All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Peter Chen <peter.chen@nxp.com>,
	Sriharsha Allenki <sallenki@codeaurora.org>
Subject: [PATCH 4.9 36/45] usb: gadget: Fix spinlock lockup on usb_function_deactivate
Date: Mon, 11 Jan 2021 14:01:14 +0100	[thread overview]
Message-ID: <20210111130035.385152365@linuxfoundation.org> (raw)
In-Reply-To: <20210111130033.676306636@linuxfoundation.org>

From: Sriharsha Allenki <sallenki@codeaurora.org>

commit 5cc35c224a80aa5a5a539510ef049faf0d6ed181 upstream.

There is a spinlock lockup as part of composite_disconnect
when it tries to acquire cdev->lock as part of usb_gadget_deactivate.
This is because the usb_gadget_deactivate is called from
usb_function_deactivate with the same spinlock held.

This would result in the below call stack and leads to stall.

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu:     3-...0: (1 GPs behind) idle=162/1/0x4000000000000000
softirq=10819/10819 fqs=2356
 (detected by 2, t=5252 jiffies, g=20129, q=3770)
 Task dump for CPU 3:
 task:uvc-gadget_wlhe state:R  running task     stack:    0 pid:  674 ppid:
 636 flags:0x00000202
 Call trace:
  __switch_to+0xc0/0x170
  _raw_spin_lock_irqsave+0x84/0xb0
  composite_disconnect+0x28/0x78
  configfs_composite_disconnect+0x68/0x70
  usb_gadget_disconnect+0x10c/0x128
  usb_gadget_deactivate+0xd4/0x108
  usb_function_deactivate+0x6c/0x80
  uvc_function_disconnect+0x20/0x58
  uvc_v4l2_release+0x30/0x88
  v4l2_release+0xbc/0xf0
  __fput+0x7c/0x230
  ____fput+0x14/0x20
  task_work_run+0x88/0x140
  do_notify_resume+0x240/0x6f0
  work_pending+0x8/0x200

Fix this by doing an unlock on cdev->lock before the usb_gadget_deactivate
call from usb_function_deactivate.

The same lockup can happen in the usb_gadget_activate path. Fix that path
as well.

Reported-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/linux-usb/20201102094936.GA29581@b29397-desktop/
Tested-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201202130220.24926-1-sallenki@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/gadget/composite.c |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -392,8 +392,11 @@ int usb_function_deactivate(struct usb_f
 
 	spin_lock_irqsave(&cdev->lock, flags);
 
-	if (cdev->deactivations == 0)
+	if (cdev->deactivations == 0) {
+		spin_unlock_irqrestore(&cdev->lock, flags);
 		status = usb_gadget_deactivate(cdev->gadget);
+		spin_lock_irqsave(&cdev->lock, flags);
+	}
 	if (status == 0)
 		cdev->deactivations++;
 
@@ -424,8 +427,11 @@ int usb_function_activate(struct usb_fun
 		status = -EINVAL;
 	else {
 		cdev->deactivations--;
-		if (cdev->deactivations == 0)
+		if (cdev->deactivations == 0) {
+			spin_unlock_irqrestore(&cdev->lock, flags);
 			status = usb_gadget_activate(cdev->gadget);
+			spin_lock_irqsave(&cdev->lock, flags);
+		}
 	}
 
 	spin_unlock_irqrestore(&cdev->lock, flags);



  parent reply	other threads:[~2021-01-11 13:04 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-11 13:00 [PATCH 4.9 00/45] 4.9.251-rc1 review Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 01/45] kbuild: dont hardcode depmod path Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 02/45] workqueue: Kick a worker based on the actual activation of delayed works Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 03/45] lib/genalloc: fix the overflow when size is too big Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 04/45] depmod: handle the case of /sbin/depmod without /sbin in PATH Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 05/45] ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 06/45] atm: idt77252: call pci_disable_device() on error path Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 07/45] net: dcb: Validate netlink message in DCB handler Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 08/45] net/ncsi: Use real net-device for response handler Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 09/45] net: ethernet: Fix memleak in ethoc_probe Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 10/45] ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 11/45] net: hns: fix return value check in __lb_other_process() Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 12/45] net: hdlc_ppp: Fix issues when mod_timer is called while timer is running Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 13/45] CDC-NCM: remove "connected" log message Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 14/45] vhost_net: fix ubuf refcount incorrectly when sendmsg fails Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 15/45] net: sched: prevent invalid Scell_log shift count Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 16/45] virtio_net: Fix recursive call to cpus_read_lock() Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 17/45] scripts/gdb: make lx-dmesg command work (reliably) Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 18/45] scripts/gdb: lx-dmesg: cast log_buf to void* for addr fetch Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 19/45] scripts/gdb: lx-dmesg: use explicit encoding=utf8 errors=replace Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 20/45] scripts/gdb: fix lx-version string output Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 21/45] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 22/45] usb: gadget: enable super speed plus Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 23/45] USB: cdc-acm: blacklist another IR Droid device Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 24/45] usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 25/45] USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 26/45] usb: uas: Add PNY USB Portable SSD to unusual_uas Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 27/45] USB: serial: iuu_phoenix: fix DMA from stack Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 28/45] USB: serial: option: add LongSung M5710 module support Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 29/45] USB: yurex: fix control-URB timeout handling Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 30/45] USB: usblp: fix DMA to stack Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 31/45] ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 32/45] usb: gadget: select CONFIG_CRC32 Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 33/45] usb: gadget: f_uac2: reset wMaxPacketSize Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 34/45] usb: gadget: function: printer: Fix a memory leak for interface descriptor Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 35/45] USB: gadget: legacy: fix return error code in acm_ms_bind() Greg Kroah-Hartman
2021-01-11 13:01 ` Greg Kroah-Hartman [this message]
2021-01-11 13:01 ` [PATCH 4.9 37/45] usb: gadget: configfs: Preserve function ordering after bind failure Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 38/45] usb: gadget: configfs: Fix use-after-free issue with udc_name Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 39/45] USB: serial: keyspan_pda: remove unused variable Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 40/45] x86/mm: Fix leak of pmd ptlock Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 41/45] ALSA: hda/conexant: add a new hda codec CX11970 Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 42/45] Revert "device property: Keep secondary firmware node secondary by type" Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 43/45] netfilter: ipset: fix shift-out-of-bounds in htable_bits() Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 44/45] netfilter: xt_RATEEST: reject non-null terminated string from userspace Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 45/45] x86/mtrr: Correct the range check before performing MTRR type lookups Greg Kroah-Hartman
2021-01-11 15:33 ` [PATCH 4.9 00/45] 4.9.251-rc1 review Jon Hunter
2021-01-11 21:52 ` Guenter Roeck
2021-01-11 23:40 ` Shuah Khan
2021-01-12  8:16 ` Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210111130035.385152365@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=peter.chen@nxp.com \
    --cc=sallenki@codeaurora.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.