| Message ID | 20230116144149.305560-1-brgl@bgdev.pl |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1233043wrn;
Mon, 16 Jan 2023 06:55:32 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXsRb5sjxv+tVQKlWaphkt6307Qe0sK+dudd2787183izX/helwofphlP+J5PcbYUnMUChZ2
X-Received: by 2002:a17:902:b095:b0:192:bdf8:1a5c with SMTP id
p21-20020a170902b09500b00192bdf81a5cmr10100plr.33.1673880931765;
Mon, 16 Jan 2023 06:55:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673880931; cv=none;
d=google.com; s=arc-20160816;
b=VhfBWPU0ndK2HgOZZ6+/QhHcRKaihNoYkDqXqCRGVajrk+/izRzQ3ppI3yrslg0dGs
31Jcd/0QWqN3nl6itR7j7fW0OUGiuPtDoH6QKDzX1WfSJpiyU1d+7Tlgny96bHa2In89
jILXvRuL7wOskZ4kCrE76w1rC/6j0mdMA3zFbPxwqawkC2ZAah/DKYomyxyzyDQcQ/sa
1wRTpL68tDf7bfG7kJJ2ubVPVhD6ZJSoX8gz5zAvEYMdxPq5uKnIAm7Kr8Xzp4wCsiWw
ajgKayEaHt3hP2QJHqau7L9DQ+P1EuQMrMqLV12AXt93WI+7t6gGtYlwdkbi61jx+t7a
O7NQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=0Ppko8Fem+qtirmYhp62EkgUMyaloOxSAW2RcoWpD8I=;
b=uzWQLsXosnfX0T46etAYkKeq7ucawzlBtPMNLCOrgGxqZMcHluAugFwu/SZ3YNgVZX
SwrAapx04gm6UKV9UcdvqXYJrbFiW7d+Y9qvt/Tvlrof3Xn8jk5S+FLym3zH3eUtMaOG
HTVVynqBqJaGB8DkYmXJnl5eiwWtKuue+7A4uJ5eKmOgL0VSM4BwPOvomboALGpUUIoR
VpeNLtgv7+qExGFH+p8BnQX9r1JjKn+6cG/4EfhM2tG/llrqCDfygsZbzPKkIQ6BmUH+
uq5hcmjwxn+LlASOFr36BFjYadxqF8/QX4lXkCh1OjCX9+dVlIKedLc0pynM9dydOb+r
8hFA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@bgdev-pl.20210112.gappssmtp.com header.s=20210112
header.b=8EI8vtH1;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
m3-20020a170902db0300b001946fc21187si9280506plx.616.2023.01.16.06.55.19;
Mon, 16 Jan 2023 06:55:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@bgdev-pl.20210112.gappssmtp.com header.s=20210112
header.b=8EI8vtH1;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232346AbjAPOyb (ORCPT <rfc822;stefanalexe802@gmail.com>
+ 99 others); Mon, 16 Jan 2023 09:54:31 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44840 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232782AbjAPOxn (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 16 Jan 2023 09:53:43 -0500
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com
[IPv6:2a00:1450:4864:20::429])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 836BD23D94
for <linux-kernel@vger.kernel.org>;
Mon, 16 Jan 2023 06:42:00 -0800 (PST)
Received: by mail-wr1-x429.google.com with SMTP id h16so27678733wrz.12
for <linux-kernel@vger.kernel.org>;
Mon, 16 Jan 2023 06:42:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bgdev-pl.20210112.gappssmtp.com; s=20210112;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=0Ppko8Fem+qtirmYhp62EkgUMyaloOxSAW2RcoWpD8I=;
b=8EI8vtH1yUk28VFMj92vw5wTOII6JxqTmxqBGNvfxrRf9qrzwu1wy4qOATNSQxjc9d
R1UJ4qU2vEgWUuxmWQiWGyklnOrH5wV2LU+Ccv2embbP0WIETuvDcaXddLvjwyQRHD66
dbk5W9yLzTVC7r9xQ6kMStfb4kPSUEcfl+8j28OSk0lopTRCTRddJxa6EYyvsOuwUB3+
smD2q6ZAr6K+69W4Rv0jgvS8LM2gawH1uQamqOU0urnmv8/pZOTvCN7qxY7KuL1smhlz
bvL86lYGRzOFWlBB/pCJmRn6AiWnFm7YM5i/CBulRWnbqgGVaA+PY4tEOUd3FExj9W7v
vsXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=0Ppko8Fem+qtirmYhp62EkgUMyaloOxSAW2RcoWpD8I=;
b=7HCH7FvOAuRQcxqPA8VIx4ND6A05o/RMHjuo6ugUzIU6ljeqhmw8NHCs0507NOWEsz
/qqAvLZfAVpz+Z8n60AQn8zXpSMPRi3qjY3zerB8jbYMO9IumIvqL2ihunQTNoaiwBSe
/l3kXHe+HI4fXFPGxgc6CH/vCI/RAl+lBVatwu57Vgbpo7LH/aXSNe0QkxLobbgcjOjk
