| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK8P3a062No7XP5AUcpc5ZdECmDUUWgGfP+fdXqY2Ko=HnYHbQ@mail.gmail.com>
Date: Wed, 4 May 2022 11:22:20 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Naresh Kamboju <naresh.kamboju@...aro.org>
Cc: Linux-Next Mailing List <linux-next@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
lkft-triage@...ts.linaro.org,
Stephen Rothwell <sfr@...b.auug.org.au>,
Saravana Kannan <saravanak@...gle.com>,
"Paul E. McKenney" <paulmck@...nel.org>,
Arnd Bergmann <arnd@...db.de>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Dmitry Baryshkov <dmitry.baryshkov@...aro.org>,
Arnaud Pouliquen <arnaud.pouliquen@...s.st.com>,
Mathieu Poirier <mathieu.poirier@...aro.org>,
Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
Subject: Re: [next] db410c: WARNING: CPU: 3 PID: 57 at kernel/locking/mutex.c:582
__mutex_lock
On Wed, May 4, 2022 at 11:09 AM Naresh Kamboju
<naresh.kamboju@...aro.org> wrote:
>
> Following kernel DEBUG_LOCKS_WARN_ON(lock->magic != lock) noticed on arm64
> dragonboard 410c device while booting Linux next-20220502 tag kernel.
>
> warning:
> ---------
> [ 6.052275] ------------[ cut here ]------------
> [ 6.052289] DEBUG_LOCKS_WARN_ON(lock->magic != lock)
> [ 6.052314] WARNING: CPU: 3 PID: 57 at kernel/locking/mutex.c:582
> __mutex_lock+0x1dc/0x420
> [ 6.052345] Modules linked in:
> [ 6.052361] CPU: 3 PID: 57 Comm: kworker/u8:2 Not tainted
> 5.18.0-rc5-next-20220502 #1
> [ 6.052374] Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
> [ 6.052384] Workqueue: events_unbound deferred_probe_work_func
> [ 6.052408] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [ 6.052421] pc : __mutex_lock+0x1dc/0x420
> [ 6.052434] lr : __mutex_lock+0x1dc/0x420
> [ 6.052446] sp : ffff80000c42b9a0
> [ 6.052453] x29: ffff80000c42b9a0 x28: ffff80000b314860 x27: ffff00000408810d
> [ 6.052481] x26: ffff80000adb4bb8 x25: ffff000005220a74 x24: 0000000000000000
> [ 6.052506] x23: 0000000000000000 x22: ffff800008bbef8c x21: 0000000000000002
> [ 6.052533] x20: 0000000000000000 x19: ffff00000c1a5110 x18: 0000000000000000
> [ 6.052558] x17: ffff800008bbd594 x16: ffff800008bc10f4 x15: ffff80000927b6c4
> [ 6.052585] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47
> [ 6.052611] x11: 656820747563205b x10: 0000000000000029 x9 : ffff8000081cc7b8
> [ 6.052637] x8 : 0000000000000029 x7 : 0000000000000013 x6 : 0000000000000001
> [ 6.267204] x5 : ffff80000adb5000 x4 : ffff80000adb54f0 x3 : 0000000000000000
> [ 6.274321] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000005265080
> [ 6.281439] Call trace:
> [ 6.288524] __mutex_lock+0x1dc/0x420
> [ 6.290789] mutex_lock_nested+0x4c/0x90
> [ 6.294610] driver_set_override+0x12c/0x160
> [ 6.298605] qcom_smd_register_edge+0x2d8/0x52c
The problem is in
static int qcom_smd_create_chrdev(struct qcom_smd_edge *edge)
{
struct qcom_smd_device *qsdev;
qsdev = kzalloc(sizeof(*qsdev), GFP_KERNEL);
if (!qsdev)
return -ENOMEM;
qsdev->edge = edge;
qsdev->rpdev.ops = &qcom_smd_device_ops;
qsdev->rpdev.dev.parent = &edge->dev;
qsdev->rpdev.dev.release = qcom_smd_release_device;
return rpmsg_ctrldev_register_device(&qsdev->rpdev);
}
static inline int rpmsg_ctrldev_register_device(struct rpmsg_device *rpdev)
{
int ret;
strcpy(rpdev->id.name, "rpmsg_ctrl");
ret = driver_set_override(&rpdev->dev, &rpdev->driver_override,
rpdev->id.name, strlen(rpdev->id.name));
if (ret)
return ret;
ret = rpmsg_register_device(rpdev);
if (ret)
kfree(rpdev->driver_override);
return ret;
}
This allocates an uninitialized device structure that is then passed
driver_set_override() before calling device_register(), so the
mutex is not initialized yet.
Arnd
Powered by blists - more mailing lists