From patchwork Sat Jun 11 17:37:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cameron Gutman X-Patchwork-Id: 9171083 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4EDB46048C for ; Sat, 11 Jun 2016 17:37:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37C0E265B9 for ; Sat, 11 Jun 2016 17:37:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2C08F268AE; Sat, 11 Jun 2016 17:37:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C8319265B9 for ; Sat, 11 Jun 2016 17:37:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751575AbcFKRhM (ORCPT ); Sat, 11 Jun 2016 13:37:12 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:36295 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751182AbcFKRhL (ORCPT ); Sat, 11 Jun 2016 13:37:11 -0400 Received: by mail-oi0-f66.google.com with SMTP id d132so18464951oig.3 for ; Sat, 11 Jun 2016 10:37:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=59ywPv/PC7BPiyEvb0zIGUP84LofcFrvMsz6bB0F+2I=; b=Aa0nFQtufK3Gs1VxHRQ3hXrd6DjfSqmZvmrl4yi6OSX+3/B+3n0DYkfj1AGOkjbW4+ O/7miJSuiqg8TrMmeehRd0xHZHgdANHTnVACcgRhn7m0KzmiUe7tHqNe07z1V5zNDUwJ 8dsXp3x5jQlBZbXDLTnzVjJ87qhxx7O3AFFGwYM3rDSRSspYCjXd32exQ4vFda/UV0h+ Fp6/vWzU5cmWkck79/HsXFhtJK93d+Y7JYz4Bv67ZmTS4Cn5dDho8VcbiPgOwUii/2g+ 2m3j7oBGyPwM3pXSLNWf7RbWmF3zS0Ya2KPa3aC/biyzHoXjKyCi+sPi9pwa9KUQ1XLX U5UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=59ywPv/PC7BPiyEvb0zIGUP84LofcFrvMsz6bB0F+2I=; b=lALWUaAEhOEhiUVJIPrs5IAvNxXme1uSJd+JAuhjlM/cUf7ClAik3yopjkChVYilxu FbNNiBWwxzK/eyFRBnz+6gx1ETJZzgZvlNVl4UQRe2rteHALQWmCEPzaj80r5xUPTPin B05cF7sDn7mMvTdgHZF2T7+ne0mS5JkfKt7zHrymtXc9VcXdoFo5347GARfcqZtEgyDs Y3W1r28ZvNdsORmePd2okFoq8qrRwDrquCp9Iq7f0oZ429bY+bBhdbI/nKD+AnEHrpxS M/EbZpRk65uNXDCSJbIi+LOO/W5wsnp7o/+Zx5njELvvHtyXQHsiq67ia4uM57oVCGpI dygw== X-Gm-Message-State: ALyK8tLpUdandvonjdhumZ0nMwmzb4GBl8fr9qQBya90tKIspYuYRw9/qmvf516g7bHt6w== X-Received: by 10.202.84.129 with SMTP id i123mr4086178oib.130.1465666630438; Sat, 11 Jun 2016 10:37:10 -0700 (PDT) Received: from ?IPv6:2601:2c6:c000:f778:e852:400b:8d1d:a76f? ([2601:2c6:c000:f778:e852:400b:8d1d:a76f]) by smtp.gmail.com with ESMTPSA id 92sm7820484otg.29.2016.06.11.10.37.09 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 11 Jun 2016 10:37:09 -0700 (PDT) Subject: Re: [PATCH v3] hid-sony: Prevent crash when rumble effects are still loaded at USB disconnect To: Manuel Reimer References: <856C5FBA-EA87-4D24-BB29-433FF5437518@gmail.com> <01146ebc-3710-e3cd-812a-ca4f0ef84372@m-reimer.de> <768f4bf0-4b8d-7036-7ddd-1dc9ff4a171b@m-reimer.de> <650C9404-0604-4783-B8AC-A7FEC9A73676@gmail.com> <29a17dba-d98d-65a1-5949-2b74e00ecdf5@m-reimer.de> Cc: linux-input , jikos@kernel.org From: Cameron Gutman Message-ID: <575C4C44.4070401@gmail.com> Date: Sat, 11 Jun 2016 12:37:08 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: Sender: linux-input-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-input@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On 06/11/2016 05:00 AM, Manuel Reimer wrote: > Hello, > > I did some more testing. Now I added printk messages to start and end of ml_effect_timer and to hl_ff_destroy. Result: > > [ 513.493511] ml_effect_timer start > [ 513.746964] ml_effect_timer end > [ 515.107003] hid-sony: Sending to uninitialized device failed! > [ 515.333520] hid-sony: Sending to uninitialized device failed! > [ 515.415381] hid-sony: Sending to uninitialized device failed! > [ 520.476860] ml_effect_timer start > [ 520.677003] BUG: unable to handle kernel NULL pointer dereference at 00000000000000d8 > > The hid-sony messages are created by my last patch to fix the hid-sony driver. They show that some sending attempts have been cancelled, as the device is about to be destroyed. > > Quite some time after that there in fact is another attempt to call ml_effect_timer, so the timer still was active. Tomorrow I'll add additional printk lines to the hid-sony destroy function to see if this finished executing before this unwanted timer call arrives. > > This also shows that ml_ff_destroy is not the right place to cancel the timer. ml_ff_destroy is called as soon as I exit fftest. It is not called at all on USB disconnect. > > I now guess this can also be reproduced with the xpad driver, but it requires some fiddling with fftest. It took me ten minutes this time to get the bug triggered. I think the way to trigger the bug is to start effect 5 and shortly after that effect 4. With some luck the USB plug is pulled before event 4 is actually started. > Can you try applying the following patch on a clean source tree and see if it resolves your issue? --- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/input/ff-memless.c b/drivers/input/ff-memless.c index fcc6c33..6366e9a 100644 --- a/drivers/input/ff-memless.c +++ b/drivers/input/ff-memless.c @@ -501,6 +501,7 @@ static void ml_ff_destroy(struct ff_device *ff) { struct ml_device *ml = ff->private; + del_timer_sync(&ml->timer); kfree(ml->private); }