Re: [PATCH] drivers/xillybus: fix deadlock upon cleanup_dev

From: Eli Billauer
Date: Tue Aug 13 2024 - 02:16:16 EST

Next message: Li Li: "Re: [PATCH v1] add binder genl for txn report"
Previous message: Steev Klimaszewski: "Re: [PATCH] arm64: dts: qcom: sc8180x: Enable the power key"
In reply to: Sabyrzhan Tasbolatov: "[PATCH] drivers/xillybus: fix deadlock upon cleanup_dev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I should have sent a response to this syzbot alert, indicating that there is already ongoing work to fix this issue:

https://lore.kernel.org/lkml/20240801121126.60183-1-eli.billauer@xxxxxxxxx/

My apologies for not doing that.

On 13/08/2024 7:04, Sabyrzhan Tasbolatov wrote:

syzbot found an issue [1] when cleanup_dev() is called twice,
causing deadlock.

How is cleanup_dev() called twice? I only see it once in the stack trace.

It is called in xillyusb_probe()

in the end of wakeup_all():

INIT_WORK(&xdev->wakeup_workitem, wakeup_all);

INIT_WORK merely initializes the work item, it doesn't cause its execution.

@@ -2174,7 +2175,6 @@ static int xillyusb_probe(struct usb_interface *interface,
fail:
usb_set_intfdata(interface, NULL);
- kref_put(&xdev->kref, cleanup_dev);
return rc;
}

This edit causes a memory leak, because the reference count needs to be decremented in other failure scenarios.

Thanks,
Eli

Next message: Li Li: "Re: [PATCH v1] add binder genl for txn report"
Previous message: Steev Klimaszewski: "Re: [PATCH] arm64: dts: qcom: sc8180x: Enable the power key"
In reply to: Sabyrzhan Tasbolatov: "[PATCH] drivers/xillybus: fix deadlock upon cleanup_dev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]