x20/0x5c)
> [ 28.694152] [<c037e6b0>] (down_read+0x20/0x5c) from [<c0070770>] (__blocking_notifier_call_chain+0x2c/0x5c)
> [ 28.694183] [<c0070770>] (__blocking_notifier_call_chain+0x2c/0x5c) from [<c00707b4>] (blocking_notifier_call_chain+0x14/0x18)
> [ 28.694213] [<c00707b4>] (blocking_notifier_call_chain+0x14/0x18) from [<c02784d8>] (musb_gadget_vbus_draw+0x38/0x60)
> [ 28.694274] [<c02784d8>] (musb_gadget_vbus_draw+0x38/0x60) from [<c0276d10>] (musb_interrupt+0xb08/0xcb0)
> [ 28.694305] [<c0276d10>] (musb_interrupt+0xb08/0xcb0) from [<c0276f08>] (generic_interrupt+0x50/0x68)
> [ 28.694335] [<c0276f08>] (generic_interrupt+0x50/0x68) from [<c008fcf4>] (handle_IRQ_event+0x24/0xe8)
> [ 28.694396] [<c008fcf4>] (handle_IRQ_event+0x24/0xe8) from [<c0091924>] (handle_level_irq+0xac/0x128)
> [ 28.694427] [<c0091924>] (handle_level_irq+0xac/0x128) from [<c002d070>] (asm_do_IRQ+0x70/0x90)
> [ 28.694458] [<c002d070>] (asm_do_IRQ+0x70/0x90) from [<c002da4c>] (__irq_svc+0x4c/0xb4)
> [ 28.694488] Exception stack(0xcd835ed0 to 0xcd835f18)
> [ 28.694519] 5ec0: cfc0a240 c8282000 0000006b 0000006b
> [ 28.694549] 5ee0: cfc0a240 0000041a 00001000 00000000 c8282000 cd834000 c8282000 be80c464
> [ 28.694580] 5f00: 00000c1e cd835f18 c00c333c c00c297c 80000013 ffffffff
> [ 28.694610] [<c002da4c>] (__irq_svc+0x4c/0xb4) from [<c00c297c>] (check_poison_obj+0x24/0x194)
> [ 28.694641] [<c00c297c>] (check_poison_obj+0x24/0x194) from [<c00c333c>] (cache_alloc_debugcheck_after+0x28/0x188)
> [ 28.694671] [<c00c333c>] (cache_alloc_debugcheck_after+0x28/0x188) from [<c00c4b54>] (kmem_cache_alloc+0xe8/0x128)
> [ 28.694732] [<c00c4b54>] (kmem_cache_alloc+0xe8/0x128) from [<c00d79dc>] (getname+0x18/0xcc)
> [ 28.694763] [<c00d79dc>] (getname+0x18/0xcc) from [<c00cbca8>] (do_sys_open+0x18/0x10c)
> [ 28.694793] [<c00cbca8>] (do_sys_open+0x18/0x10c) from [<c002df40>] (ret_fast_syscall+0x0/0x3c)
> [ 28.694854]
> [ 28.694854] =================================
> [ 28.709014] [ INFO: inconsistent lock state ]
> [ 28.717254] 2.6.35.96.5-adaptation-n900 #1
> [ 28.725128] ---------------------------------
> [ 28.733123] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-R} usage.
