Re: Kernel warning from kobject in USB HID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 18 Aug 2010 10:16:24 +0200 (CEST)
Jiri Kosina <jkosina@xxxxxxx> wrote:

> On Tue, 17 Aug 2010, Stephen Hemminger wrote:
> 
> > Running last-week kernel, saw this in the log every time I flip my KVM switch.
> > 
> > 
> > Aug 17 14:29:10 nehalam kernel: [ 7523.675554] input: Belkin Corporation Flip CC as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1.1/2-1.1:1.0/input/input27
> > Aug 17 14:29:10 nehalam kernel: [ 7523.675701] belkin 0003:050D:3201.0019: input,hiddev0,hidraw4: USB HID v1.10 Device [Belkin Corporation Flip CC] on usb-0000:00:1d.7-1.1/input0
> > Aug 17 14:29:10 nehalam kernel: [ 7523.723485] usb 2-1.4: USB disconnect, address 20
> > Aug 17 14:29:11 nehalam kernel: [ 7524.235309] usb 2-1.3: USB disconnect, address 21
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552566] usb 2-1.1: USB disconnect, address 22
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552614] ------------[ cut here ]------------
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552620] WARNING: at lib/kobject.c:595 kobject_put+0x50/0x60()
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552623] Hardware name: System Product Name
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552625] kobject: '(null)' (ffff88017177d898): is not initialized, yet kobject_put() is being called.
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552628] Modules linked in: hid_belkin sha1_generic arc4 ppp_mppe ppp_async crc_ccitt autofs4 binfmt_misc ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp llc kvm_intel kvm radeon ttm drm_kms_helper drm i2c_algo_bit snd_hda_codec_analog ipv6 snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device asus_atk0110 snd psmouse serio_raw soundcore snd_page_alloc usbhid mvsas libsas scsi_transport_sas floppy sky2 e1000e
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552678] Pid: 69, comm: khubd Tainted: G        W   2.6.35+ #35
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552680] Call Trace:
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552687]  [<ffffffff8104821a>] warn_slowpath_common+0x7a/0xb0
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552693]  [<ffffffff810482f1>] warn_slowpath_fmt+0x41/0x50
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552697]  [<ffffffff81249db0>] kobject_put+0x50/0x60
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552701]  [<ffffffff812f3592>] put_device+0x12/0x20
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552706]  [<ffffffff813b95b3>] hid_destroy_device+0x43/0x50
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552713]  [<ffffffffa0044a06>] usbhid_disconnect+0x26/0x50 [usbhid]
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552719]  [<ffffffff81378a35>] usb_unbind_interface+0x55/0x1a0
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552725]  [<ffffffff812f73d0>] __device_release_driver+0x70/0xe0
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552730]  [<ffffffff812f7538>] device_release_driver+0x28/0x40
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552734]  [<ffffffff812f64e9>] bus_remove_device+0xa9/0xe0
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552737]  [<ffffffff812f41e7>] device_del+0x127/0x1d0
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552742]  [<ffffffff813753c7>] usb_disable_device+0xa7/0x130
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552745]  [<ffffffff8136e941>] usb_disconnect+0x91/0x130
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552749]  [<ffffffff8136ffdc>] hub_thread+0x48c/0x1220
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552754]  [<ffffffff81040651>] ? dequeue_entity+0x1a1/0x1e0
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552759]  [<ffffffff810661f0>] ? autoremove_wake_function+0x0/0x40
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552763]  [<ffffffff8136fb50>] ? hub_thread+0x0/0x1220
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552766]  [<ffffffff81065cfe>] kthread+0x8e/0xa0
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552771]  [<ffffffff81003454>] kernel_thread_helper+0x4/0x10
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552775]  [<ffffffff81065c70>] ? kthread+0x0/0xa0
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552778]  [<ffffffff81003450>] ? kernel_thread_helper+0x0/0x10
> > Aug 17 14:42:46 nehalam kernel: [ 8338.552781] ---[ end trace 2721da84d6efea62 ]---
> 
> Hi Stephen,
> 
> I have the patch below queued in my tree, and I am planning to push it to 
> Linus soon. It will almost certainly fix your issue, but I'll appreciate 
> if you can confirm that. Thanks.
> 
> commit 9c9e54a8df0be48aa359744f412377cc55c3b7d2
> Author: Jiri Kosina <jkosina@xxxxxxx>
> Date:   Fri Aug 13 12:19:45 2010 +0200
> 
>     HID: hiddev: fix memory corruption due to invalid intfdata
>     
>     Commit bd25f4dd6972755579d0 ("HID: hiddev: use usb_find_interface,
>     get rid of BKL") introduced using of private intfdata in hiddev for
>     purpose of storing hiddev pointer.
>     
>     This is a problem, because intf pointer is already being set to struct
>     hid_device pointer by HID core. This obviously lead to memory corruptions
>     at device disconnect time, such as
>     
>     WARNING: at lib/kobject.c:595 kobject_put+0x37/0x4b()
>     kobject: '(null)' (ffff88011e9cd898): is not initialized, yet kobject_put() is being called.
>     
>     Convert hiddev into accessing hiddev through struct hid_device which is
>     in intfdata already.
>     
>     Reported-and-tested-by: Markus Trippelsdorf <markus@xxxxxxxxxxxxxxx>
>     Reported-and-tested-by: Heinz Diehl <htd@xxxxxxxxxx>
>     Reported-and-tested-by: Alan Ott <alan@xxxxxxxxxxx>
>     Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
> 
> diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
> index f285017..0a29c51 100644
> --- a/drivers/hid/usbhid/hiddev.c
> +++ b/drivers/hid/usbhid/hiddev.c
> @@ -266,13 +266,15 @@ static int hiddev_open(struct inode *inode, struct file *file)
>  {
>  	struct hiddev_list *list;
>  	struct usb_interface *intf;
> +	struct hid_device *hid;
>  	struct hiddev *hiddev;
>  	int res;
>  
>  	intf = usb_find_interface(&hiddev_driver, iminor(inode));
>  	if (!intf)
>  		return -ENODEV;
> -	hiddev = usb_get_intfdata(intf);
> +	hid = usb_get_intfdata(intf);
> +	hiddev = hid->hiddev;
>  
>  	if (!(list = kzalloc(sizeof(struct hiddev_list), GFP_KERNEL)))
>  		return -ENOMEM;
> @@ -890,7 +892,6 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
>  	hid->hiddev = hiddev;
>  	hiddev->hid = hid;
>  	hiddev->exist = 1;
> -	usb_set_intfdata(usbhid->intf, usbhid);
>  	retval = usb_register_dev(usbhid->intf, &hiddev_class);
>  	if (retval) {
>  		err_hid("Not able to get a minor for this device.");
> 

I don't see any more errors when using the patch.

Reported-and-tested-by: Stephen Hemminger <shemminger@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux