lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 2 May 2022 13:46:39 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Dan Vacura <w36195@...orola.com>
Cc:     linux-usb@...r.kernel.org,
        Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        Felipe Balbi <balbi@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: uvc: allow for application to cleanly
 shutdown

On Sun, May 01, 2022 at 11:11:36PM -0500, Dan Vacura wrote:
> On Sat, Apr 30, 2022 at 09:56:50AM +0200, Greg Kroah-Hartman wrote:
> > On Fri, Apr 29, 2022 at 02:20:01PM -0500, Dan Vacura wrote:
> > > Several types of kernel panics can occur due to timing during the uvc
> > > gadget removal. This appears to be a problem with gadget resources being
> > > managed by both the client application's v4l2 open/close and the UDC
> > > gadget bind/unbind. Since the concept of USB_GADGET_DELAYED_STATUS
> > > doesn't exist for unbind, add a wait to allow for the application to
> > > close out.
> > > 
> > > Some examples of the panics that can occur are:
> > > 
> > > <1>[ 1147.652313] Unable to handle kernel NULL pointer dereference at
> > > virtual address 0000000000000028
> > > <4>[ 1147.652510] Call trace:
> > > <4>[ 1147.652514]  usb_gadget_disconnect+0x74/0x1f0
> > > <4>[ 1147.652516]  usb_gadget_deactivate+0x38/0x168
> > > <4>[ 1147.652520]  usb_function_deactivate+0x54/0x90
> > > <4>[ 1147.652524]  uvc_function_disconnect+0x14/0x38
> > > <4>[ 1147.652527]  uvc_v4l2_release+0x34/0xa0
> > > <4>[ 1147.652537]  __fput+0xdc/0x2c0
> > > <4>[ 1147.652540]  ____fput+0x10/0x1c
> > > <4>[ 1147.652545]  task_work_run+0xe4/0x12c
> > > <4>[ 1147.652549]  do_notify_resume+0x108/0x168
> > > 
> > > <1>[  282.950561][ T1472] Unable to handle kernel NULL pointer
> > > dereference at virtual address 00000000000005b8
> > > <6>[  282.953111][ T1472] Call trace:
> > > <6>[  282.953121][ T1472]  usb_function_deactivate+0x54/0xd4
> > > <6>[  282.953134][ T1472]  uvc_v4l2_release+0xac/0x1e4
> > > <6>[  282.953145][ T1472]  v4l2_release+0x134/0x1f0
> > > <6>[  282.953167][ T1472]  __fput+0xf4/0x428
> > > <6>[  282.953178][ T1472]  ____fput+0x14/0x24
> > > <6>[  282.953193][ T1472]  task_work_run+0xac/0x130
> > > 
> > > <3>[  213.410077][   T29] configfs-gadget gadget: uvc: Failed to queue
> > > request (-108).
> > > <1>[  213.410116][   T29] Unable to handle kernel NULL pointer
> > > dereference at virtual address 0000000000000003
> > > <6>[  213.413460][   T29] Call trace:
> > > <6>[  213.413474][   T29]  uvcg_video_pump+0x1f0/0x384
> > > <6>[  213.413489][   T29]  process_one_work+0x2a4/0x544
> > > <6>[  213.413502][   T29]  worker_thread+0x350/0x784
> > > <6>[  213.413515][   T29]  kthread+0x2ac/0x320
> > > <6>[  213.413528][   T29]  ret_from_fork+0x10/0x30
> > > 
> > > Signed-off-by: Dan Vacura <w36195@...orola.com>
> > > ---
> > >  drivers/usb/gadget/function/f_uvc.c    | 24 ++++++++++++++++++++++++
> > >  drivers/usb/gadget/function/uvc.h      |  2 ++
> > >  drivers/usb/gadget/function/uvc_v4l2.c |  3 ++-
> > >  3 files changed, 28 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/usb/gadget/function/f_uvc.c b/drivers/usb/gadget/function/f_uvc.c
> > > index 50e6e7a58b41..3cc8cf24a7c7 100644
> > > --- a/drivers/usb/gadget/function/f_uvc.c
> > > +++ b/drivers/usb/gadget/function/f_uvc.c
> > > @@ -892,13 +892,36 @@ static void uvc_function_unbind(struct usb_configuration *c,
> > >  {
> > >  	struct usb_composite_dev *cdev = c->cdev;
> > >  	struct uvc_device *uvc = to_uvc(f);
> > > +	int wait_ret = 1;
> > >  
> > >  	uvcg_info(f, "%s()\n", __func__);
> > 
> > Ick, wait, is that in the kernel?  That needs to be removed, ftrace can
> > do that for you.
> 
> Yes, part of the kernel, and tbh, I find it to be quite helpful in
> debugging field issues from customers, where enabling ftrace isn't
> practical.

Why isn't ftrace ok to enable in a running kernel?

Worst case, this should be dev_dbg(), right?

> If you still want to remove, there are other locations in
> this gadget driver that log function entry. Perhaps it'd be better to
> do a separate change that cleans up logging a bit or do you prefer to
> just refactor this one now?

This commit is fine, it's a separate issue, I just noticed it as it was
in the context of this change.

> > > +	/* If we know we're connected via v4l2, then there should be a cleanup
> > > +	 * of the device from userspace either via UVC_EVENT_DISCONNECT or
> > > +	 * though the video device removal uevent. Allow some time for the
> > > +	 * application to close out before things get deleted.
> > > +	 */
> > > +	if (uvc->func_connected) {
> > > +		uvcg_info(f, "%s waiting for clean disconnect\n", __func__);
> > > +		wait_ret = wait_event_interruptible_timeout(uvc->func_connected_queue,
> > > +				uvc->func_connected == false, msecs_to_jiffies(500));
> > > +		uvcg_info(f, "%s done waiting with ret: %u\n", __func__, wait_ret);
> > 
> > Please remove debugging code before submitting patches.
> 
> Will do.

But this should be removed :)

Feel free to change it to dev_dbg(), which gives you the __func__
automatically without anything extra needed.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