> [ 28.742980] udisks-part-id/706 [HC1[1]:SC0[0]:HE0:SE1] takes:
> [ 28.752441] (&(&twl->otg.notifier)->rwsem){+-+...}, at: [<c0070770>] __blocking_notifier_call_chain+0x2c/0x5c
> [ 28.769836] {HARDIRQ-ON-W} state was registered at:
> [ 28.778320] [<c007c1dc>] __lock_acquire+0x618/0x1730
> [ 28.787109] [<c007d354>] lock_acquire+0x60/0x74
> [ 28.795227] [<c037e67c>] down_write+0x48/0x5c
> [ 28.803131] [<c00708a8>] blocking_notifier_chain_register+0x30/0x54
> [ 28.812896] [<bf0da9f8>] isp1704_charger_probe+0x268/0x39c [isp1704_charger]
> [ 28.823394] [<c0239410>] platform_drv_probe+0x18/0x1c
> [ 28.831787] [<c02385c8>] driver_probe_device+0xa8/0x158
> [ 28.840332] [<c02386e0>] __driver_attach+0x68/0x8c
> [ 28.848510] [<c0237e68>] bus_for_each_dev+0x44/0x74
> [ 28.856689] [<c02377c8>] bus_add_driver+0x9c/0x20c
> [ 28.864746] [<c02389b0>] driver_register+0xa8/0x138
> [ 28.872955] [<c002d340>] do_one_initcall+0x58/0x1ac
> [ 28.881134] [<c0085cdc>] sys_init_module+0x90/0x1b0
> [ 28.889343] [<c002df40>] ret_fast_syscall+0x0/0x3c
> [ 28.897491] irq event stamp: 1169
> [ 28.904083] hardirqs last enabled at (1168): [<c00c4b3c>] kmem_cache_alloc+0xd0/0x128
> [ 28.915557] hardirqs last disabled at (1169): [<c002da34>] __irq_svc+0x34/0xb4
> [ 28.926239] softirqs last enabled at (0): [<c0054bcc>] copy_process+0x304/0xe18
> [ 28.937194] softirqs last disabled at (0): [<(null)>] (null)
> [ 28.946258]
> [ 28.946258] other info that might help us debug this:
> [ 28.959381] 1 lock held by udisks-part-id/706:
> [ 28.967163] #0: (&(&musb->lock)->rlock){-.-...}, at: [<c0278590>] musb_g_disconnect+0x90/0x148
> [ 28.979705]
> [ 28.979705] stack backtrace:
> [ 28.990997] [<c00326a0>] (unwind_backtrace+0x0/0xec) from [<c007a39c>] (print_usage_bug+0x170/0x1b4)
> [ 29.007293] [<c007a39c>] (print_usage_bug+0x170/0x1b4) from [<c007a738>] (mark_lock+0x358/0x628)
> [ 29.019836] [<c007a738>] (mark_lock+0x358/0x628) from [<c007c118>] (__lock_acquire+0x554/0x1730)
> [ 29.032409] [<c007c118>] (__lock_acquire+0x554/0x1730) from [<c007d354>] (lock_acquire+0x60/0x74)
> [ 29.045166] [<c007d354>] (lock_acquire+0x60/0x74) from [<c037e6d8>] (down_read+0x48/0x5c)
> [ 29.057250] [<c037e6d8>] (down_read+0x48/0x5c) from [<c0070770>] (__blocking_notifier_call_chain+0x2c/0x5c)
> [ 29.074920] [<c0070770>] (__blocking_notifier_call_chain+0x2c/0x5c) from [<c00707b4>] (blocking_notifier_call_chain+0x14/0x18)
> [ 29.094573] [<c00707b4>] (blocking_notifier_call_chain+0x14/0x18) from [<c02784d8>] (musb_gadget_vbus_draw+0x38/0x60)
> [ 29.113891] [<c02784d8>] (musb_gadget_vbus_draw+0x38/0x60) from [<c0276d10>] (musb_interrupt+0xb08/0xcb0)
> [ 29.132629] [<c0276d10>] (musb_interrupt+0xb08/0xcb0) from [<c0276f08>] (generic_interrupt+0x50/0x68)
> [ 29.151580] [<c0276f08>] (generic_interrupt+0x50/0x68) from [<c008fcf4>] (handle_IRQ_event+0x24/0xe8)
> [ 29.171081] [<c008fcf4>] (handle_IRQ_event+0x24/0xe8) from [<c0091924>] (handle_level_irq+0xac/0x128)
> [ 29.190948] [<c0091924>] (handle_level_irq+0xac/0x128) from [<c002d070>] (asm_do_IRQ+0x70/0x90)
> [ 29.205291] [<c002d070>] (asm_do_IRQ+0x70/0x90) from [<c002da4c>] (__irq_svc+0x4c/0xb4)
> [ 29.218963] Exception stack(0xcd835ed0 to 0xcd835f18)
> [ 29.229644] 5ec0: cfc0a240 c8282000 0000006b 0000006b
