From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> To: Marek Szyprowski <m.szyprowski@samsung.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, "Rafael J. Wysocki" <rafael@kernel.org> Cc: Stuart Yoder <stuyoder@gmail.com>, "K. Y. Srinivasan" <kys@microsoft.com>, Haiyang Zhang <haiyangz@microsoft.com>, Stephen Hemminger <sthemmin@microsoft.com>, Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>, Bjorn Helgaas <bhelgaas@google.com>, Bjorn Andersson <bjorn.andersson@linaro.org>, Mathieu Poirier <mathieu.poirier@linaro.org>, Vineeth Vijayan <vneethv@linux.ibm.com>, Peter Oberparleiter <oberpar@linux.ibm.com>, Heiko Carstens <hca@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>, Alexander Gordeev <agordeev@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Sven Schnelle <svens@linux.ibm.com>, Andy Gross <agross@kernel.org>, linux-kernel@vger.kernel.org, linux-clk@vger.kernel.org, NXP Linux Team <linux-imx@nxp.com>, linux-arm-kernel@lists.infradead.org, linux-hyperv@vger.kernel.org, linux-pci@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-s390@vger.kernel.org, linux-arm-msm@vger.kernel.org, alsa-devel@alsa-project.org, linux-spi@vger.kernel.org, virtualization@lists.linux-foundation.org, Linus Torvalds <torvalds@linux-foundation.org>, Rasmus Villemoes <linux@rasmusvillemoes.dk>, Andy Shevchenko <andy.shevchenko@gmail.com> Subject: Re: [PATCH v7 12/12] rpmsg: Fix kfree() of static memory on setting driver_override Date: Fri, 29 Apr 2022 16:16:32 +0200 [thread overview] Message-ID: <75b94ccd-b739-2164-bc4a-20025356cc34@linaro.org> (raw) In-Reply-To: <870885de-33f3-e0ba-4d56-71c3c993ac87@samsung.com> On 29/04/2022 14:29, Marek Szyprowski wrote: > Hi Krzysztof, > > On 19.04.2022 13:34, Krzysztof Kozlowski wrote: >> The driver_override field from platform driver should not be initialized >> from static memory (string literal) because the core later kfree() it, >> for example when driver_override is set via sysfs. >> >> Use dedicated helper to set driver_override properly. >> >> Fixes: 950a7388f02b ("rpmsg: Turn name service into a stand alone driver") >> Fixes: c0cdc19f84a4 ("rpmsg: Driver for user space endpoint interface") >> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> >> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> > > This patch landed recently in linux-next as commit 42cd402b8fd4 ("rpmsg: > Fix kfree() of static memory on setting driver_override"). In my tests I > found that it triggers the following issue during boot of the > DragonBoard410c SBC (arch/arm64/boot/dts/qcom/apq8016-sbc.dtb): > > ------------[ cut here ]------------ > DEBUG_LOCKS_WARN_ON(lock->magic != lock) > WARNING: CPU: 1 PID: 8 at kernel/locking/mutex.c:582 > __mutex_lock+0x1ec/0x430 > Modules linked in: > CPU: 1 PID: 8 Comm: kworker/u8:0 Not tainted 5.18.0-rc4-next-20220429 #11815 > Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT) > Workqueue: events_unbound deferred_probe_work_func > pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : __mutex_lock+0x1ec/0x430 > lr : __mutex_lock+0x1ec/0x430 > .. > Call trace: > __mutex_lock+0x1ec/0x430 > mutex_lock_nested+0x38/0x64 > driver_set_override+0x124/0x150 > qcom_smd_register_edge+0x2a8/0x4ec > qcom_smd_probe+0x54/0x80 > platform_probe+0x68/0xe0 > really_probe.part.0+0x9c/0x29c > __driver_probe_device+0x98/0x144 > driver_probe_device+0xac/0x14c > __device_attach_driver+0xb8/0x120 > bus_for_each_drv+0x78/0xd0 > __device_attach+0xd8/0x180 > device_initial_probe+0x14/0x20 > bus_probe_device+0x9c/0xa4 > deferred_probe_work_func+0x88/0xc4 > process_one_work+0x288/0x6bc > worker_thread+0x248/0x450 > kthread+0x118/0x11c > ret_from_fork+0x10/0x20 > irq event stamp: 3599 > hardirqs last enabled at (3599): [<ffff80000919053c>] > _raw_spin_unlock_irqrestore+0x98/0x9c > hardirqs last disabled at (3598): [<ffff800009190ba4>] > _raw_spin_lock_irqsave+0xc0/0xcc > softirqs last enabled at (3554): [<ffff800008010470>] _stext+0x470/0x5e8 > softirqs last disabled at (3549): [<ffff8000080a4514>] > __irq_exit_rcu+0x180/0x1ac > ---[ end trace 0000000000000000 ]--- > > I don't see any direct relation between the $subject and the above log, > but reverting the $subject on top of linux next-20220429 hides/fixes it. > Maybe there is a kind of memory trashing somewhere there and your change > only revealed it? Thanks for the report. I think the error path of my patch is wrong - I should not kfree(rpdev->driver_override) from the rpmsg code. That's the only thing I see now... Could you test following patch and tell if it helps? https://pastebin.ubuntu.com/p/rp3q9Z5fXj/ ----- diff --git a/drivers/rpmsg/rpmsg_internal.h b/drivers/rpmsg/rpmsg_internal.h index 3e81642238d2..1e2ad944e2ec 100644 --- a/drivers/rpmsg/rpmsg_internal.h +++ b/drivers/rpmsg/rpmsg_internal.h @@ -102,11 +102,7 @@ static inline int rpmsg_ctrldev_register_device(struct rpmsg_device *rpdev) if (ret) return ret; - ret = rpmsg_register_device(rpdev); - if (ret) - kfree(rpdev->driver_override); - - return ret; + return rpmsg_register_device(rpdev); } #endif diff --git a/drivers/rpmsg/rpmsg_ns.c b/drivers/rpmsg/rpmsg_ns.c index 8eb8f328237e..f26078467899 100644 --- a/drivers/rpmsg/rpmsg_ns.c +++ b/drivers/rpmsg/rpmsg_ns.c @@ -31,11 +31,7 @@ int rpmsg_ns_register_device(struct rpmsg_device *rpdev) rpdev->src = RPMSG_NS_ADDR; rpdev->dst = RPMSG_NS_ADDR; - ret = rpmsg_register_device(rpdev); - if (ret) - kfree(rpdev->driver_override); - - return ret; + return rpmsg_register_device(rpdev); } EXPORT_SYMBOL(rpmsg_ns_register_device);
WARNING: multiple messages have this Message-ID (diff)
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> To: Marek Szyprowski <m.szyprowski@samsung.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, "Rafael J. Wysocki" <rafael@kernel.org> Cc: Stuart Yoder <stuyoder@gmail.com>, "K. Y. Srinivasan" <kys@microsoft.com>, Haiyang Zhang <haiyangz@microsoft.com>, Stephen Hemminger <sthemmin@microsoft.com>, Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>, Bjorn Helgaas <bhelgaas@google.com>, Bjorn Andersson <bjorn.andersson@linaro.org>, Mathieu Poirier <mathieu.poirier@linaro.org>, Vineeth Vijayan <vneethv@linux.ibm.com>, Peter Oberparleiter <oberpar@linux.ibm.com>, Heiko Carstens <hca@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>, Alexander Gordeev <agordeev@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Sven Schnelle <svens@linux.ibm.com>, Andy Gross <agross@kernel.org>, linux-kernel@vger.kernel.org, linux-clk@vger.kernel.org, NXP Linux Team <linux-imx@nxp.com>, linux-arm-kernel@lists.infradead.org, linux-hyperv@vger.kernel.org, linux-pci@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-s390@vger.kernel.org, linux-arm-msm@vger.kernel.org, alsa-devel@alsa-project.org, linux-spi@vger.kernel.org, virtualization@lists.linux-foundation.org, Linus Torvalds <torvalds@linux-foundation.org>, Rasmus Villemoes <linux@rasmusvillemoes.dk>, Andy Shevchenko <andy.shevchenko@gmail.com> Subject: Re: [PATCH v7 12/12] rpmsg: Fix kfree() of static memory on setting driver_override Date: Fri, 29 Apr 2022 16:16:32 +0200 [thread overview] Message-ID: <75b94ccd-b739-2164-bc4a-20025356cc34@linaro.org> (raw) In-Reply-To: <870885de-33f3-e0ba-4d56-71c3c993ac87@samsung.com> On 29/04/2022 14:29, Marek Szyprowski wrote: > Hi Krzysztof, > > On 19.04.2022 13:34, Krzysztof Kozlowski wrote: >> The driver_override field from platform driver should not be initialized >> from static memory (string literal) because the core later kfree() it, >> for example when driver_override is set via sysfs. >> >> Use dedicated helper to set driver_override properly. >> >> Fixes: 950a7388f02b ("rpmsg: Turn name service into a stand alone driver") >> Fixes: c0cdc19f84a4 ("rpmsg: Driver for user space endpoint interface") >> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> >> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> > > This patch landed recently in linux-next as commit 42cd402b8fd4 ("rpmsg: > Fix kfree() of static memory on setting driver_override"). In my tests I > found that it triggers the following issue during boot of the > DragonBoard410c SBC (arch/arm64/boot/dts/qcom/apq8016-sbc.dtb): > > ------------[ cut here ]------------ > DEBUG_LOCKS_WARN_ON(lock->magic != lock) > WARNING: CPU: 1 PID: 8 at kernel/locking/mutex.c:582 > __mutex_lock+0x1ec/0x430 > Modules linked in: > CPU: 1 PID: 8 Comm: kworker/u8:0 Not tainted 5.18.0-rc4-next-20220429 #11815 > Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT) > Workqueue: events_unbound deferred_probe_work_func > pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : __mutex_lock+0x1ec/0x430 > lr : __mutex_lock+0x1ec/0x430 > .. > Call trace: > __mutex_lock+0x1ec/0x430 > mutex_lock_nested+0x38/0x64 > driver_set_override+0x124/0x150 > qcom_smd_register_edge+0x2a8/0x4ec > qcom_smd_probe+0x54/0x80 > platform_probe+0x68/0xe0 > really_probe.part.0+0x9c/0x29c > __driver_probe_device+0x98/0x144 > driver_probe_device+0xac/0x14c > __device_attach_driver+0xb8/0x120 > bus_for_each_drv+0x78/0xd0 > __device_attach+0xd8/0x180 > device_initial_probe+0x14/0x20 > bus_probe_device+0x9c/0xa4 > deferred_probe_work_func+0x88/0xc4 > process_one_work+0x288/0x6bc > worker_thread+0x248/0x450 > kthread+0x118/0x11c > ret_from_fork+0x10/0x20 > irq event stamp: 3599 > hardirqs last enabled at (3599): [<ffff80000919053c>] > _raw_spin_unlock_irqrestore+0x98/0x9c > hardirqs last disabled at (3598): [<ffff800009190ba4>] > _raw_spin_lock_irqsave+0xc0/0xcc > softirqs last enabled at (3554): [<ffff800008010470>] _stext+0x470/0x5e8 > softirqs last disabled at (3549): [<ffff8000080a4514>] > __irq_exit_rcu+0x180/0x1ac > ---[ end trace 0000000000000000 ]--- > > I don't see any direct relation between the $subject and the above log, > but reverting the $subject on top of linux next-20220429 hides/fixes it. > Maybe there is a kind of memory trashing somewhere there and your change > only revealed it? Thanks for the report. I think the error path of my patch is wrong - I should not kfree(rpdev->driver_override) from the rpmsg code. That's the only thing I see now... Could you test following patch and tell if it helps? https://pastebin.ubuntu.com/p/rp3q9Z5fXj/ ----- diff --git a/drivers/rpmsg/rpmsg_internal.h b/drivers/rpmsg/rpmsg_internal.h index 3e81642238d2..1e2ad944e2ec 100644 --- a/drivers/rpmsg/rpmsg_internal.h +++ b/drivers/rpmsg/rpmsg_internal.h @@ -102,11 +102,7 @@ static inline int rpmsg_ctrldev_register_device(struct rpmsg_device *rpdev) if (ret) return ret; - ret = rpmsg_register_device(rpdev); - if (ret) - kfree(rpdev->driver_override); - - return ret; + return rpmsg_register_device(rpdev); } #endif diff --git a/drivers/rpmsg/rpmsg_ns.c b/drivers/rpmsg/rpmsg_ns.c index 8eb8f328237e..f26078467899 100644 --- a/drivers/rpmsg/rpmsg_ns.c +++ b/drivers/rpmsg/rpmsg_ns.c @@ -31,11 +31,7 @@ int rpmsg_ns_register_device(struct rpmsg_device *rpdev) rpdev->src = RPMSG_NS_ADDR; rpdev->dst = RPMSG_NS_ADDR; - ret = rpmsg_register_device(rpdev); - if (ret) - kfree(rpdev->driver_override); - - return ret; + return rpmsg_register_device(rpdev); } EXPORT_SYMBOL(rpmsg_ns_register_device); _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-04-29 14:16 