lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 3 Apr 2017 00:48:16 +0100
From:   André Przywara <andre.przywara@....com>
To:     Tejun Heo <tj@...nel.org>, Icenowy Zheng <icenowy@...c.xyz>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Adam Borowski <kilobyte@...band.pl>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: sun50i-a64-pinctrl WARN_ON drivers/base/dd.c:349

Hi,

On 17/03/17 14:44, Tejun Heo wrote:
> On Fri, Mar 17, 2017 at 10:28:34PM +0800, Icenowy Zheng wrote:
>>> It's warning that the device has resources associated with it on
>>> probe. There gotta be something fishy going on with the probing
>>> sequence. How reproducible is the problem?
>>
>> Do you mean in the first probing trial the driver didn't clean up well?
> 
> Possibly but devres should have released all resources after the
> previous probe failure or driver disassociation, so I have no idea how
> there can be resources left on that list.
> 
>> With the same driver I didn't see this problem in 4.11-rc{1,2}.
> 
> devres hasn't changed, so I have no idea what changed that.  Which
> kernels are affected?  Can you bisect if the problem is easily
> reproducible?

So I see this problem easily now - on every boot - with an unpatched
4.11-rc3 kernel and the (arm64) defconfig on a Pine64 or BananaPi M64.
I enabled devres.log and see that pinctrl probes early, but apparently
gets deferred, pretty late actually (after 43 ADDs).

Now what sticks out from the sequence (see the attached log) is that
there are two un-matches ADDs with a devm_kmalloc of size 0:
sun50i-a64-pinctrl 1c20800.pinctrl: DEVRES ADD ffff80007bd84200
devm_kzalloc_release (0 bytes)
sun50i-a64-pinctrl 1c20800.pinctrl: DEVRES ADD ffff80007bd84100
devm_kzalloc_release (0 bytes)

While all the other ADDs have a matching REL, those two have not. I
guess it's due to the size being 0. Does that ring a bell?

Or is due to the fact that these two ADDs are after the RELs have
already started, so at a point where the driver is already cleaned up?

The last two successful actions are the devm_pinctrl_register() and the
following devm_kzalloc() for struct gpiochip (312 bytes) (in
drivers/pinctrl/sunxi/pinctrl-sunxi.c). The it calls
gpiochip_add_data(), which apparently returns -EPROBE_DEFER.

I am pretty clueless when it comes to the internals of devm and devres,
and TBH couldn't easily see where the it could fail in
drivers/base/devres.c.

So does any of you have a clue?

Cheers,
Andre.


View attachment "dmesg_pinctrl.txt" of type "text/plain" (50229 bytes)

Powered by blists - more mailing lists