EL9fGi8ksuUHY8hAhGo3WlMq3sHvDLUIsiWTC3q6IeQo6xN435t6bCw5YFsz04MpnHji
BkjOJfxQCD11oZS/OiT+BmUNSTJImE+bpGs0ecbKwbLWB09LJfWz5+ZHzsRBNqxjBe2v
9S8Q==
X-Gm-Message-State: AFqh2kqO8jXKfZC4U1uCWEI838mphlx+QSHEzlaE0jPBRms53z2rk3Yf
FLnSJ9FJXgxHAP7kr5uik5ryNQ==
X-Received: by 2002:a5d:528e:0:b0:2bd:e99a:a8a9 with SMTP id
c14-20020a5d528e000000b002bde99aa8a9mr7603936wrv.71.1673880119021;
Mon, 16 Jan 2023 06:41:59 -0800 (PST)
Received: from brgl-uxlite.home ([2a01:cb1d:334:ac00:2f9d:c271:2ba9:4f2a])
by smtp.gmail.com with ESMTPSA id
r10-20020adfda4a000000b0029a06f11022sm26691105wrl.112.2023.01.16.06.41.58
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 16 Jan 2023 06:41:58 -0800 (PST)
From: Bartosz Golaszewski <brgl@bgdev.pl>
To: Mark Brown <broonie@kernel.org>,
Francesco Dolcini <francesco@dolcini.it>,
Max Krummenacher <max.krummenacher@toradex.com>
Cc: linux-spi@vger.kernel.org, linux-kernel@vger.kernel.org,
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Subject: [PATCH -next] spi: spidev: fix a recursive locking error
Date: Mon, 16 Jan 2023 15:41:49 +0100
Message-Id: <20230116144149.305560-1-brgl@bgdev.pl>
X-Mailer: git-send-email 2.37.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1755191371984240012?=
X-GMAIL-MSGID: =?utf-8?q?1755191371984240012?=
|
| Series |
[-next] spi: spidev: fix a recursive locking error
|
|
Commit Message
Bartosz Golaszewski
Jan. 16, 2023, 2:41 p.m. UTC
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> When calling spidev_message() from the one of the ioctl() callbacks, the spi_lock is already taken. When we then end up calling spidev_sync(), we get the following splat: [ 214.047619] [ 214.049198] ============================================ [ 214.054533] WARNING: possible recursive locking detected [ 214.059858] 6.2.0-rc3-0.0.0-devel+git.97ec4d559d93 #1 Not tainted [ 214.065969] -------------------------------------------- [ 214.071290] spidev_test/1454 is trying to acquire lock: [ 214.076530] c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x8e0/0xab8 [ 214.084164] [ 214.084164] but task is already holding lock: [ 214.090007] c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x44/0xab8 [ 214.097537] [ 214.097537] other info that might help us debug this: [ 214.104075] Possible unsafe locking scenario: [ 214.104075] [ 214.110004] CPU0 [ 214.112461] ---- [ 214.114916] lock(&spidev->spi_lock); [ 214.118687] lock(&spidev->spi_lock); [ 214.122457] [ 214.122457] *** DEADLOCK *** [ 214.122457] [ 214.128386] May be due to missing lock nesting notation [ 214.128386] [ 214.135183] 2 locks held by spidev_test/1454: [ 214.139553] #0: c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x44/0xab8 [ 214.147524] #1: c4925e14 (&spidev->buf_lock){+.+.}-{3:3}, at: spidev_ioctl+0x70/0xab8 [ 214.155493] [ 214.155493] stack backtrace: [ 214.159861] CPU: 0 PID: 1454 Comm: spidev_test Not tainted 6.2.0-rc3-0.0.0-devel+git.97ec4d559d93 #1 [ 214.169012] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) [ 214.175555] unwind_backtrace from show_stack+0x10/0x14 [ 214.180819] show_stack from dump_stack_lvl+0x60/0x90 [ 214.185900] dump_stack_lvl from __lock_acquire+0x874/0x2858 [ 214.191584] __lock_acquire from lock_acquire+0xfc/0x378 [ 214.196918] lock_acquire from __mutex_lock+0x9c/0x8a8 [ 214.202083] __mutex_lock from mutex_lock_nested+0x1c/0x24 [ 214.207597] mutex_lock_nested from spidev_ioctl+0x8e0/0xab8 [ 214.213284] spidev_ioctl from sys_ioctl+0x4d0/0xe2c [ 214.218277] sys_ioctl from ret_fast_syscall+0x0/0x1c [ 214.223351] Exception stack(0xe75cdfa8 to 0xe75cdff0) [ 214.228422] dfa0: 00000000 00001000 00000003 40206b00 bee266e8 bee266e0 [ 214.236617] dfc0: 00000000 00001000 006a71a0 00000036 004c0040 004bfd18 00000000 00000003 [ 214.244809] dfe0: 00000036 bee266c8 b6f16dc5 b6e8e5f6 Fix it by introducing an unlocked variant of spidev_sync() and calling it from spidev_message() while other users who don't check the spidev->spi's existence keep on using the locking flavor. Reported-by: Francesco Dolcini <francesco@dolcini.it> Fixes: 1f4d2dd45b6e ("spi: spidev: fix a race condition when accessing spidev->spi") Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> --- drivers/spi/spidev.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-)
Comments
Hi On Mon, 2023-01-16 at 15:41 +0100, Bartosz Golaszewski wrote: > From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> > > When calling spidev_message() from the one of the ioctl() callbacks, the > spi_lock is already taken. When we then end up calling spidev_sync(), we > get the following splat: > > [ 214.047619] > [ 214.049198] ============================================ > [ 214.054533] WARNING: possible recursive locking detected > [ 214.059858] 6.2.0-rc3-0.0.0-devel+git.97ec4d559d93 #1 Not tainted > [ 214.065969] -------------------------------------------- > [ 214.071290] spidev_test/1454 is trying to acquire lock: > [ 214.076530] c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x8e0/0xab8 > [ 214.084164] > [ 214.084164] but task is already holding lock: > [ 214.090007] c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x44/0xab8 > [ 214.097537] > [ 214.097537] other info that might help us debug this: > [ 214.104075] Possible unsafe locking scenario: > [ 214.104075] > [ 214.110004] CPU0 > [ 214.112461] ---- > [ 214.114916] lock(&spidev->spi_lock); > [ 214.118687] lock(&spidev->spi_lock); > [ 214.122457] > [ 214.122457] *** DEADLOCK *** > [ 214.122457] > [ 214.128386] May be due to missing lock nesting notation > [ 214.128386] > [ 214.135183] 2 locks held by spidev_test/1454: > [ 214.139553] #0: c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x44/0xab8 > [ 214.147524] #1: c4925e14 (&spidev->buf_lock){+.+.}-{3:3}, at: spidev_ioctl+0x70/0xab8 > [ 214.155493] > [ 214.155493] stack backtrace: > [ 214.159861] CPU: 0 PID: 1454 Comm: spidev_test Not tainted 6.2.0-rc3-0.0.0-devel+git.97ec4d559d93 #1 > [ 214.169012] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) > [ 214.175555] unwind_backtrace from show_stack+0x10/0x14 > [ 214.180819] show_stack from dump_stack_lvl+0x60/0x90 > [ 214.185900] dump_stack_lvl from __lock_acquire+0x874/0x2858 > [ 214.191584] __lock_acquire from lock_acquire+0xfc/0x378 > [ 214.196918] lock_acquire from __mutex_lock+0x9c/0x8a8 > [ 214.202083] __mutex_lock from mutex_lock_nested+0x1c/0x24 > [ 214.207597] mutex_lock_nested from spidev_ioctl+0x8e0/0xab8 > [ 214.213284] spidev_ioctl from sys_ioctl+0x4d0/0xe2c > [ 214.218277] sys_ioctl from ret_fast_syscall+0x0/0x1c > [ 214.223351] Exception stack(0xe75cdfa8 to 0xe75cdff0) > [ 214.228422] dfa0: 00000000 00001000 00000003 40206b00 