UTC|newest] Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-04-19 11:34 [PATCH v7 00/12] Fix broken usage of driver_override (and kfree of static memory) Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 01/12] driver: platform: Add helper for safer setting of driver_override Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-20 17:12 ` Rafael J. Wysocki 2022-04-20 17:12 ` Rafael J. Wysocki 2022-04-20 17:12 ` Rafael J. Wysocki 2022-04-20 17:12 ` Rafael J. Wysocki 2022-04-19 11:34 ` [PATCH v7 02/12] amba: Use driver_set_override() instead of open-coding Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 03/12] fsl-mc: " Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 04/12] hv: " Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 05/12] PCI: " Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 06/12] s390/cio: " Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 07/12] spi: Use helper for safer setting of driver_override Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 08/12] vdpa: " Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 09/12] clk: imx: scu: Fix kfree() of static memory on setting driver_override Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-23 16:09 ` Abel Vesa 2022-04-23 16:09 ` Abel Vesa 2022-04-23 16:09 ` Abel Vesa 2022-04-19 11:34 ` [PATCH v7 10/12] slimbus: qcom-ngd: " Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 11/12] rpmsg: Constify local variable in field store macro Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` [PATCH v7 12/12] rpmsg: Fix kfree() of static memory on setting driver_override Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski 2022-04-19 11:34 ` Krzysztof Kozlowski [not found] ` <CGME20220429122942eucas1p1820d0cd17a871d4953bac2b3de1dcdd9@eucas1p1.samsung.com> 2022-04-29 12:29 ` Marek Szyprowski 2022-04-29 12:29 ` Marek Szyprowski 2022-04-29 14:16 ` Krzysztof Kozlowski [this message] 2022-04-29 14:16 ` Krzysztof Kozlowski 2022-04-29 14:51 ` Marek Szyprowski 2022-04-29 14:51 ` Marek Szyprowski 2022-04-29 18:29 ` Krzysztof Kozlowski 2022-04-29 18:29 ` Krzysztof Kozlowski 2022-04-20 9:20 ` [PATCH v7 00/12] Fix broken usage of driver_override (and kfree of static memory) Krzysztof Kozlowski 2022-04-20 9:20 ` Krzysztof Kozlowski 2022-04-20 9:20 ` Krzysztof Kozlowski 2022-04-22 14:54 ` Greg Kroah-Hartman 2022-04-22 14:54 ` Greg Kroah-Hartman 2022-04-22 14:54 ` Greg Kroah-Hartman 2022-04-22 14:54 ` Greg Kroah-Hartman
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=75b94ccd-b739-2164-bc4a-20025356cc34@linaro.org \ --to=krzysztof.kozlowski@linaro.org \ --cc=agordeev@linux.ibm.com \ --cc=agross@kernel.org \ --cc=alsa-devel@alsa-project.org \ --cc=andy.shevchenko@gmail.com \ --cc=bhelgaas@google.com \ --cc=bjorn.andersson@linaro.org \ --cc=borntraeger@linux.ibm.com \ --cc=decui@microsoft.com \ --cc=gor@linux.ibm.com \ --cc=gregkh@linuxfoundation.org \ --cc=haiyangz@microsoft.com \ --cc=hca@linux.ibm.com \ --cc=kys@microsoft.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-arm-msm@vger.kernel.org \ --cc=linux-clk@vger.kernel.org \ --cc=linux-hyperv@vger.kernel.org \ --cc=linux-imx@nxp.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-pci@vger.kernel.org \ --cc=linux-remoteproc@vger.kernel.org \ --cc=linux-s390@vger.kernel.org \ --cc=linux-spi@vger.kernel.org \ --cc=linux@rasmusvillemoes.dk \ --cc=m.szyprowski@samsung.com \ --cc=mathieu.poirier@linaro.org \ --cc=oberpar@linux.ibm.com \ --cc=rafael@kernel.org \ --cc=sthemmin@microsoft.com \ --cc=stuyoder@gmail.com \ --cc=svens@linux.ibm.com \ --cc=torvalds@linux-foundation.org \ --cc=virtualization@lists.linux-foundation.org \ --cc=vneethv@linux.ibm.com \ --cc=wei.liu@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.