| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Dec 2022 01:58:55 +0300
From: Maksim Kiselev <bigunclemax@...il.com>
To: bigunclemax@...il.com
Cc: fido_max@...ox.ru, mw@...ihalf.com, Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Vladimir Oltean <olteanv@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Richard Cochran <richardcochran@...il.com>,
Russell King <linux@...linux.org.uk>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Subject: Locking mv88e6xxx_reg_lock twice leads deadlock for 88E6176 switch
Subject: Locking mv88e6xxx_reg_lock twice leads deadlock for 88E6176 switch
Hello, friends.
I have a device with Marvell 88E6176 switch.
After 'mv88e6xxx: fix speed setting for CPU/DSA ports (cc1049ccee20)'commit was applied to
mainline kernel I faced with a problem that switch driver stuck at 'mv88e6xxx_probe' function.
I made some investigations and found that 'mv88e6xxx_reg_lock' called twice from the same thread which leads to deadlock.
I added logs to 'mv88e6xxx_reg_lock' and 'mv88e6xxx_reg_unlock' functions to see what happened.
So, first lock called from mv88e6xxx_setup:
static int mv88e6xxx_setup(struct dsa_switch *ds)
{
...
if (mv88e6xxx_has_pvt(chip))
ds->max_num_bridges = MV88E6XXX_MAX_PVT_SWITCHES -
ds->dst->last_switch - 1;
mv88e6xxx_reg_lock(chip);
And second lock called from mv88e6352_phylink_get_caps (only for port 4):
static void mv88e6352_phylink_get_caps(struct mv88e6xxx_chip *chip, int port,
struct phylink_config *config)
{
...
config->mac_capabilities = MAC_SYM_PAUSE | MAC_10 | MAC_100 |
MAC_1000FD;
/* Port 4 supports automedia if the serdes is associated with it. */
if (port == 4) {
dump_stack(); // I added this to see where we came from
mv88e6xxx_reg_lock(chip);
Here is kernel log with my debug output and call stack right before secondary lock:
[ 5.801203] mv88e6085 mdio@...4000:0c: switch 0x1760 detected: Marvell 88E6176, revision 1
[ 5.950236] >>>>> (mv88e6xxx_reg_lock|797) from mv88e6xxx_mdio_read+0x54/0xfc [mv88e6xxx] thread_id: 287
[ 5.952884] >>>>> (mv88e6xxx_reg_unlock|804) from mv88e6xxx_mdio_read+0x88/0xfc [mv88e6xxx] thread_id: 287
[ 5.969373] >>>>> (mv88e6xxx_reg_lock|797) from mv88e6xxx_setup+0x5c/0x550 [mv88e6xxx] thread_id: 287
[ 6.023785] >>>>> (mv88e6xxx_reg_lock|797) from mv88e6xxx_g1_irq_thread_work+0x28/0x124 [mv88e6xxx] thread_id: 315
[ 6.069185] Backtrace:
[ 6.069206] dump_backtrace from show_stack+0x18/0x1c
[ 6.069266] r7:f1221aa4 r6:00000004 r5:600b0013 r4:c08d684d
[ 6.069279] show_stack from dump_stack_lvl+0x48/0x54
[ 6.069315] dump_stack_lvl from dump_stack+0x14/0x1c
[ 6.069351] r5:f1221ab4 r4:c1e40040
[ 6.069363] dump_stack from mv88e6352_phylink_get_caps+0x58/0x164 [mv88e6xxx]
[ 6.069645] mv88e6352_phylink_get_caps [mv88e6xxx] from mv88e6xxx_get_caps+0x2c/0x4c [mv88e6xxx]
[ 6.070106] r7:c1ff31c0 r6:00000004 r5:c1ff31c0 r4:f1221aa4
[ 6.070118] mv88e6xxx_get_caps [mv88e6xxx] from mv88e6xxx_setup_port+0x84/0x60c [mv88e6xxx]
[ 6.070575] r7:c1ff31c0 r6:00000004 r5:c1e40040 r4:bf16e510
[ 6.070588] mv88e6xxx_setup_port [mv88e6xxx] from mv88e6xxx_setup+0x3e0/0x550 [mv88e6xxx]
[ 6.071048] r9:c1083600 r8:c1e40e04 r7:00000004 r6:c1ff31c0 r5:c1e40040 r4:bf16e510
[ 6.071062] mv88e6xxx_setup [mv88e6xxx] from dsa_register_switch+0x738/0xba8 [dsa_core]
[ 6.071451] r8:c23395c8 r7:c1ff31c0 r6:c23395c0 r5:c1ff31c0 r4:00000000
[ 6.071464] dsa_register_switch [dsa_core] from mv88e6xxx_probe+0x640/0x6a8 [mv88e6xxx]
[ 6.071835] r10:c1164000 r9:bf171a2c r8:ef7f00f8 r7:00000000 r6:00000000 r5:c1e40040
[ 6.071851] r4:c13ea000
[ 6.071862] mv88e6xxx_probe [mv88e6xxx] from mdio_probe+0x34/0x50
[ 6.072133] r10:c1164000 r9:c1e6a5b8 r8:bf173c4c r7:00000000 r6:bf173000 r5:c13ea000
[ 6.072149] r4:bf173000
[ 6.072160] mdio_probe from really_probe+0x14c/0x2b8
[ 6.072206] r5:c13ea000 r4:00000000
[ 6.072218] really_probe from __driver_probe_device+0xcc/0xe0
[ 6.072260] r7:00000039 r6:c13ea000 r5:bf173000 r4:c13ea000
[ 6.072273] __driver_probe_device from driver_probe_device+0x40/0xbc
[ 6.072312] r5:c13ea000 r4:c0cbdbc0
[ 6.072324] driver_probe_device from __driver_attach+0xf0/0x104
[ 6.072367] r7:c0c7c790 r6:bf173000 r5:c13ea000 r4:00000000
[ 6.072380] __driver_attach from bus_for_each_dev+0x70/0xb4
[ 6.072434] r7:c0c7c790 r6:c04e87e8 r5:bf173000 r4:c13ea000
[ 6.072446] bus_for_each_dev from driver_attach+0x20/0x28
[ 6.072507] r6:00000000 r5:c1e6a580 r4:bf173000
[ 6.072520] driver_attach from bus_add_driver+0xbc/0x1cc
[ 6.072574] bus_add_driver from driver_register+0xb4/0xfc
[ 6.072633] r9:bf102000 r8:bf173c4c r7:f1221ea0 r6:c1ff8800 r5:bf173c40 r4:bf173000
[ 6.072647] driver_register from mdio_driver_register+0x34/0x68
[ 6.072696] r5:bf173c40 r4:bf173000
[ 6.072708] mdio_driver_register from mdio_module_init+0x14/0x1000 [mv88e6xxx]
[ 6.072976] r5:bf173c40 r4:c0c88000
[ 6.072988] mdio_module_init [mv88e6xxx] from do_one_initcall+0x6c/0x1d8
[ 6.073239] do_one_initcall from do_init_module+0x48/0x1c4
[ 6.073292] r10:0000000c r9:00000000 r8:bf173c4c r7:f1221ea0 r6:c1ff8800 r5:bf173c40
[ 6.073308] r4:bf173c40
[ 6.073319] do_init_module from load_module+0x1558/0x1698
[ 6.073362] r6:00000000 r5:bf173c40 r4:f1221f28
[ 6.073374] load_module from sys_finit_module+0xdc/0xec
[ 6.073423] r10:0000017b r9:c1164000 r8:c020029c r7:0000017b r6:0000000f r5:b6edbee8
[ 6.073439] r4:00000000
[ 6.073450] sys_finit_module from ret_fast_syscall+0x0/0x4c
[ 6.073485] Exception stack(0xf1221fa8 to 0xf1221ff0)
[ 6.073515] 1fa0: 00020000 00000000 0000000f b6edbee8 00000000 004a3420
[ 6.073544] 1fc0: 00020000 00000000 00000000 0000017b 004a96a8 beb9292c 00000000 004a3420
[ 6.073567] 1fe0: beb92820 beb92810 b6ed5294 b6b98c30
[ 6.073589] r6:00000000 r5:00000000 r4:00020000
[ 6.073658] >>>>> (mv88e6xxx_reg_lock|797) from mv88e6352_phylink_get_caps+0x60/0x164 [mv88e6xxx] thread_id: 287
Powered by blists - more mailing lists