bee266e8 bee266e0 > [ 214.236617] dfc0: 00000000 00001000 006a71a0 00000036 004c0040 004bfd18 00000000 00000003 > [ 214.244809] dfe0: 00000036 bee266c8 b6f16dc5 b6e8e5f6 > > Fix it by introducing an unlocked variant of spidev_sync() and calling it > from spidev_message() while other users who don't check the spidev->spi's > existence keep on using the locking flavor. > > Reported-by: Francesco Dolcini <francesco@dolcini.it> > Fixes: 1f4d2dd45b6e ("spi: spidev: fix a race condition when accessing spidev->spi") > Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Thanks for the quick fix. I tested on a Colibri iMX7 which showed the bug before the patch is applied but not after. Tested-by: Max Krummenacher <max.krummenacher@toradex.com> Regards Max > --- > drivers/spi/spidev.c | 22 ++++++++++++++++------ > 1 file changed, 16 insertions(+), 6 deletions(-) > > diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c > index 8ef22ebcde1f..892965ac8fdf 100644 > --- a/drivers/spi/spidev.c > +++ b/drivers/spi/spidev.c > @@ -89,10 +89,22 @@ MODULE_PARM_DESC(bufsiz, "data bytes in biggest supported SPI message"); > > /*-------------------------------------------------------------------------*/ > > +static ssize_t > +spidev_sync_unlocked(struct spi_device *spi, struct spi_message *message) > +{ > + ssize_t status; > + > + status = spi_sync(spi, message); > + if (status == 0) > + status = message->actual_length; > + > + return status; > +} > + > static ssize_t > spidev_sync(struct spidev_data *spidev, struct spi_message *message) > { > - int status; > + ssize_t status; > struct spi_device *spi; > > mutex_lock(&spidev->spi_lock); > @@ -101,12 +113,10 @@ spidev_sync(struct spidev_data *spidev, struct spi_message *message) > if (spi == NULL) > status = -ESHUTDOWN; > else > - status = spi_sync(spi, message); > - > - if (status == 0) > - status = message->actual_length; > + status = spidev_sync_unlocked(spi, message); > > mutex_unlock(&spidev->spi_lock); > + > return status; > } > > @@ -294,7 +304,7 @@ static int spidev_message(struct spidev_data *spidev, > spi_message_add_tail(k_tmp, &msg); > } > > - status = spidev_sync(spidev, &msg); > + status = spidev_sync_unlocked(spidev->spi, &msg); > if (status < 0) > goto done; >
On Mon, 16 Jan 2023 15:41:49 +0100, Bartosz Golaszewski wrote: > When calling spidev_message() from the one of the ioctl() callbacks, the > spi_lock is already taken. When we then end up calling spidev_sync(), we > get the following splat: > > [ 214.047619] > [ 214.049198] ============================================ > [ 214.054533] WARNING: possible recursive locking detected > [ 214.059858] 6.2.0-rc3-0.0.0-devel+git.97ec4d559d93 #1 Not tainted > [ 214.065969] -------------------------------------------- > [ 214.071290] spidev_test/1454 is trying to acquire lock: > [ 214.076530] c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x8e0/0xab8 > [ 214.084164] > [ 214.084164] but task is already holding lock: > [ 214.090007] c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x44/0xab8 > [ 214.097537] > [ 214.097537] other info that might help us debug this: > [ 214.104075] Possible unsafe locking scenario: > [ 214.104075] > [ 214.110004] CPU0 > [ 214.112461] ---- > [ 214.114916] lock(&spidev->spi_lock); > [ 214.118687] lock(&spidev->spi_lock); > [ 214.122457] > [ 214.122457] *** DEADLOCK *** > [ 214.122457] > [ 214.128386] May be due to missing lock nesting notation > [ 214.128386] > [ 214.135183] 2 locks held by spidev_test/1454: > [ 214.139553] #0: c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x44/0xab8 > [ 214.147524] #1: c4925e14 (&spidev->buf_lock){+.