Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp501667imi; Fri, 22 Jul 2022 03:49:27 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sNX5X+cchJsU+cO97KF8RU9N/GIBHWK/XW0MiQm/Ki/E2h3zg9P8FLJ51JU/FVzpv9g0Vq X-Received: by 2002:a05:6a00:1d26:b0:528:3a25:ea3c with SMTP id a38-20020a056a001d2600b005283a25ea3cmr2918163pfx.67.1658486967254; Fri, 22 Jul 2022 03:49:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658486967; cv=none; d=google.com; s=arc-20160816; b=X7wAG0YoCD1tawOP6oMkGGpM4Cg0/p492IlJKeEs5DwaZcBXG3J7iMU617wRSr+3b2 c9Ze1Lg6RnSCM+RBQhxqSkxIcZ2C1SQEF/VJaIbD2a2abBRoDW/FmfzLS4aAgBGw3qm3 wYY6VFmWW8QuIhd2jFXNXhtCezTmOT91kNBcoEZAuQJGP5cXZbs8h5ExaoIvtdzZHF4W awjstFc6t0g4X9hICFuYjzqeg66fJTiTkBPYT7zzayBnF2UBtYDZ0+epKnu0fG6xqb5h VfNbluE6sfCAxq0dzAIWopLXglU2bCjh+j9LSBX+as40xAvHV0bbJErMxhseGf3ED5Nd UoWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=tBUzLCUMvi2t0e3jHkRxKnlkrjAkiVQpUwiAVq5cs50=; b=molE/pJVbgpVvVNmIuqTz1tDc99cYp9XFKT5ij4qTmWSaStY1UqR+28bnwp6007Gk5 sVkyxu6FD1aJLpXy2XClNB3SKPTmeXLnQO/6N8oIloLaLVRx9QYsoZsZu6DLQSQD4W14 odY9yDOvnU2KJtTZAKKiVcrY55DgEM9bFUbvQFi9z/SaaoGC+qPjL99QO0p6OJ/CRfWb 08wH+0gT6XaBg0RoLB9fZcqM2avQ/6I32XIVQiFgmIafFkYJhZX5/CrITOaarsy6dMp/ osSFGIU5PLdZM/Dd3zyY0X8rZ5ZVSy7qBl8mC2H7qvgpRzq+wSZK5dQBGNUvCwW6rIb/ 1vEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=PmZGjk9K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n16-20020a63f810000000b0040d54868742si5549679pgh.24.2022.07.22.03.49.12; Fri, 22 Jul 2022 03:49:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=PmZGjk9K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234815AbiGVKbE (ORCPT + 99 others); Fri, 22 Jul 2022 06:31:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229538AbiGVKbC (ORCPT ); Fri, 22 Jul 2022 06:31:02 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6B33AFB7D for ; Fri, 22 Jul 2022 03:31:01 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id pc13so4010794pjb.4 for ; Fri, 22 Jul 2022 03:31:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=tBUzLCUMvi2t0e3jHkRxKnlkrjAkiVQpUwiAVq5cs50=; b=PmZGjk9Kk7jVz7K0qbp8rUGKGH2twx/OgNXmpsYddepEKS/7ODbyl9BJ8/F6VmCLWY QsrdCgM9PKyvUG4JtLXBczJtiWdWpPt485bla0zbS4Nah6e9fF2u9f4gfCvluTitQTg9 FmdjCNPsuE3trQUI4ylnjr4VlWeMMwIeyrEC9QGJKM/bOCAm5/NdQmwhjky+XeNZT9dA 1TDSDVLcfANGPMbRa7r4k/MOPaaSAfFke5tJZrEjWog5x1lSfcv4KKVXfErJWYLxYkuj ygfYFsIb1gVnVTlCK0SwDsYsRoNaHt5lseAu7y4P5P4NjPjTR+QonYUEgIJ2DIPAbAxc cS3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=tBUzLCUMvi2t0e3jHkRxKnlkrjAkiVQpUwiAVq5cs50=; b=aFLyoP2jUcdmo/q2jhYfyqQsavNAB9JPRJ98hsLMpWO65XOiABKzQKSwQCLz1IaSf3 zdtkJ2Dn9nW4gk4vPxlDnWHz5VpFvHPc1QTwyx/6t32RaOvfCGMpgKWpPlwT7XWqVot+ NKVevEU4wtTAormeImJ+fJ7cMhMvwAl+P5X0SQbGsbezv8N0/YoIy47Zk0aAfMk7AQXQ 77IhxYfZglaQbfNafTiYQeSXnmBQvmYf5QpKQaH3jEtQgsGnj/8LCS3bnDRYy9gPqd+N f5DwNF1R0NVUR1dEGT5nkK0NVR+rlbOJl7vzDVWhaPp/WvQ7Fzwvgvzg2UMAlXuy8Cb8 bFYg== X-Gm-Message-State: AJIora9NwDqiwPxS62+0xdeOO1SOFdCmAjkksTYfJ9RIJdjHxRSvIC8w HthJwzYVZrHTc7p9iyEudoFmVOKRKZi7nw== X-Received: by 2002:a17:90b:3c49:b0:1f1:9213:e747 with SMTP id pm9-20020a17090b3c4900b001f19213e747mr3415667pjb.15.1658485861296; Fri, 22 Jul 2022 03:31:01 -0700 (PDT) Received: from localhost ([58.33.57.226]) by smtp.gmail.com with ESMTPSA id g11-20020a170902d5cb00b0016a6cd546d6sm3304743plh.251.2022.07.22.03.30.57 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 22 Jul 2022 03:31:00 -0700 (PDT) Date: Fri, 22 Jul 2022 18:30:13 +0800 From: lijiazi To: Greg Kroah-Hartman Cc: "Rafael J. Wysocki" , "Jiazi.Li" , linux-kernel@vger.kernel.org Subject: Re: [PATCH] driver core: Do not add a device that has been removed in device_shutdown to devices_kset list again. Message-ID: <20220722101008.GA2223@Jiazi.Li> References: <20220721123325.4675-1-jiazi.li@transsion.com> <20220722061246.GA4801@Jiazi.Li> <20220722072903.GA5390@Jiazi.Li> <20220722082242.GA5656@Jiazi.Li> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 22, 2022 at 10:40:31AM +0200, Greg Kroah-Hartman wrote: > On Fri, Jul 22, 2022 at 04:22:42PM +0800, lijiazi wrote: > > On Fri, Jul 22, 2022 at 09:53:07AM +0200, Greg Kroah-Hartman wrote: > > > On Fri, Jul 22, 2022 at 03:31:19PM +0800, lijiazi wrote: > > > > On Fri, Jul 22, 2022 at 08:53:55AM +0200, Greg Kroah-Hartman wrote: > > > > > On Fri, Jul 22, 2022 at 02:18:11PM +0800, lijiazi wrote: > > > > > > On Thu, Jul 21, 2022 at 09:14:18PM +0200, Greg Kroah-Hartman wrote: > > > > > > > On Thu, Jul 21, 2022 at 08:33:25PM +0800, Jiazi.Li wrote: > > > > > > > > There is a race between device_shutdown and devices_kset_move_last: > > > > > > > > 1. device_shutdown remove dev from devices_kset, unlock list_lock > > > > > > > > > > > > > > > > 2. supplier call device_link_add move this consummer dev to > > > > > > > > last of devices_kset: > > > > > > > > devices_kset_move_last+0x184/0x1fc > > > > > > > > device_reorder_to_tail+0x50/0x17c > > > > > > > > device_link_add+0x670/0x9c0 > > > > > > > > phy_get+0x88/0x300 > > > > > > > > > > > > > > > > 3. device_shutdown call dev->bus->shutdown first time > > > > > > > > > > > > > > > > 4. in next loop, device_shutdown pick this dev from devices_kset > > > > > > > > again, and call dev->bus->shutdown for the second time. > > > > > > > > > > > > > > > > If the protection mechanism of dev->bus->shutdown is not perfect, > > > > > > > > the following crash will occur: > > > > > > > > [37.366651] [T1000001] Unable to handle kernel NULL pointer > > > > > > > > dereference at virtual address 0000000000000070 > > > > > > > > [37.414053] [T1600001] Kernel Offset: 0x2c73800000 from 0xffffffc010000000 > > > > > > > > [37.414908] [T1600001] PHYS_OFFSET: 0x40000000 > > > > > > > > [37.415458] [T1600001] pstate: 60400005 (nZCv daif +PAN -UAO) > > > > > > > > [37.416172] [T1600001] pc : [0xffffffec83eccd40] kernfs_find_ns+0x18/0x154 > > > > > > > > [37.417025] [T1600001] lr : [0xffffffec83ed8714] sysfs_unmerge_group+0x70/0x2e0 > > > > > > > > [37.417931] [T1600001] sp : ffffffc01008ba90 > > > > > > > > [37.418456] [T1600001] x29: ffffffc01008ba90 x28: ffffffec863c1000 > > > > > > > > [37.419221] [T1600001] x27: ffffffec85234e30 x26: ffffffec86490000 > > > > > > > > [37.419985] [T1600001] x25: ffffff80c854a4c0 x24: ffffff80c854a428 > > > > > > > > [37.420750] [T1600001] x23: 0000000000400100 x22: ffffffec85c4c5c8 > > > > > > > > [37.421514] [T1600001] x21: ffffffec85c4c5a0 x20: 0000000000000000 > > > > > > > > [37.422277] [T1600001] x19: ffffff80c0178000 x18: ffffffc010083068 > > > > > > > > [37.423043] [T1600001] x17: 0000000000000000 x16: 00000000000000d8 > > > > > > > > [37.423807] [T1600001] x15: ffffffec842b9314 x14: ffffffec85b04050 > > > > > > > > [37.424572] [T1600001] x13: 0000000000000000 x12: 000000000000000a > > > > > > > > [37.425336] [T1600001] x11: 0000000000000000 x10: ffffffec863e9000 > > > > > > > > [37.426102] [T1600001] x9 : 0000000000000001 x8 : 0000000000000000 > > > > > > > > [37.426869] [T1600001] x7 : 332e37332020205b x6 : ffffffec863e6e7e > > > > > > > > [37.427633] [T1600001] x5 : ffffffffffffffff x4 : 0000000000000000 > > > > > > > > [37.428396] [T1600001] x3 : 000000000000003c x2 : 0000000000000000 > > > > > > > > [37.429161] [T1600001] x1 : ffffffec85c4c5c8 x0 : 0000000000000000 > > > > > > > > [37.612410] [T1600001] Call trace: > > > > > > > > [37.612831] [T1600001] dump_backtrace.cfi_jt+0x0/0x8 > > > > > > > > [37.613457] [T1600001] dump_stack_lvl+0xc4/0x140 > > > > > > > > [37.614038] [T1600001] dump_stack+0x1c/0x2c > > > > > > > > [37.614588] [T1600001] mrdump_common_die+0x3a8/0x544 [mrdump] > > > > > > > > [37.615326] [T1600001] ipanic_die+0x24/0x38 [mrdump] > > > > > > > > [37.615951] [T1600001] die+0x344/0x748 > > > > > > > > [37.616425] [T1600001] die_kernel_fault+0x84/0x94 > > > > > > > > [37.617016] [T1600001] __do_kernel_fault+0x230/0x27c > > > > > > > > [37.617642] [T1600001] do_page_fault+0xb4/0x754 > > > > > > > > [37.618212] [T1600001] do_translation_fault+0x48/0x64 > > > > > > > > [37.618846] [T1600001] do_mem_abort+0x6c/0x164 > > > > > > > > [37.619406] [T1600001] el1_abort+0x44/0x68 > > > > > > > > [37.619921] [T1600001] el1_sync_handler+0x58/0x88 > > > > > > > > [37.620512] [T1600001] el1_sync+0x8c/0x140 > > > > > > > > [37.621028] [T1600001] kernfs_find_ns+0x18/0x154 > > > > > > > > [37.621608] [T1600001] sysfs_unmerge_group+0x70/0x2e0 > > > > > > > > [37.622246] [T1600001] device_del+0x198/0xd00 > > > > > > > > [37.622794] [T1600001] device_unregister+0x1c/0x3c > > > > > > > > [37.623409] [T1600001] charger_device_unregister+0x40/0x54 [charger_class] > > > > > > > > [37.624277] [T1600001] sgm41516d_shutdown+0x54/0x84 [sgm41516d] > > > > > > > > [37.625021] [T1600001] i2c_device_shutdown+0x68/0x118 > > > > > > > > [37.625656] [T1600001] device_shutdown+0x234/0x614 > > > > > > > > [37.626259] [T1600001] kernel_restart+0x74/0x1e8 > > > > > > > > [37.626840] [T1600001] __arm64_sys_reboot+0x3b0/0x424 > > > > > > > > [37.627475] [T1600001] el0_svc_common+0xd4/0x270 > > > > > > > > [37.628056] [T1600001] el0_svc+0x28/0x88 > > > > > > > > [37.628549] [T1600001] el0_sync_handler+0x8c/0xf0 > > > > > > > > [37.629141] [T1600001] el0_sync+0x1b4/0x1c0 > > > > > > > > > > > > > > > > because dev->kobject.sd has been set to NULL in fisrt shutdown. > > > > > > > > > > > > > > We can't take kernel changes to fix bugs in out-of-tree kernel modules. > > > > > > > Can you reproduce this with the in-tree drivers? If so, which ones? > > > > > > > > > > > > > > thanks, > > > > > > > > > > > > > > greg k-h > > > > > > > > > > > > I'm sorry, I am working on mobile phone base on android12+GKI2.0. > > > > > > So far, I found two charger driver have this issue , maybe more. > > > > > > Reproduce method is plug/unplug usb cable when device shutdown or > > > > > > reboot. > > > > > > GKI2.0 requires that most vendor's drivers are out-of-tree modules. > > > > > > > > > > That is not true, Google would much rather accept in-tree modules that > > > > > are upstream. It's your choice to not submit them for inclusion, please > > > > > don't pass the blame to someone else. > > > > > > > > > > > > > You are right. > > > > > > I haven't found in-tree drivers has this issue. > > > > > > > > > > Then perhaps your drivers are broken? Do you have a link to the source > > > > > anywhere? > > > > > > > > Yes, as I said earlier, I have encountered two broken drivers. > > > > Sorry for can't provide a link. > > > > > > Why not, the license of your driver is GPLv2, right? > > > > > > > The driver is GPLv2, but for some other reason. > > What other reason? > For confidentiality reasons, company prohibits uploading codes to github and other websites. > > > > Instead of fix driver one by one, perhaps add a list_empty check is > > > > a better method. > > > > > > Please work to find the problem in your driver first. We do not add > > > "hardening" code to the kernel core to prevent buggy drivers from > > > causing problems, for obvious reasons. > > > > > > > I have fixed the problem in vendor's driver, but I can't stop them from > > make similar mistake. > > What was the problem that it had? Perhaps post that here for us to see > what was required to resolve this. In i2c device driver's shutdown callback, do not set i2c_client->dev ->drvdata to NULL. 1. device_shutdown remove device from devices_kset and call shutdown 2. During the shutdown or reboot of phone, if plug/unplug usb, driver call phy_get to obtain a reference to usb phy. phy_get ->device_link_add//i2c device as usb phy's consumer ->device_reorder_to_tail ->device_kset_move_last//move i2c device to last of devices_kset 3. device_shutdown call i2c device shutdown again My workaround is set i2c_clinet->dev->drvdata to NULL before return in shutdown callback, and check whether drvdata is NULL at the beginning of shutdown callback, if NULL, just return. But this cannot prevent shutdown from being called twice. > > thanks, > > greg k-h