lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 14 Dec 2022 01:58:55 +0300
From:   Maksim Kiselev <bigunclemax@...il.com>
To:     bigunclemax@...il.com
Cc:     fido_max@...ox.ru, mw@...ihalf.com, Andrew Lunn <andrew@...n.ch>,
        Florian Fainelli <f.fainelli@...il.com>,
        Vladimir Oltean <olteanv@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Richard Cochran <richardcochran@...il.com>,
        Russell King <linux@...linux.org.uk>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Subject: Locking mv88e6xxx_reg_lock twice leads deadlock for 88E6176 switch

Subject: Locking mv88e6xxx_reg_lock twice leads deadlock for 88E6176 switch

Hello, friends.

I have a device with Marvell 88E6176 switch. 
After 'mv88e6xxx: fix speed setting for CPU/DSA ports (cc1049ccee20)'commit was applied to
mainline kernel I faced with a problem that switch driver stuck at 'mv88e6xxx_probe' function.

I made some investigations and found that 'mv88e6xxx_reg_lock' called twice from the same thread which leads to deadlock.

I added logs to 'mv88e6xxx_reg_lock' and 'mv88e6xxx_reg_unlock' functions to see what happened.

So, first lock called from mv88e6xxx_setup:

static int mv88e6xxx_setup(struct dsa_switch *ds)
{
    ...

	if (mv88e6xxx_has_pvt(chip))
		ds->max_num_bridges = MV88E6XXX_MAX_PVT_SWITCHES -
				      ds->dst->last_switch - 1;

	mv88e6xxx_reg_lock(chip);

And second lock called from mv88e6352_phylink_get_caps (only for port 4):
static void mv88e6352_phylink_get_caps(struct mv88e6xxx_chip *chip, int port,
				       struct phylink_config *config)
{
    ...

	config->mac_capabilities = MAC_SYM_PAUSE | MAC_10 | MAC_100 |
				   MAC_1000FD;

	/* Port 4 supports automedia if the serdes is associated with it. */
	if (port == 4) {
        dump_stack(); // I added this to see where we came from
		mv88e6xxx_reg_lock(chip);


Here is kernel log with my debug output and call stack right before secondary lock:

[    5.801203] mv88e6085 mdio@...4000:0c: switch 0x1760 detected: Marvell 88E6176, revision 1
[    5.950236] >>>>> (mv88e6xxx_reg_lock|797) from mv88e6xxx_mdio_read+0x54/0xfc [mv88e6xxx] thread_id: 287
[    5.952884] >>>>> (mv88e6xxx_reg_unlock|804) from mv88e6xxx_mdio_read+0x88/0xfc [mv88e6xxx] thread_id: 287
[    5.969373] >>>>> (mv88e6xxx_reg_lock|797) from mv88e6xxx_setup+0x5c/0x550 [mv88e6xxx] thread_id: 287
[    6.023785] >>>>> (mv88e6xxx_reg_lock|797) from mv88e6xxx_g1_irq_thread_work+0x28/0x124 [mv88e6xxx] thread_id: 315

