[1/1] usb: chipidea: udc: fix sleeping function called from invalid context

Commit Message

Peter Chen March 10, 2020, 6:59 a.m. UTC

From: Peter Chen <peter.chen@nxp.com>

The code calls pm_runtime_get_sync with irq disabled, it causes below
warning:

BUG: sleeping function called from invalid context at
wer/runtime.c:1075
in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid:
er/u8:1
CPU: 1 PID: 37 Comm: kworker/u8:1 Not tainted
20200304-00181-gbebfd2a5be98 #1588
Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
Workqueue: ci_otg ci_otg_work
[<c010e8bd>] (unwind_backtrace) from [<c010a315>]
1/0x14)
[<c010a315>] (show_stack) from [<c0987d29>]
5/0x94)
[<c0987d29>] (dump_stack) from [<c013e77f>]
+0xeb/0x118)
[<c013e77f>] (___might_sleep) from [<c052fa1d>]
esume+0x75/0x78)
[<c052fa1d>] (__pm_runtime_resume) from [<c0627a33>]
0x23/0x74)
[<c0627a33>] (ci_udc_pullup) from [<c062fb93>]
nect+0x2b/0xcc)
[<c062fb93>] (usb_gadget_connect) from [<c062769d>]
_connect+0x59/0x104)
[<c062769d>] (ci_hdrc_gadget_connect) from [<c062778b>]
ssion+0x43/0x48)
[<c062778b>] (ci_udc_vbus_session) from [<c062f997>]
s_connect+0x17/0x9c)
[<c062f997>] (usb_gadget_vbus_connect) from [<c062634d>]
bd/0x128)
[<c062634d>] (ci_otg_work) from [<c0134719>]
rk+0x149/0x404)
[<c0134719>] (process_one_work) from [<c0134acb>]
0xf7/0x3bc)
[<c0134acb>] (worker_thread) from [<c0139433>]
x118)
[<c0139433>] (kthread) from [<c01010bd>]
(ret_from_fork+0x11/0x34)

Tested-by: Dmitry Osipenko <digetx@gmail.com>
Cc: <stable@vger.kernel.org> #v5.5
Fixes: 72dc8df7920f ("usb: chipidea: udc: protect usb interrupt enable")
Reported-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
---
 drivers/usb/chipidea/udc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Alan Stern March 10, 2020, 1:57 p.m. UTC | #1

On Tue, 10 Mar 2020, Peter Chen wrote:

> From: Peter Chen <peter.chen@nxp.com>
> 
> The code calls pm_runtime_get_sync with irq disabled, it causes below
> warning:
> 
> BUG: sleeping function called from invalid context at
> wer/runtime.c:1075
> in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid:
> er/u8:1

...

> Tested-by: Dmitry Osipenko <digetx@gmail.com>
> Cc: <stable@vger.kernel.org> #v5.5
> Fixes: 72dc8df7920f ("usb: chipidea: udc: protect usb interrupt enable")
> Reported-by: Dmitry Osipenko <digetx@gmail.com>
> Signed-off-by: Peter Chen <peter.chen@nxp.com>
> ---
>  drivers/usb/chipidea/udc.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
> index ffaf46f5d062..1fa587ec52fc 100644
> --- a/drivers/usb/chipidea/udc.c
> +++ b/drivers/usb/chipidea/udc.c
> @@ -1539,9 +1539,11 @@ static void ci_hdrc_gadget_connect(struct usb_gadget *_gadget, int is_active)
>  		if (ci->driver) {
>  			hw_device_state(ci, ci->ep0out->qh.dma);
>  			usb_gadget_set_state(_gadget, USB_STATE_POWERED);
> +			spin_unlock_irqrestore(&ci->lock, flags);
>  			usb_udc_vbus_handler(_gadget, true);
> +		} else {
> +			spin_unlock_irqrestore(&ci->lock, flags);
>  		}
> -		spin_unlock_irqrestore(&ci->lock, flags);

There's something strange about this patch.

Do you really know that interrupts will be enabled following the 
spin_unlock_irqrestore()?  In other words, do you know that interrupts 
were enabled upon entry to this routine?

If they were, then why use spin_lock_irqsave/spin_unlock_irqrestore?  
Why not use spin_lock_irq and spin_unlock_irq?

Alan Stern

Peter Chen March 11, 2020, 6:57 a.m. UTC | #2

On 20-03-10 09:57:00, Alan Stern wrote:
> On Tue, 10 Mar 2020, Peter Chen wrote:
> 
> > From: Peter Chen <peter.chen@nxp.com>
> > 
> > The code calls pm_runtime_get_sync with irq disabled, it causes below
> > warning:
> > 
> > BUG: sleeping function called from invalid context at
> > wer/runtime.c:1075
> > in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid:
> > er/u8:1
> 
> ...
> 
> > Tested-by: Dmitry Osipenko <digetx@gmail.com>
> > Cc: <stable@vger.kernel.org> #v5.5
> > Fixes: 72dc8df7920f ("usb: chipidea: udc: protect usb interrupt enable")
> > Reported-by: Dmitry Osipenko <digetx@gmail.com>
> > Signed-off-by: Peter Chen <peter.chen@nxp.com>
> > ---
> >  drivers/usb/chipidea/udc.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
> > index ffaf46f5d062..1fa587ec52fc 100644
> > --- a/drivers/usb/chipidea/udc.c
> > +++ b/drivers/usb/chipidea/udc.c
> > @@ -1539,9 +1539,11 @@ static void ci_hdrc_gadget_connect(struct usb_gadget *_gadget, int is_active)
> >  		if (ci->driver) {
> >  			hw_device_state(ci, ci->ep0out->qh.dma);
> >  			usb_gadget_set_state(_gadget, USB_STATE_POWERED);
> > +			spin_unlock_irqrestore(&ci->lock, flags);
> >  			usb_udc_vbus_handler(_gadget, true);
> > +		} else {
> > +			spin_unlock_irqrestore(&ci->lock, flags);
> >  		}
> > -		spin_unlock_irqrestore(&ci->lock, flags);
> 
> There's something strange about this patch.
> 
> Do you really know that interrupts will be enabled following the 
> spin_unlock_irqrestore()?  In other words, do you know that interrupts 
> were enabled upon entry to this routine?
> 
> If they were, then why use spin_lock_irqsave/spin_unlock_irqrestore?  
> Why not use spin_lock_irq and spin_unlock_irq?
> 

This function is called at process context, so the interrupt is
enabled, I will use spin_lock_irq, thanks, Alan.

Patch

diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
index ffaf46f5d062..1fa587ec52fc 100644
--- a/drivers/usb/chipidea/udc.c
+++ b/drivers/usb/chipidea/udc.c
@@ -1539,9 +1539,11 @@  static void ci_hdrc_gadget_connect(struct usb_gadget *_gadget, int is_active)
 		if (ci->driver) {
 			hw_device_state(ci, ci->ep0out->qh.dma);
 			usb_gadget_set_state(_gadget, USB_STATE_POWERED);
+			spin_unlock_irqrestore(&ci->lock, flags);
 			usb_udc_vbus_handler(_gadget, true);
+		} else {
+			spin_unlock_irqrestore(&ci->lock, flags);
 		}
-		spin_unlock_irqrestore(&ci->lock, flags);
 	} else {
 		usb_udc_vbus_handler(_gadget, false);
 		if (ci->driver)