> [ 29.243591] 5ee0: cfc0a240 0000041a 00001000 00000000 c8282000 cd834000 c8282000 be80c464
> [ 29.257629] 5f00: 00000c1e cd835f18 c00c333c c00c297c 80000013 ffffffff
> [ 29.270111] [<c002da4c>] (__irq_svc+0x4c/0xb4) from [<c00c297c>] (check_poison_obj+0x24/0x194)
> [ 29.284637] [<c00c297c>] (check_poison_obj+0x24/0x194) from [<c00c333c>] (cache_alloc_debugcheck_after+0x28/0x188)
> [ 29.306732] [<c00c333c>] (cache_alloc_debugcheck_after+0x28/0x188) from [<c00c4b54>] (kmem_cache_alloc+0xe8/0x128)
> [ 29.329071] [<c00c4b54>] (kmem_cache_alloc+0xe8/0x128) from [<c00d79dc>] (getname+0x18/0xcc)
> [ 29.343597] [<c00d79dc>] (getname+0x18/0xcc) from [<c00cbca8>] (do_sys_open+0x18/0x10c)
> [ 29.357696] [<c00cbca8>] (do_sys_open+0x18/0x10c) from [<c002df40>] (ret_fast_syscall+0x0/0x3c)
>
> Actually the blocking notifier chain runs in process context, so not fit for use here.
>
> For mainline kernel there's such issue as well.
> Here fix this problem by changing to use atomic_notifier.
>
> Signed-off-by: Yang Ruirui <ruirui.r.yang@...to.com>
> ---
> drivers/usb/otg/ab8500-usb.c | 6 +++---
> drivers/usb/otg/twl4030-usb.c | 6 +++---
> drivers/usb/otg/twl6030-usb.c | 6 +++---
> include/linux/usb/otg.h | 6 +++---
> 4 files changed, 12 insertions(+), 12 deletions(-)
>
> --- linux-2.6.orig/include/linux/usb/otg.h 2011-01-17 09:39:11.000000000 +0800
> +++ linux-2.6/include/linux/usb/otg.h 2011-01-19 16:38:06.649546989 +0800
> @@ -74,7 +74,7 @@ struct otg_transceiver {
> void __iomem *io_priv;
>
> /* for notification of usb_xceiv_events */
> - struct blocking_notifier_head notifier;
> + struct atomic_notifier_head notifier;
>
> /* to pass extra port status to the root hub */
> u16 port_status;
> @@ -234,13 +234,13 @@ otg_start_srp(struct otg_transceiver *ot
> static inline int
> otg_register_notifier(struct otg_transceiver *otg, struct notifier_block *nb)
> {
> - return blocking_notifier_chain_register(&otg->notifier, nb);
> + return atomic_notifier_chain_register(&otg->notifier, nb);
> }
>
> static inline void
> otg_unregister_notifier(struct otg_transceiver *otg, struct notifier_block *nb)
> {
> - blocking_notifier_chain_unregister(&otg->notifier, nb);
> + atomic_notifier_chain_unregister(&otg->notifier, nb);
> }
>
> /* for OTG controller drivers (and maybe other stuff) */
> --- linux-2.6.orig/drivers/usb/otg/ab8500-usb.c 2011-01-17 09:39:11.000000000 +0800
> +++ linux-2.6/drivers/usb/otg/ab8500-usb.c 2011-01-19 16:50:21.942878632 +0800
> @@ -212,7 +212,7 @@ static int ab8500_usb_link_status_update
> break;
> }
>
> - blocking_notifier_call_chain(&ab->otg.notifier, event, v);
> + atomic_notifier_call_chain(&ab->otg.notifier, event, v);
>
> return 0;
> }
> @@ -281,7 +281,7 @@ static int ab8500_usb_set_power(struct o
> ab->vbus_draw = mA;
>
> if (mA)
> - blocking_notifier_call_chain(&ab->otg.notifier,
> + atomic_notifier_call_chain(&ab->otg.notifier,
> USB_EVENT_ENUMERATED, ab->otg.gadget);
> return 0;
> }
> @@ -500,7 +500,7 @@ static int __devinit ab8500_usb_probe(st
>
> platform_set_drvdata(pdev, ab);
>
> - BLOCKING_INIT_NOTIFIER_HEAD(&ab->otg.notifier);
> + ATOMIC_INIT_NOTIFIER_HEAD(&ab->otg.notifier);
>
> /* v1: Wait for link status to become stable.
> * all: Updates form set_host and set_peripheral as they are atomic.
> --- linux-2.6.orig/drivers/usb/otg/twl4030-usb.c 2011-01-17 09:39:11.000000000 +0800
> +++ linux-2.6/drivers/usb/otg/twl4030-usb.c 2011-01-19 16:50:05.929545335 +0800
> @@ -512,7 +512,7 @@ static irqreturn_t twl4030_usb_irq(int i
> else
> twl4030_phy_resume(twl);
>
> - blocking_notifier_call_chain(&twl->otg.notifier, status,
> + atomic_notifier_call_chain(&twl->otg.notifier, status,
> twl->otg.gadget);
> }
> sysfs_notify(&twl->dev->kobj, NULL, "vbus");
> @@ -534,7 +534,7 @@ static void twl4030_usb_phy_init(struct
> twl->asleep = 0;
> }
>
> - blocking_notifier_call_chain(&twl->otg.notifier, status,
> + atomic_notifier_call_chain(&twl->otg.notifier, status,
> twl->otg.gadget);
> }
> sysfs_notify(&twl->dev->kobj, NULL, "vbus");
> @@ -623,7 +623,7 @@ static int __devinit twl4030_usb_probe(s
> if (device_create_file(&pdev->dev, &dev_attr_vbus))
> dev_warn(&pdev->dev, "could not create sysfs file\n");
>
> - BLOCKING_INIT_NOTIFIER_HEAD(&twl->otg.notifier);
> + ATOMIC_INIT_NOTIFIER_HEAD(&twl->otg.notifier);
>
> /* Our job is to use irqs and status from the power module
> * to keep the transceiver disabled when nothing's connected.
> --- linux-2.6.orig/drivers/usb/otg/twl6030-usb.c 2011-01-17 09:39:11.000000000 +0800
> +++ linux-2.6/drivers/usb/otg/twl6030-usb.c 2011-01-19 16:49:47.112878712 +0800
> @@ -269,7 +269,7 @@ static irqreturn_t twl6030_usb_irq(int i
> }
> if (status >= 0) {
> twl->linkstat = status;
> - blocking_notifier_call_chain(&twl->otg.notifier,
> + atomic_notifier_call_chain(&twl->otg.notifier,
> status, twl->otg.gadget);
> }
> }
> @@ -294,7 +294,7 @@ static irqreturn_t twl6030_usbotg_irq(in
> status = USB_EVENT_ID;
> twl->otg.default_a = true;
> twl->otg.state = OTG_STATE_A_IDLE;
> - blocking_notifier_call_chain(&twl->otg.notifier, status,
> + atomic_notifier_call_chain(&twl->otg.notifier, status,
> twl->otg.gadget);
> } else {
> twl6030_writeb(twl, TWL_MODULE_USB, USB_ID_INT_EN_HI_CLR,
> @@ -411,7 +411,7 @@ static int __devinit twl6030_usb_probe(s
> if (device_create_file(&pdev->dev, &dev_attr_vbus))
> dev_warn(&pdev->dev, "could not create sysfs file\n");
>
> - BLOCKING_INIT_NOTIFIER_HEAD(&twl->otg.notifier);
> + ATOMIC_INIT_NOTIFIER_HEAD(&twl->otg.notifier);
>
> twl->irq_enabled = true;
> status = request_threaded_irq(twl->irq1, NULL, twl6030_usbotg_irq,
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
Sorry about send this twice
--
Regards
dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists