Re: Kernel warning from kobject in USB HID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 17 Aug 2010, Stephen Hemminger wrote:

> Running last-week kernel, saw this in the log every time I flip my KVM switch.
> 
> 
> Aug 17 14:29:10 nehalam kernel: [ 7523.675554] input: Belkin Corporation Flip CC as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1.1/2-1.1:1.0/input/input27
> Aug 17 14:29:10 nehalam kernel: [ 7523.675701] belkin 0003:050D:3201.0019: input,hiddev0,hidraw4: USB HID v1.10 Device [Belkin Corporation Flip CC] on usb-0000:00:1d.7-1.1/input0
> Aug 17 14:29:10 nehalam kernel: [ 7523.723485] usb 2-1.4: USB disconnect, address 20
> Aug 17 14:29:11 nehalam kernel: [ 7524.235309] usb 2-1.3: USB disconnect, address 21
> Aug 17 14:42:46 nehalam kernel: [ 8338.552566] usb 2-1.1: USB disconnect, address 22
> Aug 17 14:42:46 nehalam kernel: [ 8338.552614] ------------[ cut here ]------------
> Aug 17 14:42:46 nehalam kernel: [ 8338.552620] WARNING: at lib/kobject.c:595 kobject_put+0x50/0x60()
> Aug 17 14:42:46 nehalam kernel: [ 8338.552623] Hardware name: System Product Name
> Aug 17 14:42:46 nehalam kernel: [ 8338.552625] kobject: '(null)' (ffff88017177d898): is not initialized, yet kobject_put() is being called.
> Aug 17 14:42:46 nehalam kernel: [ 8338.552628] Modules linked in: hid_belkin sha1_generic arc4 ppp_mppe ppp_async crc_ccitt autofs4 binfmt_misc ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp llc kvm_intel kvm radeon ttm drm_kms_helper drm i2c_algo_bit snd_hda_codec_analog ipv6 snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device asus_atk0110 snd psmouse serio_raw soundcore snd_page_alloc usbhid mvsas libsas scsi_transport_sas floppy sky2 e1000e
> Aug 17 14:42:46 nehalam kernel: [ 8338.552678] Pid: 69, comm: khubd Tainted: G        W   2.6.35+ #35
> Aug 17 14:42:46 nehalam kernel: [ 8338.552680] Call Trace:
> Aug 17 14:42:46 nehalam kernel: [ 8338.552687]  [<ffffffff8104821a>] warn_slowpath_common+0x7a/0xb0
> Aug 17 14:42:46 nehalam kernel: [ 8338.552693]  [<ffffffff810482f1>] warn_slowpath_fmt+0x41/0x50
> Aug 17 14:42:46 nehalam kernel: [ 8338.552697]  [<ffffffff81249db0>] kobject_put+0x50/0x60
> Aug 17 14:42:46 nehalam kernel: [ 8338.552701]  [<ffffffff812f3592>] put_device+0x12/0x20
> Aug 17 14:42:46 nehalam kernel: [ 8338.552706]  [<ffffffff813b95b3>] hid_destroy_device+0x43/0x50
> Aug 17 14:42:46 nehalam kernel: [ 8338.552713]  [<ffffffffa0044a06>] usbhid_disconnect+0x26/0x50 [usbhid]
> Aug 17 14:42:46 nehalam kernel: [ 8338.552719]  [<ffffffff81378a35>] usb_unbind_interface+0x55/0x1a0
> Aug 17 14:42:46 nehalam kernel: [ 8338.552725]  [<ffffffff812f73d0>] __device_release_driver+0x70/0xe0
> Aug 17 14:42:46 nehalam kernel: [ 8338.552730]  [<ffffffff812f7538>] device_release_driver+0x28/0x40
> Aug 17 14:42:46 nehalam kernel: [ 8338.552734]  [<ffffffff812f64e9>] bus_remove_device+0xa9/0xe0
> Aug 17 14:42:46 nehalam kernel: [ 8338.552737]  [<ffffffff812f41e7>] device_del+0x127/0x1d0
> Aug 17 14:42:46 nehalam kernel: [ 8338.552742]  [<ffffffff813753c7>] usb_disable_device+0xa7/0x130
> Aug 17 14:42:46 nehalam kernel: [ 8338.552745]  [<ffffffff8136e941>] usb_disconnect+0x91/0x130
> Aug 17 14:42:46 nehalam kernel: [ 8338.552749]  [<ffffffff8136ffdc>] hub_thread+0x48c/0x1220
> Aug 17 14:42:46 nehalam kernel: [ 8338.552754]  [<ffffffff81040651>] ? dequeue_entity+0x1a1/0x1e0
> Aug 17 14:42:46 nehalam kernel: [ 8338.552759]  [<ffffffff810661f0>] ? autoremove_wake_function+0x0/0x40
> Aug 17 14:42:46 nehalam kernel: [ 8338.552763]  [<ffffffff8136fb50>] ? hub_thread+0x0/0x1220
> Aug 17 14:42:46 nehalam kernel: [ 8338.552766]  [<ffffffff81065cfe>] kthread+0x8e/0xa0
> Aug 17 14:42:46 nehalam kernel: [ 8338.552771]  [<ffffffff81003454>] kernel_thread_helper+0x4/0x10
> Aug 17 14:42:46 nehalam kernel: [ 8338.552775]  [<ffffffff81065c70>] ? kthread+0x0/0xa0
> Aug 17 14:42:46 nehalam kernel: [ 8338.552778]  [<ffffffff81003450>] ? kernel_thread_helper+0x0/0x10
> Aug 17 14:42:46 nehalam kernel: [ 8338.552781] ---[ end trace 2721da84d6efea62 ]---