+.}-{3:3}, at: spidev_ioctl+0x70/0xab8 > [ 214.155493] > [ 214.155493] stack backtrace: > [ 214.159861] CPU: 0 PID: 1454 Comm: spidev_test Not tainted 6.2.0-rc3-0.0.0-devel+git.97ec4d559d93 #1 > [ 214.169012] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) > [ 214.175555] unwind_backtrace from show_stack+0x10/0x14 > [ 214.180819] show_stack from dump_stack_lvl+0x60/0x90 > [ 214.185900] dump_stack_lvl from __lock_acquire+0x874/0x2858 > [ 214.191584] __lock_acquire from lock_acquire+0xfc/0x378 > [ 214.196918] lock_acquire from __mutex_lock+0x9c/0x8a8 > [ 214.202083] __mutex_lock from mutex_lock_nested+0x1c/0x24 > [ 214.207597] mutex_lock_nested from spidev_ioctl+0x8e0/0xab8 > [ 214.213284] spidev_ioctl from sys_ioctl+0x4d0/0xe2c > [ 214.218277] sys_ioctl from ret_fast_syscall+0x0/0x1c > [ 214.223351] Exception stack(0xe75cdfa8 to 0xe75cdff0) > [ 214.228422] dfa0: 00000000 00001000 00000003 40206b00 bee266e8 bee266e0 > [ 214.236617] dfc0: 00000000 00001000 006a71a0 00000036 004c0040 004bfd18 00000000 00000003 > [ 214.244809] dfe0: 00000036 bee266c8 b6f16dc5 b6e8e5f6 > > [...] Applied to broonie/spi.git for-next Thanks! [1/1] spi: spidev: fix a recursive locking error commit: 9bab63a3e9498afd6a29cd3a43cf3ad4a4612b85 All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark
Hello Mark, On Tue, Jan 17, 2023 at 11:06:07AM +0000, Mark Brown wrote: > On Mon, 16 Jan 2023 15:41:49 +0100, Bartosz Golaszewski wrote: > > When calling spidev_message() from the one of the ioctl() callbacks, the > > spi_lock is already taken. When we then end up calling spidev_sync(), we > > get the following splat: > > > > [ 214.047619] > > [ 214.049198] ============================================ > > [ 214.054533] WARNING: possible recursive locking detected > > [ 214.059858] 6.2.0-rc3-0.0.0-devel+git.97ec4d559d93 #1 Not tainted > > [ 214.065969] -------------------------------------------- > > [ 214.071290] spidev_test/1454 is trying to acquire lock: > > [ 214.076530] c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x8e0/0xab8 > > [ 214.084164] > > [ 214.084164] but task is already holding lock: > > [ 214.090007] c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x44/0xab8 > > [ 214.097537] > > [ 214.097537] other info that might help us debug this: > > [ 214.104075] Possible unsafe locking scenario: > > [ 214.104075] > > [ 214.110004] CPU0 > > [ 214.112461] ---- > > [ 214.114916] lock(&spidev->spi_lock); > > [ 214.118687] lock(&spidev->spi_lock); > > [ 214.122457] > > [ 214.122457] *** DEADLOCK *** > > [ 214.122457] > > [ 214.128386] May be due to missing lock nesting notation > > [ 214.128386] > > [ 214.135183] 2 locks held by spidev_test/1454: > > [ 214.139553] #0: c4925dbc (&spidev->spi_lock){+.+.}-{3:3}, at: spidev_ioctl+0x44/0xab8 > > [ 214.147524] #1: c4925e14 (&spidev->buf_lock){+.+.