| Message ID | 20230327095019.1017159-1-mathias.nyman@linux.intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1387082vqo;
Mon, 27 Mar 2023 02:52:25 -0700 (PDT)
X-Google-Smtp-Source:
AKy350bZW1PFvmiSv/9/5z3nlMHaVJMvOXPyoeLlA2EKp98FExMC8eqD9lVsU43I1PBKtt+fuc9V
X-Received: by 2002:aa7:da57:0:b0:4fb:80cf:89e6 with SMTP id
w23-20020aa7da57000000b004fb80cf89e6mr12266464eds.8.1679910744877;
Mon, 27 Mar 2023 02:52:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679910744; cv=none;
d=google.com; s=arc-20160816;
b=XCfORDrUEVJsUpOXFGkpnzZoC2dkBsWAtEwpHYqB7iKVtLoa6c3GuyUwwqySPucIq0
mWp3lLHhqlLjWVmJJ6tq870mb0qrkEE8NL55YCtBSQqbhKMoK17l6M4aFJITdvptV9RM
JSu0pK/pYYWXlKB9tTibv6E4IQ7jUIptppTHw+IcWcgA18xpAlJqDeXJRgLQzTm9Rvyo
0CEoYxxtmxmlKCl4TwnwAtiF+KhPU+affmiCU72TiE9dkAUSvwG8SvppppN6ycmfFh4V
BUM9AFpStZhS7fMtaxv8rrIXDIMpzPFs4elWJ9NiBpJjhaSo6jlyxwfY3aEpclx2MZyL
I6qQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=u5KvVxNgnFKW1nB4UthXaGoHh/wqgfQv5+tZquWDs2U=;
b=f6OBbSnED6qVd9nyOLenLqm7jRskpBej78bdU0tDP8K0q3nyFusDpyU/Bqx/9VAukU
plRTfew9B4gC7moH9PdSSaraPSJ194N9XmIrJf361Nj7YaDqR7h4vxfAzHw6MmzRBlSn
+Y+bkeNirjvBUsTkMWM8vg7ul17xz2zhSmA9PofPrRHg8vdZiSlpkcBKVO7XGfkUPbL1
BApMCUj1PJ+lyFwScdAlTLcQ0bChMCY+culb4HhUBMTypq3+UH2/CrxBDdJJyRRTdMBU
wnUMxcC25ahysGJ2zQHAX7r9gdYVJr90/QWsccOv2+M6Qd2DlGC3BhaS6GlmsVJERUBZ
3Z/Q==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b="NWfeLEs/";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
b23-20020aa7d497000000b005021f0d575dsi8748584edr.676.2023.03.27.02.52.01;
Mon, 27 Mar 2023 02:52:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b="NWfeLEs/";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232855AbjC0Jt7 (ORCPT <rfc822;makky5685@gmail.com> + 99 others);
Mon, 27 Mar 2023 05:49:59 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45024 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233010AbjC0Jtg (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 27 Mar 2023 05:49:36 -0400
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 74C6D5276;
Mon, 27 Mar 2023 02:49:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1679910574; x=1711446574;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=xBeLqlQQ2ZjA9fI2W7QipMFz4tnsQ/MApd2Q6uLzh6w=;
b=NWfeLEs/db/OnAuPLB6R/j58XUSxPLR2V39uZso4boMr86cwYpsg6LQL
euCskZK0E1b8ZaHmp04WM6GVoKfa8K+D4++6V3YnJp9xuFBvWI/LhpJrF
UHh6XMwkG8p8HJY/gpBy4yVLeQcBoGqu8srjHiLhrrALa2JoFh4io7bqe
hHc0FwJmYVajyru4aEfOp1jB/A2gyqZuzRgWxJRJwi5RlJzaDJFM2oF4V
dUCbHzipOmW8DNqFvNOzLJ9CauowbtcB7wa9oj6sU2bfDxzx4F8fzVzvw
yVy29Lu4VhL4vm6umYWrU9lOGzoObFxnJKHI/BJVdGlVaC4rBncO2P6XB
A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10661"; a="367968164"
X-IronPort-AV: E=Sophos;i="5.98,294,1673942400";
d="scan'208";a="367968164"
Received: from orsmga001.jf.intel.com ([10.7.209.18])
by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
27 Mar 2023 02:49:31 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10661"; a="716017172"
X-IronPort-AV: E=Sophos;i="5.98,294,1673942400";
d="scan'208";a="716017172"
Received: from mattu-haswell.fi.intel.com ([10.237.72.199])
by orsmga001.jf.intel.com with ESMTP; 27 Mar 2023 02:49:28 -0700
From: Mathias Nyman <mathias.nyman@linux.intel.com>
To: mirsad.todorovac@alu.unizg.hr, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: gregkh@linuxfoundation.org, ubuntu-devel-discuss@lists.ubuntu.com,
stern@rowland.harvard.edu, arnd@arndb.de,
Mathias Nyman <mathias.nyman@linux.intel.com>,
Stable@vger.kernel.org
Subject: [PATCH] xhci: Free the command allocated for setting LPM if we return
early
Date: Mon, 27 Mar 2023 12:50:19 +0300
Message-Id: <20230327095019.1017159-1-mathias.nyman@linux.intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <b86fcdbd-f1c6-846f-838f-b7679ec4e2b4@linux.intel.com>
References: <b86fcdbd-f1c6-846f-838f-b7679ec4e2b4@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.4 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,
RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1761514088971619754?=
X-GMAIL-MSGID: =?utf-8?q?1761514088971619754?=
|
| Series |
xhci: Free the command allocated for setting LPM if we return early
|
|
Commit Message
Mathias Nyman
March 27, 2023, 9:50 a.m. UTC
The command allocated to set exit latency LPM values need to be freed in
case the command is never queued. This would be the case if there is no
change in exit latency values, or device is missing.
Fixes: 5c2a380a5aa8 ("xhci: Allocate separate command structures for each LPM command")
Cc: <Stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
---
drivers/usb/host/xhci.c | 1 +
1 file changed, 1 insertion(+)
Comments
On Mon, Mar 27, 2023 at 12:50:19PM +0300, Mathias Nyman wrote: > The command allocated to set exit latency LPM values need to be freed in > case the command is never queued. This would be the case if there is no > change in exit latency values, or device is missing. > > Fixes: 5c2a380a5aa8 ("xhci: Allocate separate command structures for each LPM command") > Cc: <Stable@vger.kernel.org> > Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> > --- > drivers/usb/host/xhci.c | 1 + > 1 file changed, 1 insertion(+) Do you want me to take this now, or will you be sending this to me in a separate series of xhci fixes? Either is fine with me. thanks, greg k-h
On 27.3.2023 14.51, Greg KH wrote: > On Mon, Mar 27, 2023 at 12:50:19PM +0300, Mathias Nyman wrote: >> The command allocated to set exit latency LPM values need to be freed in >> case the command is never queued. This would be the case if there is no >> change in exit latency values, or device is missing. >> >> Fixes: 5c2a380a5aa8 ("xhci: Allocate separate command structures for each LPM command") >> Cc: <Stable@vger.kernel.org> >> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> >> --- >> drivers/usb/host/xhci.c | 1 + >> 1 file changed, 1 insertion(+) > > Do you want me to take this now, or will you be sending this to me in a > separate series of xhci fixes? Either is fine with me. I can send a separate series this week, there are some other fixes as well. Thanks Mathias
On 27. 03. 2023. 15:31, Mathias Nyman wrote: > On 27.3.2023 14.51, Greg KH wrote: >> On Mon, Mar 27, 2023 at 12:50:19PM +0300, Mathias Nyman wrote: >>> The command allocated to set exit latency LPM values need to be freed in >>> case the command is never queued. This would be the case if there is no >>> change in exit latency values, or device is missing. >>> >>> Fixes: 5c2a380a5aa8 ("xhci: Allocate separate command structures for each LPM command") >>> Cc: <Stable@vger.kernel.org> >>> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> >>> --- >>> drivers/usb/host/xhci.c | 1 + >>> 1 file changed, 1 insertion(+) >> >> Do you want me to take this now, or will you be sending this to me in a >> separate series of xhci fixes? Either is fine with me. > > I can send a separate series this week, there are some other fixes as well. Hi, Mathias, I can confirm from the original setup that triggered the bug: root@marvin-IdeaPad-3-15ITL6:~# uname -rms Linux 6.3.0-rc3-kobj-rlse-00317-g65aca32efdcb-dirty x86_64 root@marvin-IdeaPad-3-15ITL6:~# The version without the patch still manifests the issue: root@marvin-IdeaPad-3-15ITL6:/home/marvin# uname -rms Linux 6.3.0-rc3-kobj-rlse-wop-00317-g65aca32efdcb x86_64 root@marvin-IdeaPad-3-15ITL6:/home/marvin# echo scan > /sys/kernel/debug/kmemleak root@marvin-IdeaPad-3-15ITL6:/home/marvin# cat /sys/kernel/debug/kmemleak unreferenced object 0xffff96e59c4e1400 (size 64): comm "systemd-udevd", pid 420, jiffies 4294893221 (age 260.340s) hex dump (first 32 bytes): c0 8b c3 98 e5 96 ff ff 00 00 00 00 00 00 00 00 ................ 