Hi Stephen,

I have the patch below queued in my tree, and I am planning to push it to 
Linus soon. It will almost certainly fix your issue, but I'll appreciate 
if you can confirm that. Thanks.

commit 9c9e54a8df0be48aa359744f412377cc55c3b7d2
Author: Jiri Kosina <jkosina@xxxxxxx>
Date:   Fri Aug 13 12:19:45 2010 +0200

    HID: hiddev: fix memory corruption due to invalid intfdata
    
    Commit bd25f4dd6972755579d0 ("HID: hiddev: use usb_find_interface,
    get rid of BKL") introduced using of private intfdata in hiddev for
    purpose of storing hiddev pointer.
    
    This is a problem, because intf pointer is already being set to struct
    hid_device pointer by HID core. This obviously lead to memory corruptions
    at device disconnect time, such as
    
    WARNING: at lib/kobject.c:595 kobject_put+0x37/0x4b()
    kobject: '(null)' (ffff88011e9cd898): is not initialized, yet kobject_put() is being called.
    
    Convert hiddev into accessing hiddev through struct hid_device which is
    in intfdata already.
    
    Reported-and-tested-by: Markus Trippelsdorf <markus@xxxxxxxxxxxxxxx>
    Reported-and-tested-by: Heinz Diehl <htd@xxxxxxxxxx>
    Reported-and-tested-by: Alan Ott <alan@xxxxxxxxxxx>
    Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>

diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
index f285017..0a29c51 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -266,13 +266,15 @@ static int hiddev_open(struct inode *inode, struct file *file)
 {
 	struct hiddev_list *list;
 	struct usb_interface *intf;
+	struct hid_device *hid;
 	struct hiddev *hiddev;
 	int res;
 
 	intf = usb_find_interface(&hiddev_driver, iminor(inode));
 	if (!intf)
 		return -ENODEV;
-	hiddev = usb_get_intfdata(intf);
+	hid = usb_get_intfdata(intf);
+	hiddev = hid->hiddev;
 
 	if (!(list = kzalloc(sizeof(struct hiddev_list), GFP_KERNEL)))
 		return -ENOMEM;
@@ -890,7 +892,6 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
 	hid->hiddev = hiddev;
 	hiddev->hid = hid;
 	hiddev->exist = 1;
-	usb_set_intfdata(usbhid->intf, usbhid);
 	retval = usb_register_dev(usbhid->intf, &hiddev_class);
 	if (retval) {
 		err_hid("Not able to get a minor for this device.");

-- 
Jiri Kosina
SUSE Labs, Novell Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux