From patchwork Fri Oct 17 17:09:37 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Felipe Balbi <balbi@ti.com>
X-Patchwork-Id: 38898
Return-Path: <patchwork-forward+bncBC5M7T4HYEKRBAU3QWRAKGQEXD35F6Q@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wi0-f198.google.com (mail-wi0-f198.google.com
 [209.85.212.198])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 03CE9202DB
 for <linaro@patches.linaro.org>; Fri, 17 Oct 2014 17:10:27 +0000 (UTC)
Received: by mail-wi0-f198.google.com with SMTP id hi2sf793702wib.5
 for <linaro@patches.linaro.org>; Fri, 17 Oct 2014 10:10:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:sender:precedence:list-id
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-post:list-help:list-archive:list-unsubscribe:content-type;
 bh=IZmZ7vNhWd6wVbWZHQCXArH/6pfQzBtCHze9iZisVhY=;
 b=L0bYi5IAtfFBhD3orY531XHcZvATz0ZZquAgsfzWB/8Zh6cODSd6+oMN1l2xds949d
 musb8jEOxB5/sknkj+CsULgEN+N5Ee7qxY+n/z/LknMoE5gOEqFcoly2WzJ9gT6doGoR
 iimB56CeMIR/IEIjHuKm04v/ghOl/duC9XXgv/qlVv0czEGTJJ1flmM7va8ggTTBAAl1
 bk9gn/boU8FJE504WbqHULTIwMokjfK2ASlFPFZC1nESuqPwyuWH7NMTmIFDPTZp1AE8
 HHOItraerEfUmgcc1Ma+xf6rJnMGXFnAz796tXQZXb5ppN47OVv1MqgMri1ADZ6lCPlG
 PrOw==
X-Gm-Message-State: ALoCoQlhZwzWlgrmK6ugqx+s1CbrGmhJmLOE9RxiPGwNpcGZOKlzwR7/Y/c7X/nbUYR4cldtqGtx
X-Received: by 10.180.75.83 with SMTP id a19mr53369wiw.2.1413565826949;
 Fri, 17 Oct 2014 10:10:26 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.6.169 with SMTP id c9ls259096laa.56.gmail; Fri, 17 Oct
 2014 10:10:26 -0700 (PDT)
X-Received: by 10.152.27.134 with SMTP id t6mr10111637lag.17.1413565826650; 
 Fri, 17 Oct 2014 10:10:26 -0700 (PDT)
Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com.
 [209.85.217.181]) by mx.google.com with ESMTPS id
 xt8si2911478lac.122.2014.10.17.10.10.26
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 17 Oct 2014 10:10:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.181 as permitted sender) client-ip=209.85.217.181; 
Received: by mail-lb0-f181.google.com with SMTP id l4so1014064lbv.26
 for <patchwork-forward@linaro.org>;
 Fri, 17 Oct 2014 10:10:26 -0700 (PDT)
X-Received: by 10.112.167.38 with SMTP id zl6mr10214621lbb.34.1413565826561; 
 Fri, 17 Oct 2014 10:10:26 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.84.229 with SMTP id c5csp266675lbz;
 Fri, 17 Oct 2014 10:10:25 -0700 (PDT)
X-Received: by 10.66.244.137 with SMTP id xg9mr9510083pac.113.1413565824967; 
 Fri, 17 Oct 2014 10:10:24 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 cy3si1554535pbc.205.2014.10.17.10.10.24 for <multiple recipients>;
 Fri, 17 Oct 2014 10:10:24 -0700 (PDT)
Received-SPF: none (google.com: linux-usb-owner@vger.kernel.org does not
 designate permitted sender hosts) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1753473AbaJQRKV (ORCPT <rfc822;amit.pundir@linaro.org>
 + 3 others); Fri, 17 Oct 2014 13:10:21 -0400
Received: from comal.ext.ti.com ([198.47.26.152]:55450 "EHLO comal.ext.ti.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1753292AbaJQRKR (ORCPT <rfc822;linux-usb@vger.kernel.org>);
 Fri, 17 Oct 2014 13:10:17 -0400
Received: from dlelxv90.itg.ti.com ([172.17.2.17])
 by comal.ext.ti.com (8.13.7/8.13.7) with ESMTP id s9HHAGct011101
 for <linux-usb@vger.kernel.org>; Fri, 17 Oct 2014 12:10:16 -0500
Received: from DLEE70.ent.ti.com (dlemailx.itg.ti.com [157.170.170.113])
 by dlelxv90.itg.ti.com (8.14.3/8.13.8) with ESMTP id s9HHAGML027705
 for <linux-usb@vger.kernel.org>; Fri, 17 Oct 2014 12:10:16 -0500
Received: from dlep33.itg.ti.com (157.170.170.75) by DLEE70.ent.ti.com
 (157.170.170.113) with Microsoft SMTP Server id 14.3.174.1;
 Fri, 17 Oct 2014 12:10:15 -0500
Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153])	by
 dlep33.itg.ti.com (8.14.3/8.13.8) with ESMTP id s9HHAFeq021547;
 Fri, 17 Oct 2014 12:10:16 -0500
From: Felipe Balbi <balbi@ti.com>
To: Linux USB Mailing List <linux-usb@vger.kernel.org>
CC: Felipe Balbi <balbi@ti.com>
Subject: [PATCH 01/28] usb: dwc3: trace: don't dereference pointers
Date: Fri, 17 Oct 2014 12:09:37 -0500
Message-ID: <1413565804-13061-2-git-send-email-balbi@ti.com>
X-Mailer: git-send-email 2.1.0.GIT
In-Reply-To: <1413565804-13061-1-git-send-email-balbi@ti.com>
References: <1413565804-13061-1-git-send-email-balbi@ti.com>
MIME-Version: 1.0
Sender: linux-usb-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: linux-usb@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: balbi@ti.com
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.181 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

The way trace works is that it won't decode strings
until we read the actual trace. Because of that, we
can't make assumptions of pointers still being valid
at the time we read the trace. In order to avoid that,
just copy all fields from every struct pointer we need
for our traces.

Ths patch fixes the following bug:

[ 2940.039229] Unable to handle kernel paging request at virtual address 814efa9e
[ 2940.046904] pgd = ec3dc000
[ 2940.049737] [814efa9e] *pgd=00000000
[ 2940.053552] Internal error: Oops: 5 [#1] SMP ARM
[ 2940.058379] Modules linked in: usb_f_acm u_serial g_serial usb_f_uac2 libcomposite configfs xhci_hcd dwc3 udc_core matrix_keypad dwc3_omap lis3lv02d_i2c lis3lv02d input_polldev [last unloaded: g_audio]
[ 2940.077238] CPU: 0 PID: 3020 Comm: tail Tainted: G        W
3.17.0-rc5-dirty #1097
[ 2940.085596] task: ed1b1040 ti: ed07c000 task.ti: ed07c000
[ 2940.091258] PC is at strnlen+0x18/0x68
[ 2940.095177] LR is at 0xfffffffe
[ 2940.098454] pc : [<c0356df8>]    lr : [<fffffffe>]    psr: a0000013
[ 2940.098454] sp : ed07ddb0  ip : ed07ddc0  fp : ed07ddbc
[ 2940.110445] r10: c070ff70  r9 : ed07de70  r8 : 00000000
[ 2940.115906] r7 : 814efa9e  r6 : ffffffff  r5 : ed4b6087  r4 : ed4b50c7
[ 2940.122726] r3 : 00000000  r2 : 814efa9e  r1 : ffffffff  r0 : 814efa9e
[ 2940.129546] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM Segment user
[ 2940.137000] Control: 10c5387d  Table: ac3dc059  DAC: 00000015
[ 2940.143006] Process tail (pid: 3020, stack limit = 0xed07c248)
[ 2940.149098] Stack: (0xed07ddb0 to 0xed07e000)
[ 2940.153660] dda0:                                     ed07dde4 ed07ddc0 c0359628 c0356dec
[ 2940.162203] ddc0: 00000000 ed4b50c7 bf03ae9c ed4b6087 bf03ae9e 00000002 ed07de3c ed07dde8
[ 2940.170740] dde0: c035ab50 c0359600 ffffffff ffffffff ff0a0000 ffffffff ed07de30 ed4b5088
[ 2940.179275] de00: ed4b50c7 00000fc0 ff0a0004 ffffffff ed4b5088 ed4b5088 00000000 00001000
[ 2940.187810] de20: 00001008 00000fc0 ed4b5088 00000000 ed07de68 ed07de40 c00f1e64 c035a9c4
[ 2940.196341] de40: bf03dae0 ed07de70 ed4b4000 ec25b280 ed4b4000 ec25b280 bf03dae0 ed07de9c
[ 2940.204886] de60: ed07de78 bf033324 c00f1e0c bf03ae9c 814efa9e ed428bc0 814eca3e 00000000
[ 2940.213428] de80: 814eba3e ed4b4000 03bd1201 c0c34790 ed07ded4 ed07dea0 c00edc0c bf0332d0
[ 2940.221994] dea0: 000002c7 ed07df10 ed07decc ed07deb8 ed4b4000 0000209c ec278ac0 00000000
[ 2940.230536] dec0: 00002000 ec0db340 ed07def4 ed07ded8 c00ee7ec c00eda90 c00ee7b0 ec278ac0
[ 2940.239075] dee0: ed4b4000 000002d5 ed07df44 ed07def8 c018b8d0 c00ee7bc c0166d3c ec278af0
[ 2940.247621] df00: 0001f090 ed07df78 000002c7 00000000 000002c8 00000000 00000000 ec0db340
[ 2940.256173] df20: 0001f090 ed07df78 ec0db340 00002000 0001f090 00000000 ed07df74 ed07df48
[ 2940.264729] df40: c0166e98 c018b5f4 00000001 c018535c 000168c1 00000000 ec0db340 ec0db340
[ 2940.273284] df60: 00002000 0001f090 ed07dfa4 ed07df78 c01675c4 c0166e0c 000168c1 00000000
[ 2940.281829] df80: 00002000 0000000a 0001f090 00000003 c000f064 ed07c000 00000000 ed07dfa8
[ 2940.290365] dfa0: c000ede0 c0167584 00002000 0000000a 00000003 0001f090 00002000 00000000
[ 2940.298909] dfc0: 00002000 0000000a 0001f090 00000003 7fffe000 0001e1e0 00002004 0000002f
[ 2940.307445] dfe0: 00000000 beed38ec 000104c8 b6e6397c 40000010 00000003 00000000 00000000
[ 2940.315992] [<c0356df8>] (strnlen) from [<c0359628>] (string.isra.8+0x34/0xe8)
[ 2940.323534] [<c0359628>] (string.isra.8) from [<c035ab50>] (vsnprintf+0x198/0x3fc)
[ 2940.331461] [<c035ab50>] (vsnprintf) from [<c00f1e64>] (trace_seq_printf+0x68/0x94)
[ 2940.339494] [<c00f1e64>] (trace_seq_printf) from [<bf033324>] (ftrace_raw_output_dwc3_log_request+0x60/0x78 [dwc3])
[ 2940.350424] [<bf033324>] (ftrace_raw_output_dwc3_log_request [dwc3]) from [<c00edc0c>] (print_trace_line+0x188/0x418)
[ 2940.361507] [<c00edc0c>] (print_trace_line) from [<c00ee7ec>] (s_show+0x3c/0x12c)
[ 2940.369330] [<c00ee7ec>] (s_show) from [<c018b8d0>] (seq_read+0x2e8/0x4a0)
[ 2940.376519] [<c018b8d0>] (seq_read) from [<c0166e98>] (vfs_read+0x98/0x158)
[ 2940.383796] [<c0166e98>] (vfs_read) from [<c01675c4>] (SyS_read+0x4c/0xa0)
[ 2940.390981] [<c01675c4>] (SyS_read) from [<c000ede0>] (ret_fast_syscall+0x0/0x48)
[ 2940.398792] Code: e24cb004 e3510000 e241e001 0a000011 (e5d01000)
[ 2940.406980] ---[ end trace d8b38370fbb531f3 ]---

Signed-off-by: Felipe Balbi <balbi@ti.com>
---
 drivers/usb/dwc3/trace.h | 53 ++++++++++++++++++++++++++++++++++--------------
 1 file changed, 38 insertions(+), 15 deletions(-)