60 8c c3 98 e5 96 ff ff 00 00 00 00 00 00 00 00 `............... backtrace: [<ffffffffacbde94c>] slab_post_alloc_hook+0x8c/0x320 [<ffffffffacbe5107>] __kmem_cache_alloc_node+0x1c7/0x2b0 [<ffffffffacb62f3b>] kmalloc_node_trace+0x2b/0xa0 [<ffffffffad3af2ec>] xhci_alloc_command+0x7c/0x1b0 [<ffffffffad3af451>] xhci_alloc_command_with_ctx+0x21/0x70 [<ffffffffad3a8a3e>] xhci_change_max_exit_latency+0x2e/0x1c0 [<ffffffffad3a8c5b>] xhci_disable_usb3_lpm_timeout+0x7b/0xb0 [<ffffffffad3457a7>] usb_disable_link_state+0x57/0xe0 [<ffffffffad345f46>] usb_disable_lpm+0x86/0xc0 [<ffffffffad345fc1>] usb_unlocked_disable_lpm+0x31/0x60 [<ffffffffad355db6>] usb_disable_device+0x136/0x250 [<ffffffffad356b23>] usb_set_configuration+0x583/0xa70 [<ffffffffad364c6d>] usb_generic_driver_disconnect+0x2d/0x40 [<ffffffffad358612>] usb_unbind_device+0x32/0x90 [<ffffffffad222295>] device_remove+0x65/0x70 [<ffffffffad223903>] device_release_driver_internal+0xc3/0x140 unreferenced object 0xffff96e598c38c60 (size 32): comm "systemd-udevd", pid 420, jiffies 4294893221 (age 260.340s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 70 8c c3 98 e5 96 ff ff 70 8c c3 98 e5 96 ff ff p.......p....... backtrace: [<ffffffffacbde94c>] slab_post_alloc_hook+0x8c/0x320 [<ffffffffacbe5107>] __kmem_cache_alloc_node+0x1c7/0x2b0 [<ffffffffacb62f3b>] kmalloc_node_trace+0x2b/0xa0 [<ffffffffad3af364>] xhci_alloc_command+0xf4/0x1b0 [<ffffffffad3af451>] xhci_alloc_command_with_ctx+0x21/0x70 [<ffffffffad3a8a3e>] xhci_change_max_exit_latency+0x2e/0x1c0 [<ffffffffad3a8c5b>] xhci_disable_usb3_lpm_timeout+0x7b/0xb0 [<ffffffffad3457a7>] usb_disable_link_state+0x57/0xe0 [<ffffffffad345f46>] usb_disable_lpm+0x86/0xc0 [<ffffffffad345fc1>] usb_unlocked_disable_lpm+0x31/0x60 [<ffffffffad355db6>] usb_disable_device+0x136/0x250 [<ffffffffad356b23>] usb_set_configuration+0x583/0xa70 [<ffffffffad364c6d>] usb_generic_driver_disconnect+0x2d/0x40 [<ffffffffad358612>] usb_unbind_device+0x32/0x90 [<ffffffffad222295>] device_remove+0x65/0x70 [<ffffffffad223903>] device_release_driver_internal+0xc3/0x140 unreferenced object 0xffff96e598c38bc0 (size 32): comm "systemd-udevd", pid 420, jiffies 4294893221 (age 260.340s) hex dump (first 32 bytes): 02 00 00 00 20 04 00 00 00 90 79 9c e5 96 ff ff .... .....y..... 00 90 79 1c 01 00 00 00 00 00 00 00 00 00 00 00 ..y............. backtrace: [<ffffffffacbde94c>] slab_post_alloc_hook+0x8c/0x320 [<ffffffffacbe5107>] __kmem_cache_alloc_node+0x1c7/0x2b0 [<ffffffffacb62f3b>] kmalloc_node_trace+0x2b/0xa0 [<ffffffffad3ad86e>] xhci_alloc_container_ctx+0x7e/0x140 [<ffffffffad3af469>] xhci_alloc_command_with_ctx+0x39/0x70 [<ffffffffad3a8a3e>] xhci_change_max_exit_latency+0x2e/0x1c0 [<ffffffffad3a8c5b>] xhci_disable_usb3_lpm_timeout+0x7b/0xb0 [<ffffffffad3457a7>] usb_disable_link_state+0x57/0xe0 [<ffffffffad345f46>] usb_disable_lpm+0x86/0xc0 [<ffffffffad345fc1>] usb_unlocked_disable_lpm+0x31/0x60 [<ffffffffad355db6>] usb_disable_device+0x136/0x250 [<ffffffffad356b23>] usb_set_configuration+0x583/0xa70 [<ffffffffad364c6d>] usb_generic_driver_disconnect+0x2d/0x40 . . . It is completely the same commit save to the difference of applying your patch kobj-rlse-dirty version and removing it and rebuilding -kobj-rlse-wop- version Congratulations, for further bisect appears obsoleted. I haven't been able to iterate the bug, or cause more leaks by unplugging and plugging in again USB devices, so I cannot estimate severity of this bug, but I really wouldn't have an idea without bisecting first. Best regards, Mirsad
On 27. 03. 2023. 11:50, Mathias Nyman wrote: > The command allocated to set exit latency LPM values need to be freed in > case the command is never queued. This would be the case if there is no > change in exit latency values, or device is missing. > > Fixes: 5c2a380a5aa8 ("xhci: Allocate separate command structures for each LPM command") > Cc: <Stable@vger.kernel.org> > Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> > --- > drivers/usb/host/xhci.