From: Marek Szyprowski <m.szyprowski@samsung.com>
To: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>
Cc: Stuart Yoder <stuyoder@gmail.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Stephen Hemminger <sthemmin@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Bjorn Andersson <bjorn.andersson@linaro.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Vineeth Vijayan <vneethv@linux.ibm.com>,
Peter Oberparleiter <oberpar@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Andy Gross <agross@kernel.org>,
linux-kernel@vger.kernel.org, linux-clk@vger.kernel.org,
NXP Linux Team <linux-imx@nxp.com>,
linux-arm-kernel@lists.infradead.org,
linux-hyperv@vger.kernel.org, linux-pci@vger.kernel.org,
linux-remoteproc@vger.kernel.org, linux-s390@vger.kernel.org,
linux-arm-msm@vger.kernel.org, alsa-devel@alsa-project.org,
linux-spi@vger.kernel.org,
virtualization@lists.linux-foundation.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Andy Shevchenko <andy.shevchenko@gmail.com>
Subject: Re: [PATCH v7 12/12] rpmsg: Fix kfree() of static memory on setting driver_override
Date: Fri, 29 Apr 2022 16:51:02 +0200 [thread overview]
Message-ID: <6e21f7d3-49d0-eda7-7a89-0f8ac69596a4@samsung.com> (raw)
In-Reply-To: <75b94ccd-b739-2164-bc4a-20025356cc34@linaro.org>
On 29.04.2022 16:16, Krzysztof Kozlowski wrote:
> On 29/04/2022 14:29, Marek Szyprowski wrote:
>> On 19.04.2022 13:34, Krzysztof Kozlowski wrote:
>>> The driver_override field from platform driver should not be initialized
>>> from static memory (string literal) because the core later kfree() it,
>>> for example when driver_override is set via sysfs.
>>>
>>> Use dedicated helper to set driver_override properly.
>>>
>>> Fixes: 950a7388f02b ("rpmsg: Turn name service into a stand alone driver")
>>> Fixes: c0cdc19f84a4 ("rpmsg: Driver for user space endpoint interface")
>>> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
>>> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
>> This patch landed recently in linux-next as commit 42cd402b8fd4 ("rpmsg:
>> Fix kfree() of static memory on setting driver_override"). In my tests I
>> found that it triggers the following issue during boot of the
>> DragonBoard410c SBC (arch/arm64/boot/dts/qcom/apq8016-sbc.dtb):
>>
>> ------------[ cut here ]------------
>> DEBUG_LOCKS_WARN_ON(lock->magic != lock)
>> WARNING: CPU: 1 PID: 8 at kernel/locking/mutex.c:582
>> __mutex_lock+0x1ec/0x430
>> Modules linked in:
>> CPU: 1 PID: 8 Comm: kworker/u8:0 Not tainted 5.18.0-rc4-next-20220429 #11815
>> Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
>> Workqueue: events_unbound deferred_probe_work_func
>> pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>> pc : __mutex_lock+0x1ec/0x430
>> lr : __mutex_lock+0x1ec/0x430
>> ..
>> Call trace:
>> __mutex_lock+0x1ec/0x430
>> mutex_lock_nested+0x38/0x64
>> driver_set_override+0x124/0x150
>> qcom_smd_register_edge+0x2a8/0x4ec
>> qcom_smd_probe+0x54/0x80
>> platform_probe+0x68/0xe0
>> really_probe.part.0+0x9c/0x29c
>> __driver_probe_device+0x98/0x144
>> driver_probe_device+0xac/0x14c
>> __device_attach_driver+0xb8/0x120
>> bus_for_each_drv+0x78/0xd0
>> __device_attach+0xd8/0x180
>> device_initial_probe+0x14/0x20
>> bus_probe_device+0x9c/0xa4
>> deferred_probe_work_func+0x88/0xc4
>> process_one_work+0x288/0x6bc
>> worker_thread+0x248/0x450
>> kthread+0x118/0x11c
>> ret_from_fork+0x10/0x20
>> irq event stamp: 3599
>> hardirqs last enabled at (3599): [<ffff80000919053c>]
>> _raw_spin_unlock_irqrestore+0x98/0x9c
>> hardirqs last disabled at (3598): [<ffff800009190ba4>]
>> _raw_spin_lock_irqsave+0xc0/0xcc
>> softirqs last enabled at (3554): [<ffff800008010470>] _stext+0x470/0x5e8
>> softirqs last disabled at (3549): [<ffff8000080a4514>]
>> __irq_exit_rcu+0x180/0x1ac
>> ---[ end trace 0000000000000000 ]---
>>
>> I don't see any direct relation between the $subject and the above log,
>> but reverting the $subject on top of linux next-20220429 hides/fixes it.