diff --git a/drivers/usb/dwc3/trace.h b/drivers/usb/dwc3/trace.h
index 78aff1d..60b0f41 100644
--- a/drivers/usb/dwc3/trace.h
+++ b/drivers/usb/dwc3/trace.h
@@ -73,15 +73,23 @@ DECLARE_EVENT_CLASS(dwc3_log_ctrl,
 	TP_PROTO(struct usb_ctrlrequest *ctrl),
 	TP_ARGS(ctrl),
 	TP_STRUCT__entry(
-		__field(struct usb_ctrlrequest *, ctrl)
+		__field(__u8, bRequestType)
+		__field(__u8, bRequest)
+		__field(__le16, wValue)
+		__field(__le16, wIndex)
+		__field(__le16, wLength)
 	),
 	TP_fast_assign(
-		__entry->ctrl = ctrl;
+		__entry->bRequestType = ctrl->bRequestType;
+		__entry->bRequest = ctrl->bRequest;
+		__entry->wValue = ctrl->wValue;
+		__entry->wIndex = ctrl->wIndex;
+		__entry->wLength = ctrl->wLength;
 	),
 	TP_printk("bRequestType %02x bRequest %02x wValue %04x wIndex %04x wLength %d",
-		__entry->ctrl->bRequestType, __entry->ctrl->bRequest,
-		le16_to_cpu(__entry->ctrl->wValue), le16_to_cpu(__entry->ctrl->wIndex),
-		le16_to_cpu(__entry->ctrl->wLength)
+		__entry->bRequestType, __entry->bRequest,
+		le16_to_cpu(__entry->wValue), le16_to_cpu(__entry->wIndex),
+		le16_to_cpu(__entry->wLength)
 	)
 );
 
@@ -94,15 +102,22 @@ DECLARE_EVENT_CLASS(dwc3_log_request,
 	TP_PROTO(struct dwc3_request *req),
 	TP_ARGS(req),
 	TP_STRUCT__entry(
+		__dynamic_array(char, name, DWC3_MSG_MAX)
 		__field(struct dwc3_request *, req)
+		__field(unsigned, actual)
+		__field(unsigned, length)
+		__field(int, status)
 	),
 	TP_fast_assign(
+		snprintf(__get_str(name), DWC3_MSG_MAX, "%s", req->dep->name);
 		__entry->req = req;
+		__entry->actual = req->request.actual;
+		__entry->length = req->request.length;
+		__entry->status = req->request.status;
 	),
 	TP_printk("%s: req %p length %u/%u ==> %d",
-		__entry->req->dep->name, __entry->req,
-		__entry->req->request.actual, __entry->req->request.length,
-		__entry->req->request.status
+		__get_str(name), __entry->req, __entry->actual, __entry->length,
+		__entry->status
 	)
 );
 
@@ -158,17 +173,17 @@ DECLARE_EVENT_CLASS(dwc3_log_gadget_ep_cmd,
 		struct dwc3_gadget_ep_cmd_params *params),
 	TP_ARGS(dep, cmd, params),
 	TP_STRUCT__entry(
-		__field(struct dwc3_ep *, dep)
+		__dynamic_array(char, name, DWC3_MSG_MAX)
 		__field(unsigned int, cmd)
 		__field(struct dwc3_gadget_ep_cmd_params *, params)
 	),
 	TP_fast_assign(
-		__entry->dep = dep;
+		snprintf(__get_str(name), DWC3_MSG_MAX, "%s", dep->name);
 		__entry->cmd = cmd;
 		__entry->params = params;
 	),
 	TP_printk("%s: cmd '%s' [%d] params %08x %08x %08x\n",
-		__entry->dep->name, dwc3_gadget_ep_cmd_string(__entry->cmd),
+		__get_str(name), dwc3_gadget_ep_cmd_string(__entry->cmd),
 		__entry->cmd, __entry->params->param0,
 		__entry->params->param1, __entry->params->param2
 	)
@@ -184,16 +199,24 @@ DECLARE_EVENT_CLASS(dwc3_log_trb,
 	TP_PROTO(struct dwc3_ep *dep, struct dwc3_trb *trb),
 	TP_ARGS(dep, trb),
 	TP_STRUCT__entry(
-		__field(struct dwc3_ep *, dep)
+		__dynamic_array(char, name, DWC3_MSG_MAX)
 		__field(struct dwc3_trb *, trb)
+		__field(u32, bpl)
+		__field(u32, bph)
+		__field(u32, size)
+		__field(u32, ctrl)
 	),
 	TP_fast_assign(
-		__entry->dep = dep;
+		snprintf(__get_str(name), DWC3_MSG_MAX, "%s", dep->name);
 		__entry->trb = trb;
+		__entry->bpl = trb->bpl;
+		__entry->bph = trb->bph;
+		__entry->size = trb->size;
+		__entry->ctrl = trb->ctrl;
 	),
 	TP_printk("%s: trb %p bph %08x bpl %08x size %08x ctrl %08x\n",
-		__entry->dep->name, __entry->trb, __entry->trb->bph,
-		__entry->trb->bpl, __entry->trb->size, __entry->trb->ctrl
+		__get_str(name), __entry->trb, __entry->bph, __entry->bpl,
+		__entry->size, __entry->ctrl
 	)
 );