Re: [PATCH v10 54/55] Input: atmel_mxt_ts: Implement synchronization during various operation

From: Dmitry Osipenko
Date: Sat Apr 04 2020 - 17:38:50 EST

Next message: Dmitry Osipenko: "Re: [PATCH] PM / devfreq: tegra30: Delete an error message in tegra_devfreq_probe()"
Previous message: Florian Fainelli: "Re: [GIT PULL 3/3] bcm2835-defconfig-next-2020-03-27"
In reply to: Wang, Jiada: "Re: [PATCH v10 54/55] Input: atmel_mxt_ts: Implement synchronization during various operation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

03.04.2020 11:39, Wang, Jiada ÐÐÑÐÑ:
> Hi Dmitry
>
> On 2020/04/02 22:24, Dmitry Osipenko wrote:
>> 02.04.2020 14:50, Wang, Jiada ÐÐÑÐÑ:
>>> Hi Dmitry
>>>
>>> On 2020/04/02 1:04, Dmitry Osipenko wrote:
>>>> 31.03.2020 13:50, Jiada Wang ÐÐÑÐÑ:
>>>>> From: Sanjeev Chugh <sanjeev_chugh@xxxxxxxxxx>
>>>>>
>>>>> There could be scope of race conditions when sysfs is being handled
>>>>> and at the same time, device removal is occurring. For example,
>>>>> we don't want the device removal to begin if the Atmel device
>>>>> cfg update is going on or firmware update is going on. In such
>>>>> cases, wait for device update to be completed before the removal
>>>>> continues.
>>>>>
>>>>> ÂÂÂÂÂ ThreadÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Thread 2:
>>>>> =========================
>>>>> =========================
>>>>> mxt_update_fw_store()ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ mxt_remove()
>>>>> mutex_lock(&data->lock)ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ...
>>>>> mxt_initialize()ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ //Tries to acquire
>>>>> lock
>>>>> ÂÂÂ request_firmware_nowait()ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ
>>>>> mutex_lock(&data->lock)
>>>>> ...ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ==>waits for lock()
>>>>> ...ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ .
>>>>> ...ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ .
>>>>> mutex_unlock(&data->lock)ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ .
>>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ //Gets lock and
>>>>> proceeds
>>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ
>>>>> mxt_free_input_device();
>>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ...
>>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ
>>>>> mutex_unlock(&data->lock)
>>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ //Frees atmel driver
>>>>> data
>>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ kfree(data)
>>>>>
>>>>> If the request_firmware_nowait() completes after the driver removal,
>>>>> and callback is triggered. But kernel crashes since the module is
>>>>> already removed.
>>>>>
>>>>> This commit adds state machine to serialize such scenarios.
>>>>
>>>> Won't it be easier to bump driver's module use-count by __module_get()
>>>> while firmware is updating? Or remove sysfs during of mxt_remove()? >
>>>
>>> thanks for your inspiration, I will replace state machine with module
>>> use-count.
>>
>> I'm actually now thinking that the suggestion about the module-count
>> wasn't very correct because this won't really help in regards to
>> mxt_update_fw_store() / mxt_remove() racing.
>>
>> I see that mxt_remove() already invokes the mxt_sysfs_remove(), which
>> should block until mxt_update_fw_store() is completed, shouldn't it?
>
> Yes, you are correct,
> this commit isn't addressing the real root cause
>
>>
>> I guess the kfree(data) isn't the real cause of the problem and
>> something like this should help:
>>
>> diff --git a/drivers/input/touchscreen/atmel_mxt_ts.c
>> b/drivers/input/touchscreen/atmel_mxt_ts.c
>> index b2edf51e1595..4e66106feeb9 100644
>> --- a/drivers/input/touchscreen/atmel_mxt_ts.c
>> +++ b/drivers/input/touchscreen/atmel_mxt_ts.c
>> @@ -4254,6 +4254,7 @@ static void mxt_sysfs_remove(struct mxt_data *data)
>> ÂÂÂÂÂ struct i2c_client *client = data->client;
>>
>> ÂÂÂÂÂ sysfs_remove_group(&client->dev.kobj, &mxt_attr_group);
>> +ÂÂÂ sysfs_remove_group(&client->dev.kobj, &mxt_fw_attr_group);
>> Â }
>>
>> Â static void mxt_reset_slots(struct mxt_data *data)
>> @@ -4649,31 +4650,19 @@ static int mxt_remove(struct i2c_client *client)
>> Â {
>> ÂÂÂÂÂ struct mxt_data *data = i2c_get_clientdata(client);
>>
>> -ÂÂÂ mutex_lock(&data->lock);
>> -ÂÂÂ if (data->e_state == MXT_STATE_UPDATING_CONFIG_ASYNC ||
>> -ÂÂÂÂÂÂÂ data->e_state == MXT_STATE_UPDATING_CONFIG) {
>> -ÂÂÂÂÂÂÂ data->e_state = MXT_STATE_GOING_AWAY;
>> -ÂÂÂÂÂÂÂ mutex_unlock(&data->lock);
>> -ÂÂÂÂÂÂÂ mxt_wait_for_completion(data, &data->update_cfg_completion,
>> -ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ MXT_CONFIG_TIMEOUT);
>> -ÂÂÂ } else {
>> -ÂÂÂÂÂÂÂ data->e_state = MXT_STATE_GOING_AWAY;
>> -ÂÂÂÂÂÂÂ mutex_unlock(&data->lock);
>> -ÂÂÂ }
>> +ÂÂÂ mxt_sysfs_remove(data);
>>
>> -ÂÂÂ disable_irq(data->irq);
>> -ÂÂÂ sysfs_remove_group(&client->dev.kobj, &mxt_fw_attr_group);
>> ÂÂÂÂÂ if (data->reset_gpio) {
>> ÂÂÂÂÂÂÂÂÂ sysfs_remove_link(&client->dev.kobj, "reset");
>> ÂÂÂÂÂÂÂÂÂ gpiod_unexport(data->reset_gpio);
>> ÂÂÂÂÂ }
>> +
>> ÂÂÂÂÂ mxt_debug_msg_remove(data);
>> -ÂÂÂ mxt_sysfs_remove(data);
>> ÂÂÂÂÂ mxt_free_input_device(data);
>> ÂÂÂÂÂ mxt_free_object_table(data);
>>
>> ÂÂÂÂif (debug_state)
>> ÂÂÂÂÂÂÂ cancel_delayed_work_sync(&data->watchdog_work);
>> +ÂÂÂ disable_irq(data->irq);
>>
>> ÂÂÂÂÂ return 0;
>> Â }
>>
> yes, I confirmed, the root cause is because irq is disabled while
> firmware is being updated, this cause update of firmware can't proceed.
> by move disable irq after sysfs entry removal can fix the issue

Okay :)

Next message: Dmitry Osipenko: "Re: [PATCH] PM / devfreq: tegra30: Delete an error message in tegra_devfreq_probe()"
Previous message: Florian Fainelli: "Re: [GIT PULL 3/3] bcm2835-defconfig-next-2020-03-27"
In reply to: Wang, Jiada: "Re: [PATCH v10 54/55] Input: atmel_mxt_ts: Implement synchronization during various operation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]