| From bc1e2154542071e3cfe1734b143af9b8bdacf8bd Mon Sep 17 00:00:00 2001 |
| From: Bin Liu <b-liu@ti.com> |
| Date: Fri, 10 Mar 2017 14:43:37 -0600 |
| Subject: [PATCH] usb: musb: fix possible spinlock deadlock |
| |
| commit bc1e2154542071e3cfe1734b143af9b8bdacf8bd upstream. |
| |
| The DSPS glue calls del_timer_sync() in its musb_platform_disable() |
| implementation, which requires the caller to not hold a lock. But |
| musb_remove() calls musb_platform_disable() will musb->lock held. This |
| could causes spinlock deadlock. |
| |
| So change musb_remove() to call musb_platform_disable() without holds |
| musb->lock. This doesn't impact the musb_platform_disable implementation |
| in other glue drivers. |
| |
| root@am335x-evm:~# modprobe -r musb-dsps |
| [ 126.134879] musb-hdrc musb-hdrc.1: remove, state 1 |
| [ 126.140465] usb usb2: USB disconnect, device number 1 |
| [ 126.146178] usb 2-1: USB disconnect, device number 2 |
| [ 126.416985] musb-hdrc musb-hdrc.1: USB bus 2 deregistered |
| [ 126.423943] |
| [ 126.425525] ====================================================== |
| [ 126.431997] [ INFO: possible circular locking dependency detected ] |
| [ 126.438564] 4.11.0-rc1-00003-g1557f13bca04-dirty #77 Not tainted |
| [ 126.444852] ------------------------------------------------------- |
| [ 126.451414] modprobe/778 is trying to acquire lock: |
| [ 126.456523] (((&glue->timer))){+.-...}, at: [<c01b8788>] del_timer_sync+0x0/0xd0 |
| [ 126.464403] |
| [ 126.464403] but task is already holding lock: |
| [ 126.470511] (&(&musb->lock)->rlock){-.-...}, at: [<bf30b7f8>] musb_remove+0x50/0x1 |
| 30 [musb_hdrc] |
| [ 126.479965] |
| [ 126.479965] which lock already depends on the new lock. |
| [ 126.479965] |
| [ 126.488531] |
| [ 126.488531] the existing dependency chain (in reverse order) is: |
| [ 126.496368] |
| [ 126.496368] -> #1 (&(&musb->lock)->rlock){-.-...}: |
| [ 126.502968] otg_timer+0x80/0xec [musb_dsps] |
| [ 126.507990] call_timer_fn+0xb4/0x390 |
| [ 126.512372] expire_timers+0xf0/0x1fc |
| [ 126.516754] run_timer_softirq+0x80/0x178 |
| [ 126.521511] __do_softirq+0xc4/0x554 |
| [ 126.525802] irq_exit+0xe8/0x158 |
| [ 126.529735] __handle_domain_irq+0x58/0xb8 |
| [ 126.534583] __irq_usr+0x54/0x80 |
| [ 126.538507] |
| [ 126.538507] -> #0 (((&glue->timer))){+.-...}: |
| [ 126.544636] del_timer_sync+0x40/0xd0 |
| [ 126.549066] musb_remove+0x6c/0x130 [musb_hdrc] |
| [ 126.554370] platform_drv_remove+0x24/0x3c |
| [ 126.559206] device_release_driver_internal+0x14c/0x1e0 |
| [ 126.565225] bus_remove_device+0xd8/0x108 |
| [ 126.569970] device_del+0x1e4/0x308 |
| [ 126.574170] platform_device_del+0x24/0x8c |
| [ 126.579006] platform_device_unregister+0xc/0x20 |
| [ 126.584394] dsps_remove+0x14/0x30 [musb_dsps] |
| [ 126.589595] platform_drv_remove+0x24/0x3c |
| [ 126.594432] device_release_driver_internal+0x14c/0x1e0 |
| [ 126.600450] driver_detach+0x38/0x6c |
| [ 126.604740] bus_remove_driver+0x4c/0xa0 |
| [ 126.609407] SyS_delete_module+0x11c/0x1e4 |
| [ 126.614252] __sys_trace_return+0x0/0x10 |
| |
| Fixes: ea2f35c01d5ea ("usb: musb: Fix sleeping function called from invalid context for hdrc glue") |
| Cc: <stable@vger.kernel.org> #4.9+ |
| Acked-by: Tony Lindgren <tony@atomide.com> |
| Signed-off-by: Bin Liu <b-liu@ti.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c |
| index d8bae6ca8904..0c3664ab705e 100644 |
| --- a/drivers/usb/musb/musb_core.c |
| +++ b/drivers/usb/musb/musb_core.c |
| @@ -2490,8 +2490,8 @@ static int musb_remove(struct platform_device *pdev) |
| musb_host_cleanup(musb); |
| musb_gadget_cleanup(musb); |
| |
| - spin_lock_irqsave(&musb->lock, flags); |
| musb_platform_disable(musb); |
| + spin_lock_irqsave(&musb->lock, flags); |
| musb_disable_interrupts(musb); |
| musb_writeb(musb->mregs, MUSB_DEVCTL, 0); |
| spin_unlock_irqrestore(&musb->lock, flags); |
| -- |
| 2.12.0 |
| |