[    6.069185] Backtrace: 
[    6.069206]  dump_backtrace from show_stack+0x18/0x1c
[    6.069266]  r7:f1221aa4 r6:00000004 r5:600b0013 r4:c08d684d
[    6.069279]  show_stack from dump_stack_lvl+0x48/0x54
[    6.069315]  dump_stack_lvl from dump_stack+0x14/0x1c
[    6.069351]  r5:f1221ab4 r4:c1e40040
[    6.069363]  dump_stack from mv88e6352_phylink_get_caps+0x58/0x164 [mv88e6xxx]
[    6.069645]  mv88e6352_phylink_get_caps [mv88e6xxx] from mv88e6xxx_get_caps+0x2c/0x4c [mv88e6xxx]
[    6.070106]  r7:c1ff31c0 r6:00000004 r5:c1ff31c0 r4:f1221aa4
[    6.070118]  mv88e6xxx_get_caps [mv88e6xxx] from mv88e6xxx_setup_port+0x84/0x60c [mv88e6xxx]
[    6.070575]  r7:c1ff31c0 r6:00000004 r5:c1e40040 r4:bf16e510
[    6.070588]  mv88e6xxx_setup_port [mv88e6xxx] from mv88e6xxx_setup+0x3e0/0x550 [mv88e6xxx]
[    6.071048]  r9:c1083600 r8:c1e40e04 r7:00000004 r6:c1ff31c0 r5:c1e40040 r4:bf16e510
[    6.071062]  mv88e6xxx_setup [mv88e6xxx] from dsa_register_switch+0x738/0xba8 [dsa_core]
[    6.071451]  r8:c23395c8 r7:c1ff31c0 r6:c23395c0 r5:c1ff31c0 r4:00000000
[    6.071464]  dsa_register_switch [dsa_core] from mv88e6xxx_probe+0x640/0x6a8 [mv88e6xxx]
[    6.071835]  r10:c1164000 r9:bf171a2c r8:ef7f00f8 r7:00000000 r6:00000000 r5:c1e40040
[    6.071851]  r4:c13ea000
[    6.071862]  mv88e6xxx_probe [mv88e6xxx] from mdio_probe+0x34/0x50
[    6.072133]  r10:c1164000 r9:c1e6a5b8 r8:bf173c4c r7:00000000 r6:bf173000 r5:c13ea000
[    6.072149]  r4:bf173000
[    6.072160]  mdio_probe from really_probe+0x14c/0x2b8
[    6.072206]  r5:c13ea000 r4:00000000
[    6.072218]  really_probe from __driver_probe_device+0xcc/0xe0
[    6.072260]  r7:00000039 r6:c13ea000 r5:bf173000 r4:c13ea000
[    6.072273]  __driver_probe_device from driver_probe_device+0x40/0xbc
[    6.072312]  r5:c13ea000 r4:c0cbdbc0
[    6.072324]  driver_probe_device from __driver_attach+0xf0/0x104
[    6.072367]  r7:c0c7c790 r6:bf173000 r5:c13ea000 r4:00000000
[    6.072380]  __driver_attach from bus_for_each_dev+0x70/0xb4
[    6.072434]  r7:c0c7c790 r6:c04e87e8 r5:bf173000 r4:c13ea000
[    6.072446]  bus_for_each_dev from driver_attach+0x20/0x28
[    6.072507]  r6:00000000 r5:c1e6a580 r4:bf173000
[    6.072520]  driver_attach from bus_add_driver+0xbc/0x1cc
[    6.072574]  bus_add_driver from driver_register+0xb4/0xfc
[    6.072633]  r9:bf102000 r8:bf173c4c r7:f1221ea0 r6:c1ff8800 r5:bf173c40 r4:bf173000
[    6.072647]  driver_register from mdio_driver_register+0x34/0x68
[    6.072696]  r5:bf173c40 r4:bf173000
[    6.072708]  mdio_driver_register from mdio_module_init+0x14/0x1000 [mv88e6xxx]
[    6.072976]  r5:bf173c40 r4:c0c88000
[    6.072988]  mdio_module_init [mv88e6xxx] from do_one_initcall+0x6c/0x1d8
[    6.073239]  do_one_initcall from do_init_module+0x48/0x1c4
[    6.073292]  r10:0000000c r9:00000000 r8:bf173c4c r7:f1221ea0 r6:c1ff8800 r5:bf173c40
[    6.073308]  r4:bf173c40
[    6.073319]  do_init_module from load_module+0x1558/0x1698
[    6.073362]  r6:00000000 r5:bf173c40 r4:f1221f28
[    6.073374]  load_module from sys_finit_module+0xdc/0xec
[    6.073423]  r10:0000017b r9:c1164000 r8:c020029c r7:0000017b r6:0000000f r5:b6edbee8
[    6.073439]  r4:00000000
[    6.073450]  sys_finit_module from ret_fast_syscall+0x0/0x4c
[    6.073485] Exception stack(0xf1221fa8 to 0xf1221ff0)
[    6.073515] 1fa0:                   00020000 00000000 0000000f b6edbee8 00000000 004a3420
[    6.073544] 1fc0: 00020000 00000000 00000000 0000017b 004a96a8 beb9292c 00000000 004a3420
[    6.073567] 1fe0: beb92820 beb92810 b6ed5294 b6b98c30
[    6.073589]  r6:00000000 r5:00000000 r4:00020000

[    6.073658] >>>>> (mv88e6xxx_reg_lock|797) from mv88e6352_phylink_get_caps+0x60/0x164 [mv88e6xxx] thread_id: 287

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