}-{3:3}, at: spidev_ioctl+0x70/0xab8 > > [ 214.155493] > > [ 214.155493] stack backtrace: > > [ 214.159861] CPU: 0 PID: 1454 Comm: spidev_test Not tainted 6.2.0-rc3-0.0.0-devel+git.97ec4d559d93 #1 > > [ 214.169012] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) > > [ 214.175555] unwind_backtrace from show_stack+0x10/0x14 > > [ 214.180819] show_stack from dump_stack_lvl+0x60/0x90 > > [ 214.185900] dump_stack_lvl from __lock_acquire+0x874/0x2858 > > [ 214.191584] __lock_acquire from lock_acquire+0xfc/0x378 > > [ 214.196918] lock_acquire from __mutex_lock+0x9c/0x8a8 > > [ 214.202083] __mutex_lock from mutex_lock_nested+0x1c/0x24 > > [ 214.207597] mutex_lock_nested from spidev_ioctl+0x8e0/0xab8 > > [ 214.213284] spidev_ioctl from sys_ioctl+0x4d0/0xe2c > > [ 214.218277] sys_ioctl from ret_fast_syscall+0x0/0x1c > > [ 214.223351] Exception stack(0xe75cdfa8 to 0xe75cdff0) > > [ 214.228422] dfa0: 00000000 00001000 00000003 40206b00 bee266e8 bee266e0 > > [ 214.236617] dfc0: 00000000 00001000 006a71a0 00000036 004c0040 004bfd18 00000000 00000003 > > [ 214.244809] dfe0: 00000036 bee266c8 b6f16dc5 b6e8e5f6 > > > > [...] > > Applied to > > broonie/spi.git for-next > > Thanks! > > [1/1] spi: spidev: fix a recursive locking error > commit: 9bab63a3e9498afd6a29cd3a43cf3ad4a4612b85 Any plan to have this fix sent to Linus for v6.2? The reason for asking is that because of this bug our whole test infrastructure crashes preventing the normal testing we normally do on mainline kernel (that is also how this issue was spotted in the first place). Francesco
On Sat, Feb 11, 2023 at 04:18:37PM +0100, Francesco Dolcini wrote: > Any plan to have this fix sent to Linus for v6.2? The reason for asking > is that because of this bug our whole test infrastructure crashes > preventing the normal testing we normally do on mainline kernel (that is > also how this issue was spotted in the first place). I already did.
On Sat, Feb 11, 2023 at 11:13:35PM +0000, Mark Brown wrote: > On Sat, Feb 11, 2023 at 04:18:37PM +0100, Francesco Dolcini wrote: > > Any plan to have this fix sent to Linus for v6.2? The reason for asking > I already did. Thanks a lot - appreciated! Francesco
diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c index 8ef22ebcde1f..892965ac8fdf 100644 --- a/drivers/spi/spidev.c +++ b/drivers/spi/spidev.c @@ -89,10 +89,22 @@ MODULE_PARM_DESC(bufsiz, "data bytes in biggest supported SPI message"); /*-------------------------------------------------------------------------*/ +static ssize_t +spidev_sync_unlocked(struct spi_device *spi, struct spi_message *message) +{ + ssize_t status; + + status = spi_sync(spi, message); + if (status == 0) + status = message->actual_length; + + return status; +} + static ssize_t spidev_sync(struct spidev_data *spidev, struct spi_message *message) { - int status; + ssize_t status; struct spi_device *spi; mutex_lock(&spidev->spi_lock); @@ -101,12 +113,10 @@ spidev_sync(struct spidev_data *spidev, struct spi_message *message) if (spi == NULL) status = -ESHUTDOWN; else - status = spi_sync(spi, message); - - if (status == 0) - status = message->actual_length; + status = spidev_sync_unlocked(spi, message); mutex_unlock(&spidev->spi_lock); + return status; } @@ -294,7 +304,7 @@ static int spidev_message(struct spidev_data *spidev, spi_message_add_tail(k_tmp, &msg); } - status = spidev_sync(spidev, &msg); + status = spidev_sync_unlocked(spidev->spi, &msg); if (status < 0) goto done;