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c > index bdb6dd819a3b..6307bae9cddf 100644 > --- a/drivers/usb/host/xhci.c > +++ b/drivers/usb/host/xhci.c > @@ -4442,6 +4442,7 @@ static int __maybe_unused xhci_change_max_exit_latency(struct xhci_hcd *xhci, > > if (!virt_dev || max_exit_latency == virt_dev->current_mel) { > spin_unlock_irqrestore(&xhci->lock, flags); > + xhci_free_command(xhci, command); > return 0; > } > After more testing, I can confirm that your patch fixes the leak in the original environment. And I see that you independently already have bisected the culprit commit, so I have needlessly duplicated the work. However, I consider myself still a learner and an absolute beginner in the Linux kernel world ... Best regards, Mirsad
On 28.3.2023 1.25, Mirsad Goran Todorovac wrote: > On 27. 03. 2023. 11:50, Mathias Nyman wrote: >> The command allocated to set exit latency LPM values need to be freed in >> case the command is never queued. This would be the case if there is no >> change in exit latency values, or device is missing. >> >> Fixes: 5c2a380a5aa8 ("xhci: Allocate separate command structures for each LPM command") >> Cc: <Stable@vger.kernel.org> >> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> >> --- >> drivers/usb/host/xhci.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c >> index bdb6dd819a3b..6307bae9cddf 100644 >> --- a/drivers/usb/host/xhci.c >> +++ b/drivers/usb/host/xhci.c >> @@ -4442,6 +4442,7 @@ static int __maybe_unused xhci_change_max_exit_latency(struct xhci_hcd *xhci, >> >> if (!virt_dev || max_exit_latency == virt_dev->current_mel) { >> spin_unlock_irqrestore(&xhci->lock, flags); >> + xhci_free_command(xhci, command); >> return 0; >> } >> > > After more testing, I can confirm that your patch fixes the leak in the original > environment. Thanks for testing. Can I add the tags below to the patch? Reported-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr> Tested-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr> Thanks Mathias
On 28.3.2023. 9:57, Mathias Nyman wrote: > On 28.3.2023 1.25, Mirsad Goran Todorovac wrote: >> On 27. 03. 2023. 11:50, Mathias Nyman wrote: >>> The command allocated to set exit latency LPM values need to be freed in >>> case the command is never queued. This would be the case if there is no >>> change in exit latency values, or device is missing. >>> >>> Fixes: 5c2a380a5aa8 ("xhci: Allocate separate command structures for each LPM command") >>> Cc: <Stable@vger.kernel.org> >>> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> >>> --- >>> drivers/usb/host/xhci.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c >>> index bdb6dd819a3b..6307bae9cddf 100644 >>> --- a/drivers/usb/host/xhci.c >>> +++ b/drivers/usb/host/xhci.c >>> @@ -4442,6 +4442,7 @@ static int __maybe_unused xhci_change_max_exit_latency(struct xhci_hcd *xhci, >>> if (!virt_dev || max_exit_latency == virt_dev->current_mel) { >>> spin_unlock_irqrestore(&xhci->lock, flags); >>> + xhci_free_command(xhci, command); >>> return 0; >>> } >> >> After more testing, I can confirm that your patch fixes the leak in the original >> environment. > > Thanks for testing. > Can I add the tags below to the patch? > > Reported-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr> > Tested-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr> > > Thanks > Mathias Sure, thanks for the thought. Sorry, my Thunderbird has hidden your message, I saw it only on Lore and accidentally. Regards, Mirsad
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index bdb6dd819a3b..6307bae9cddf 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -4442,6 +4442,7 @@ static int __maybe_unused xhci_change_max_exit_latency(struct xhci_hcd *xhci, if (!virt_dev || max_exit_latency == virt_dev->current_mel) { spin_unlock_irqrestore(&xhci->lock, flags); + xhci_free_command(xhci, command); return 0; }