From patchwork Mon Jun 22 18:01:04 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Stultz X-Patchwork-Id: 50182 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-lb0-f200.google.com (mail-lb0-f200.google.com [209.85.217.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id C06C621575 for ; Mon, 22 Jun 2015 18:01:17 +0000 (UTC) Received: by lbcui10 with SMTP id ui10sf6093507lbc.0 for ; Mon, 22 Jun 2015 11:01:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-unsubscribe; bh=W+Huw0OQBCVTJBWU/1fQrGQ9DCmriq6iGQ3gz8g+joQ=; b=l/GumKSc3/+f39dvcA9yFb1oQQxUh5pGbdJOyTNtccc7zSSIa/2+ZyVFBa4oAzbWXs 6xnXyMOfFP+VfQ4N+lENaeBGUxyOKlxnn/OTz+nFeZNRbwY69PZviXwYn0uUWIMw7hBh GVQkoo9oIzx136FoBd28GOuStFQmLkjt263qTw0yjr6fGn/QCiZWQYm177TD4vH0937X Rh4kRx2DqWRkUBK2tGlyYsMiUXU/Oj21lSQ0FWTahcekRzsYxVbiU15/MbpK1BWjp/sa JZwV12c4utG7axU+1xoGAdvzhB7NRSfgRzSD4yCkE8dUPce2Gp8r+CnBhItQ+haw3fRl 8YKw== X-Gm-Message-State: ALoCoQmnhPXmLNRZt2O6ds87ymiM5HxxSkgdYXBLBvHtF9wR+GAKaKn860hemi0Kg4HqTqDjlL1v X-Received: by 10.180.86.98 with SMTP id o2mr16817813wiz.4.1434996076769; Mon, 22 Jun 2015 11:01:16 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.178.164 with SMTP id cz4ls976542lac.3.gmail; Mon, 22 Jun 2015 11:01:16 -0700 (PDT) X-Received: by 10.152.234.233 with SMTP id uh9mr31402958lac.64.1434996076611; Mon, 22 Jun 2015 11:01:16 -0700 (PDT) Received: from mail-lb0-f175.google.com (mail-lb0-f175.google.com. [209.85.217.175]) by mx.google.com with ESMTPS id xa2si17113032lbb.156.2015.06.22.11.01.16 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Jun 2015 11:01:16 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.175 as permitted sender) client-ip=209.85.217.175; Received: by lbbpo10 with SMTP id po10so14106838lbb.3 for ; Mon, 22 Jun 2015 11:01:16 -0700 (PDT) X-Received: by 10.112.199.133 with SMTP id jk5mr32062774lbc.32.1434996076370; Mon, 22 Jun 2015 11:01:16 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.112.108.230 with SMTP id hn6csp2552027lbb; Mon, 22 Jun 2015 11:01:15 -0700 (PDT) X-Received: by 10.68.235.38 with SMTP id uj6mr61450349pbc.57.1434996074575; Mon, 22 Jun 2015 11:01:14 -0700 (PDT) Received: from mail-pa0-f51.google.com (mail-pa0-f51.google.com. [209.85.220.51]) by mx.google.com with ESMTPS id t3si30707045pdj.75.2015.06.22.11.01.13 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Jun 2015 11:01:14 -0700 (PDT) Received-SPF: pass (google.com: domain of john.stultz@linaro.org designates 209.85.220.51 as permitted sender) client-ip=209.85.220.51; Received: by padev16 with SMTP id ev16so138987998pad.0 for ; Mon, 22 Jun 2015 11:01:13 -0700 (PDT) X-Received: by 10.68.69.110 with SMTP id d14mr60829546pbu.96.1434996073658; Mon, 22 Jun 2015 11:01:13 -0700 (PDT) Received: from localhost.localdomain (c-71-63-136-39.hsd1.or.comcast.net. [71.63.136.39]) by mx.google.com with ESMTPSA id db1sm20562402pdb.50.2015.06.22.11.01.12 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 22 Jun 2015 11:01:12 -0700 (PDT) From: John Stultz To: lkml Cc: John Stultz , Felipe Balbi , Al Viro , Andrzej Pietrasiewicz , Krzysztof Opasiak , Greg Kroah-Hartman , Michal Nazarewicz , Robert Baldyga , linux-usb@vger.kernel.org Subject: [PATCH] functionfs: Avoid aio locking problem Date: Mon, 22 Jun 2015 11:01:04 -0700 Message-Id: <1434996064-20284-1-git-send-email-john.stultz@linaro.org> X-Mailer: git-send-email 1.9.1 X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: john.stultz@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.175 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , The functionfs aio logic seems broken. When using functionfs, I was seeing frequent hangs, and enabling spinlock debugging, I got: g_ffs gadget: g_ffs ready ci_hdrc ci_hdrc.0: CI_HDRC_CONTROLLER_RESET_EVENT received BUG: spinlock lockup suspected on CPU#0, adbd/2791 lock: 0xe7764880, .magic: e7764880, .owner: /-1, .owner_cpu: -407539900 CPU: 0 PID: 2791 Comm: adbd Not tainted 4.1.0-rc1-00032-g359b12f #147 Hardware name: Qualcomm (Flattened Device Tree) [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (dump_stack+0x70/0xbc) [] (dump_stack) from [] (do_raw_spin_lock+0x114/0x1a0) [] (do_raw_spin_lock) from [] (_raw_spin_lock_irqsave+0x50/0x5c) [] (_raw_spin_lock_irqsave) from [] (kiocb_set_cancel_fn+0x1c/0x60) [] (kiocb_set_cancel_fn) from [] (ffs_epfile_read_iter+0x8c/0x140) [] (ffs_epfile_read_iter) from [] (__vfs_read+0xb0/0xd4) [] (__vfs_read) from [] (vfs_read+0x7c/0x100) [] (vfs_read) from [] (SyS_read+0x40/0x8c) [] (SyS_read) from [] (ret_fast_syscall+0x0/0x4c) INFO: rcu_preempt detected stalls on CPUs/tasks: 0: (1 GPs behind) idle=805/140000000000000/0 softirq=7187/7189 fqs=2601 (detected by 3, t=2603 jiffies, g=3028, c=3027, q=474) Task dump for CPU 0: adbd R running 0 2791 1 0x00000002 [] (__schedule) from [] (0xffffffff) Looking at the code, the __vfs_read() calls new_sync_read(), which allocates a struct kiocb kiocb on the stack and passes it to the ffs_epfile_read_iter() funciton. That then calls kiocb_set_cancel_fn() passing a pointer to that kiocb. However, kiocb_set_cancel_fn() assumes the kiocb is a sub-element of a struct aio_kiocb, and it tries to grab the kioctx from that parent structure. However it seems there is no aio_kiocb structure here, so the spin_lock_irqsave hangs trying to lock random data on the stack. This patch avoids the issue, by only calling kiocb_set_cancel_fn if the aio flag is set. Cc: Felipe Balbi Cc: Al Viro Cc: Andrzej Pietrasiewicz Cc: Krzysztof Opasiak Cc: Greg Kroah-Hartman Cc: Michal Nazarewicz Cc: Robert Baldyga Cc: linux-usb@vger.kernel.org Signed-off-by: John Stultz --- drivers/usb/gadget/function/f_fs.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 3507f88..d2434c9 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -924,7 +924,8 @@ static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from) kiocb->private = p; - kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); + if (p->aio) + kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); res = ffs_epfile_io(kiocb->ki_filp, p); if (res == -EIOCBQUEUED) @@ -968,7 +969,8 @@ static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to) kiocb->private = p; - kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); + if (p->aio) + kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); res = ffs_epfile_io(kiocb->ki_filp, p); if (res == -EIOCBQUEUED)