From: Marc Kleine-Budde Date: Mon, 10 Oct 2011 16:38:05 +0000 (+0200) Subject: USB: gadgetfs: gadgetfs_disconnect: fix inconsistent lock state X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=001428e4871d6c62f5e16c62df681624d8b480c1;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git USB: gadgetfs: gadgetfs_disconnect: fix inconsistent lock state Under certain circumstances lockdep finds an inconsistent lock state in gadgetfs. The problem can be reproduced with a hardware using the ci13xxx_udc driver and the gadgetfs test program (needs a patch to support the ci13xxx_udc, though): http://www.linux-usb.org/gadget/usb.c Start the test program, wait to initialize, then press Ctrl+c. This patch fixes the following problem by using spin_lock_irqsave() instead of spin_lock(). ================================= [ INFO: inconsistent lock state ] 3.1.0-rc6+ #158 --------------------------------- inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. usb/113 [HC0[0]:SC0[0]:HE1:SE1] takes: (&(&dev->lock)->rlock){?.....}, at: [] gadgetfs_disconnect+0x14/0x80 [gadgetfs] {IN-HARDIRQ-W} state was registered at: [] mark_irqflags+0x14c/0x1ac [] __lock_acquire+0x4e0/0x8f0 [] lock_acquire+0x98/0x1a8 [] _raw_spin_lock+0x54/0x8c [] gadgetfs_disconnect+0x14/0x80 [gadgetfs] [] _gadget_stop_activity+0xd4/0x154 [] isr_reset_handler+0x34/0x1c0 [] udc_irq+0x204/0x228 [] handle_irq_event_percpu+0x64/0x3a0 [] handle_irq_event+0x3c/0x5c [] handle_level_irq+0x8c/0x10c [] generic_handle_irq+0x30/0x44 [] handle_IRQ+0x30/0x84 [] __irq_svc+0x38/0x60 [] default_idle+0x30/0x34 [] cpu_idle+0x9c/0xd8 [] start_kernel+0x278/0x2bc irq event stamp: 6412 hardirqs last enabled at (6412): [] _raw_spin_unlock_irqrestore+0x30/0x5c hardirqs last disabled at (6411): [] _raw_spin_lock_irqsave+0x20/0xa0 softirqs last enabled at (6381): [] irq_exit+0xa0/0xa8 softirqs last disabled at (6372): [] irq_exit+0xa0/0xa8 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&dev->lock)->rlock); lock(&(&dev->lock)->rlock); *** DEADLOCK *** 1 lock held by usb/113: #0: (udc_lock#2){+.+.+.}, at: [] usb_gadget_unregister_driver+0x34/0x88 stack backtrace: [] (unwind_backtrace+0x0/0xf0) from [] (print_usage_bug+0x144/0x1c4) [] (print_usage_bug+0x144/0x1c4) from [] (mark_lock_irq+0x22c/0x274) [] (mark_lock_irq+0x22c/0x274) from [] (mark_lock+0x148/0x3e0) [] (mark_lock+0x148/0x3e0) from [] (mark_irqflags+0xfc/0x1ac) [] (mark_irqflags+0xfc/0x1ac) from [] (__lock_acquire+0x4e0/0x8f0) [] (__lock_acquire+0x4e0/0x8f0) from [] (lock_acquire+0x98/0x1a8) [] (lock_acquire+0x98/0x1a8) from [] (_raw_spin_lock+0x54/0x8c) [] (_raw_spin_lock+0x54/0x8c) from [] (gadgetfs_disconnect+0x14/0x80 [gadgetfs]) [] (gadgetfs_disconnect+0x14/0x80 [gadgetfs]) from [] (_gadget_stop_activity+0xd4/0x154) [] (_gadget_stop_activity+0xd4/0x154) from [] (ci13xxx_stop+0xbc/0x17c) [] (ci13xxx_stop+0xbc/0x17c) from [] (usb_gadget_remove_driver+0x88/0x98) [] (usb_gadget_remove_driver+0x88/0x98) from [] (usb_gadget_unregister_driver+0x68/0x88) [] (usb_gadget_unregister_driver+0x68/0x88) from [] (dev_release+0x14/0x48 [gadgetfs]) [] (dev_release+0x14/0x48 [gadgetfs]) from [] (__fput+0xa4/0x1f0) [] (__fput+0xa4/0x1f0) from [] (filp_close+0x5c/0x74) [] (filp_close+0x5c/0x74) from [] (sys_close+0xa8/0x150) [] (sys_close+0xa8/0x150) from [] (ret_fast_syscall+0x0/0x38) Tested-by: Pavankumar Kondeti Signed-off-by: Marc Kleine-Budde Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c index a392ec0d2d51..6ccae2707e59 100644 --- a/drivers/usb/gadget/inode.c +++ b/drivers/usb/gadget/inode.c @@ -1730,8 +1730,9 @@ static void gadgetfs_disconnect (struct usb_gadget *gadget) { struct dev_data *dev = get_gadget_data (gadget); + unsigned long flags; - spin_lock (&dev->lock); + spin_lock_irqsave (&dev->lock, flags); if (dev->state == STATE_DEV_UNCONNECTED) goto exit; dev->state = STATE_DEV_UNCONNECTED; @@ -1740,7 +1741,7 @@ gadgetfs_disconnect (struct usb_gadget *gadget) next_event (dev, GADGETFS_DISCONNECT); ep0_readable (dev); exit: - spin_unlock (&dev->lock); + spin_unlock_irqrestore (&dev->lock, flags); } static void