On Fri, Oct 11, 2024 at 08:00:05AM -0700, syzbot wrote: > Hello, > > syzbot tried to test the proposed patch but the build/boot failed: > > failed to apply patch: > checking file drivers/usb/gadget/udc/dummy_hcd.c > Hunk #4 FAILED at 1301. > Hunk #5 FAILED at 1323. > Hunk #6 succeeded at 1778 (offset 1 line). > Hunk #7 succeeded at 1809 (offset 1 line). > Hunk #8 succeeded at 1818 (offset 1 line). > Hunk #9 FAILED at 1995. > Hunk #10 FAILED at 2389. > Hunk #11 FAILED at 2467. > Hunk #12 FAILED at 2497. > Hunk #13 succeeded at 2519 (offset 2 lines). > 6 out of 13 hunks FAILED > > > > Tested on: > > commit: 4a9fe2a8 dt-bindings: usb: dwc3-imx8mp: add compatible.. > git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing All right, one more try, this time starting from the right commit. Alan Stern #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing Index: usb-devel/drivers/usb/gadget/udc/dummy_hcd.c =================================================================== --- usb-devel.orig/drivers/usb/gadget/udc/dummy_hcd.c +++ usb-devel/drivers/usb/gadget/udc/dummy_hcd.c @@ -30,7 +30,7 @@ #include <linux/slab.h> #include <linux/errno.h> #include <linux/init.h> -#include <linux/hrtimer.h> +#include <linux/timer.h> #include <linux/list.h> #include <linux/interrupt.h> #include <linux/platform_device.h> @@ -50,8 +50,6 @@ #define POWER_BUDGET 500 /* in mA; use 8 for low-power port testing */ #define POWER_BUDGET_3 900 /* in mA */ -#define DUMMY_TIMER_INT_NSECS 125000 /* 1 microframe */ - static const char driver_name[] = "dummy_hcd"; static const char driver_desc[] = "USB Host+Gadget Emulator"; @@ -242,7 +240,7 @@ enum dummy_rh_state { struct dummy_hcd { struct dummy *dum; enum dummy_rh_state rh_state; - struct hrtimer timer; + struct timer_list timer; u32 port_status; u32 old_status; unsigned long re_timeout; @@ -1303,9 +1301,8 @@ static int dummy_urb_enqueue( urb->error_count = 1; /* mark as a new urb */ /* kick the scheduler, it'll do the rest */ - if (!hrtimer_active(&dum_hcd->timer)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), - HRTIMER_MODE_REL_SOFT); + if (!timer_pending(&dum_hcd->timer)) + mod_timer(&dum_hcd->timer, jiffies + 1); done: spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); @@ -1326,7 +1323,7 @@ static int dummy_urb_dequeue(struct usb_ rc = usb_hcd_check_unlink_urb(hcd, urb, status); if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING && !list_empty(&dum_hcd->urbp_list)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT); + mod_timer(&dum_hcd->timer, jiffies); spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); return rc; @@ -1780,7 +1777,7 @@ static int handle_control_request(struct * drivers except that the callbacks are invoked from soft interrupt * context. */ -static enum hrtimer_restart dummy_timer(struct hrtimer *t) +static void dummy_timer(struct timer_list *t) { struct dummy_hcd *dum_hcd = from_timer(dum_hcd, t, timer); struct dummy *dum = dum_hcd->dum; @@ -1811,6 +1808,8 @@ static enum hrtimer_restart dummy_timer( break; } + /* FIXME if HZ != 1000 this will probably misbehave ... */ + /* look at each urb queued by the host side driver */ spin_lock_irqsave(&dum->lock, flags); @@ -1818,7 +1817,7 @@ static enum hrtimer_restart dummy_timer( dev_err(dummy_dev(dum_hcd), "timer fired with no URBs pending?\n"); spin_unlock_irqrestore(&dum->lock, flags); - return HRTIMER_NORESTART; + return; } dum_hcd->next_frame_urbp = NULL; @@ -1996,13 +1995,10 @@ return_urb: dum_hcd->udev = NULL; } else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) { /* want a 1 msec delay here */ - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), - HRTIMER_MODE_REL_SOFT); + mod_timer(&dum_hcd->timer, jiffies + msecs_to_jiffies(1)); } spin_unlock_irqrestore(&dum->lock, flags); - - return HRTIMER_NORESTART; } /*-------------------------------------------------------------------------*/ @@ -2391,7 +2387,7 @@ static int dummy_bus_resume(struct usb_h dum_hcd->rh_state = DUMMY_RH_RUNNING; set_link_state(dum_hcd); if (!list_empty(&dum_hcd->urbp_list)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT); + mod_timer(&dum_hcd->timer, jiffies); hcd->state = HC_STATE_RUNNING; } spin_unlock_irq(&dum_hcd->dum->lock); @@ -2469,8 +2465,7 @@ static DEVICE_ATTR_RO(urbs); static int dummy_start_ss(struct dummy_hcd *dum_hcd) { - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); - dum_hcd->timer.function = dummy_timer; + timer_setup(&dum_hcd->timer, dummy_timer, 0); dum_hcd->rh_state = DUMMY_RH_RUNNING; dum_hcd->stream_en_ep = 0; INIT_LIST_HEAD(&dum_hcd->urbp_list); @@ -2499,8 +2494,7 @@ static int dummy_start(struct usb_hcd *h return dummy_start_ss(dum_hcd); spin_lock_init(&dum_hcd->dum->lock); - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); - dum_hcd->timer.function = dummy_timer; + timer_setup(&dum_hcd->timer, dummy_timer, 0); dum_hcd->rh_state = DUMMY_RH_RUNNING; INIT_LIST_HEAD(&dum_hcd->urbp_list); @@ -2519,11 +2513,8 @@ static int dummy_start(struct usb_hcd *h static void dummy_stop(struct usb_hcd *hcd) { - struct dummy_hcd *dum_hcd = hcd_to_dummy_hcd(hcd); - - hrtimer_cancel(&dum_hcd->timer); - device_remove_file(dummy_dev(dum_hcd), &dev_attr_urbs); - dev_info(dummy_dev(dum_hcd), "stopped\n"); + device_remove_file(dummy_dev(hcd_to_dummy_hcd(hcd)), &dev_attr_urbs); + dev_info(dummy_dev(hcd_to_dummy_hcd(hcd)), "stopped\n"); } /*-------------------------------------------------------------------------*/