>> Maybe there is a kind of memory trashing somewhere there and your change
>> only revealed it?
> Thanks for the report. I think the error path of my patch is wrong - I
> should not kfree(rpdev->driver_override) from the rpmsg code. That's the
> only thing I see now...
>
> Could you test following patch and tell if it helps?
> https://pastebin.ubuntu.com/p/rp3q9Z5fXj/
This doesn't help, the issue is still reported.
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
WARNING: multiple messages have this Message-ID (diff)
From: Marek Szyprowski <m.szyprowski@samsung.com>
To: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>
Cc: Stuart Yoder <stuyoder@gmail.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Stephen Hemminger <sthemmin@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Bjorn Andersson <bjorn.andersson@linaro.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Vineeth Vijayan <vneethv@linux.ibm.com>,
Peter Oberparleiter <oberpar@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Andy Gross <agross@kernel.org>,
linux-kernel@vger.kernel.org, linux-clk@vger.kernel.org,
NXP Linux Team <linux-imx@nxp.com>,
linux-arm-kernel@lists.infradead.org,
linux-hyperv@vger.kernel.org, linux-pci@vger.kernel.org,
linux-remoteproc@vger.kernel.org, linux-s390@vger.kernel.org,
linux-arm-msm@vger.kernel.org, alsa-devel@alsa-project.org,
linux-spi@vger.kernel.org,
virtualization@lists.linux-foundation.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Andy Shevchenko <andy.shevchenko@gmail.com>
Subject: Re: [PATCH v7 12/12] rpmsg: Fix kfree() of static memory on setting driver_override
Date: Fri, 29 Apr 2022 16:51:02 +0200 [thread overview]
Message-ID: <6e21f7d3-49d0-eda7-7a89-0f8ac69596a4@samsung.com> (raw)
In-Reply-To: <75b94ccd-b739-2164-bc4a-20025356cc34@linaro.org>
On 29.04.2022 16:16, Krzysztof Kozlowski wrote:
> On 29/04/2022 14:29, Marek Szyprowski wrote:
>> On 19.04.2022 13:34, Krzysztof Kozlowski wrote:
>>> The driver_override field from platform driver should not be initialized
>>> from static memory (string literal) because the core later kfree() it,
>>> for example when driver_override is set via sysfs.
>>>
>>> Use dedicated helper to set driver_override properly.
>>>
>>> Fixes: 950a7388f02b ("rpmsg: Turn name service into a stand alone driver")
>>> Fixes: c0cdc19f84a4 ("rpmsg: Driver for user space endpoint interface")
>>> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
>>> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
>> This patch landed recently in linux-next as commit 42cd402b8fd4 ("rpmsg:
>> Fix kfree() of static memory on setting driver_override"). In my tests I
>> found that it triggers the following issue during boot of the
>> DragonBoard410c SBC (arch/arm64/boot/dts/qcom/apq8016-sbc.dtb):
>>
>> ------------[ cut here ]------------
>> DEBUG_LOCKS_WARN_ON(lock->magic != lock)
>> WARNING: CPU: 1 PID: 8 at kernel/locking/mutex.c:582
>> __mutex_lock+0x1ec/0x430
>> Modules linked in:
>> CPU: 1 PID: 8 Comm: kworker/u8:0 Not tainted 5.18.0-rc4-next-20220429 #11815
>> Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
>> Workqueue: events_unbound deferred_probe_work_func
>> pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>> pc : __mutex_lock+0x1ec/0x430
>> lr : __mutex_lock+0x1ec/0x430
>> ..
>> Call trace:
>> __mutex_lock+0x1ec/0x430
>> mutex_lock_nested+0x38/0x64
>> driver_set_override+0x124/0x150
>> qcom_smd_register_edge+0x2a8/0x4ec
>> qcom_smd_probe+0x54/0x80
>> platform_probe+0x68/0xe0
>> really_probe.part.0+0x9c/0x29c
>> __driver_probe_device+0x98/0x144
>> driver_probe_device+0xac/0x14c
>> __device_attach_driver+0xb8/0x120
>> bus_for_each_drv+0x78/0xd0
>> __device_attach+0xd8/0x180
>> device_initial_probe+0x14/0x20
>> bus_probe_device+0x9c/0xa4
>> deferred_probe_work_func+0x88/0xc4
>> process_one_work+0x288/0x6bc
>> worker_thread+0x248/0x450
>> kthread+0x118/0x11c
>> ret_from_fork+0x10/0x20
>> irq event stamp: 3599
>> hardirqs last enabled at (3599): [<ffff80000919053c>]
>> _raw_spin_unlock_irqrestore+0x98/0x9c
>> hardirqs last disabled at (3598): [<ffff800009190ba4>]
>> _raw_spin_lock_irqsave+0xc0/0xcc
>> softirqs last enabled at (3554): [<ffff800008010470>] _stext+0x470/0x5e8
>> softirqs last disabled at (3549): [<ffff8000080a4514>]
>> __irq_exit_rcu+0x180/0x1ac
>> ---[ end trace 0000000000000000 ]---
>>
>> I don't see any direct relation between the $subject and the above log,
>> but reverting the $subject on top of linux next-20220429 hides/fixes it.
>> Maybe there is a kind of memory trashing somewhere there and your change
>> only revealed it?
> Thanks for the report. I think the error path of my patch is wrong - I
> should not kfree(rpdev->driver_override) from the rpmsg code. That's the
> only thing I see now...
>
> Could you test following patch and tell if it helps?
> https://pastebin.ubuntu.com/p/rp3q9Z5fXj/
This doesn't help, the issue is still reported.
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-04-29 14:51 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-19 11:34 [PATCH v7 00/12] Fix broken usage of driver_override (and kfree of static memory) Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 01/12] driver: platform: Add helper for safer setting of driver_override Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-20 17:12 ` Rafael J. Wysocki
2022-04-20 17:12 ` Rafael J. Wysocki
2022-04-20 17:12 ` Rafael J. Wysocki
2022-04-20 17:12 ` Rafael J. Wysocki
2022-04-19 11:34 ` [PATCH v7 02/12] amba: Use driver_set_override() instead of open-coding Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 03/12] fsl-mc: " Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 04/12] hv: " Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 05/12] PCI: " Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 06/12] s390/cio: " Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 07/12] spi: Use helper for safer setting of driver_override Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 08/12] vdpa: " Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 09/12] clk: imx: scu: Fix kfree() of static memory on setting driver_override Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-23 16:09 ` Abel Vesa
2022-04-23 16:09 ` Abel Vesa
2022-04-23 16:09 ` Abel Vesa
2022-04-19 11:34 ` [PATCH v7 10/12] slimbus: qcom-ngd: " Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 11/12] rpmsg: Constify local variable in field store macro Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` [PATCH v7 12/12] rpmsg: Fix kfree() of static memory on setting driver_override Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
2022-04-19 11:34 ` Krzysztof Kozlowski
[not found] ` <CGME20220429122942eucas1p1820d0cd17a871d4953bac2b3de1dcdd9@eucas1p1.samsung.com>
2022-04-29 12:29 ` Marek Szyprowski
2022-04-29 12:29 ` Marek Szyprowski
2022-04-29 14:16 ` Krzysztof Kozlowski
2022-04-29 14:16 ` Krzysztof Kozlowski
2022-04-29 14:51 ` Marek Szyprowski [this message]
2022-04-29 14:51 ` Marek Szyprowski
2022-04-29 18:29 ` Krzysztof Kozlowski
2022-04-29 18:29 ` Krzysztof Kozlowski
2022-04-20 9:20 ` [PATCH v7 00/12] Fix broken usage of driver_override (and kfree of static memory) Krzysztof Kozlowski
2022-04-20 9:20 ` Krzysztof Kozlowski
2022-04-20 9:20 ` Krzysztof Kozlowski
2022-04-22 14:54 ` Greg Kroah-Hartman
2022-04-22 14:54 ` Greg Kroah-Hartman
2022-04-22 14:54 ` Greg Kroah-Hartman
2022-04-22 14:54 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6e21f7d3-49d0-eda7-7a89-0f8ac69596a4@samsung.com \
--to=m.szyprowski@samsung.com \
--cc=agordeev@linux.ibm.com \
--cc=agross@kernel.org \
--cc=alsa-devel@alsa-project.org \
--cc=andy.shevchenko@gmail.com \
--cc=bhelgaas@google.com \
--cc=bjorn.andersson@linaro.org \
--cc=borntraeger@linux.ibm.com \
--cc=decui@microsoft.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=haiyangz@microsoft.com \
--cc=hca@linux.ibm.com \
--cc=krzysztof.kozlowski@linaro.org \
--cc=kys@microsoft.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-clk@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux-remoteproc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-spi@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mathieu.poirier@linaro.org \
--cc=oberpar@linux.ibm.com \
--cc=rafael@kernel.org \
--cc=sthemmin@microsoft.com \
--cc=stuyoder@gmail.com \
--cc=svens@linux.ibm.com \
--cc=torvalds@linux-foundation.org \
--cc=virtualization@lists.linux-foundation.org \
--cc=vneethv@linux.ibm.com \
--cc=wei.liu@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.