Re: Re: [PATCH] USB: Fix race condition during UVC webcam disconnect

From: Ricardo Ribalda
Date: Wed Aug 09 2023 - 07:39:34 EST

Next message: Nishanth Menon: "Re: [PATCH V3 1/2] dt-bindings: opp: Convert ti-omap5-opp-supply to json schema"
Previous message: Maxim Mikityanskiy: "[PATCH] HID: logitech-hidpp: Add support for Logitech MX Anywhere 3 mouse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Aman

Could you check if this patchset fixes the problem for you
https://patchwork.linuxtv.org/project/linux-media/list/?series=10038 ?

Regards!

On Wed, 2 Aug 2023 at 09:56, AMAN DEEP <aman.deep@xxxxxxxxxxx> wrote:
>
>
> Hi Oliver,
>
>
> Thanks for analysis. I got your point about changes required in UVC driver to handle this race condition.
> Alan and Greg also pointed it out, so i tried to handle this race condition in UVC driver.
> I am testing my new changes done in only UVC driver to resolve this issue.
> After checking new patch for this race condition, I will share it.
>
>
> >>On 28.07.23 06:59, AMAN DEEP wrote:
> >
> >Hi,
> >
> >> [1-221.1822] [ msg: 4788] PC is at usb_ifnum_to_if+0x30/0x74 [usbcore]
> >
> >This has to fail if the device is gone, but the question is why the driver
> >is doing this. Hence we need to look at the backtrace.
> >
> >> [1-221.1822] [ msg: 4788] LR is at 0x5
> >> [1-221.1822] [ msg: 4788] pc : [<bede1300>] lr : [<00000005>] psr: 20000113
> >> [1-221.1822] [ msg: 4788] sp : ca443c18 ip : ca443c28 fp : ca443c24
> >> [1-221.1822] [ msg: 4788] r10: e668b6c8 r9 : 00000000 r8 : e668b7e0
> >> [1-221.1822] [ msg: 4788] r7 : e7b78880 r6 : bf1d9db0 r5 : e668b6c8 r4 : e690c000
> >> [1-221.1822] [ msg: 4788] r3 : 00002000 r2 : e696ac40 r1 : 00000001 r0 : 00000000
> >> [1-221.1822] [ msg: 4788] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
> >> [1-221.1822] [ msg: 4788] Control: 30c5383d Table: 261f8a80 DAC: e45d65d5
> >> [1-221.1822] [ msg: 4788] Process msg (pid: 4788, stack limit = 0xa0153238)
> >> [1-221.1822] [ msg: 4788] Stack: (0xca443c18 to 0xca444000)
> >> [1-221.1822] [ msg: 4788] 3c00: ca443c64 ca443c28
> >> [1-221.1822] [ msg: 4788] 3c20: bedee6e4 bede12dc 00000000 bee0ae78 ca443c54 ca443c40 c083c894 e7b78880
> >> [1-221.1822] [ msg: 4788] 3c40: e6b88340 00000000 bee0ae78 00000001 e690c000 e668b6c8 ca443cb4 ca443c68
> >> [1-221.1822] [ msg: 4788] 3c60: bedf22ac bedee64c e5cf1508 e5cf1508 e5cf0000 e5cf0330 00000001 e5cf0330
> >> [1-221.1822] [ msg: 4788] 3c80: ca443ca4 ca443c90 c083c894 e5cf0000 e5cf0330 00000001 e5cf0330 00000000
> >> [1-221.1822] [ msg: 4788] 3ca0: 00000001 c08d1b3c ca443ccc ca443cb8 bfb3f958 bedf1ff4 e5cf0330 e5cf0330
> >> [1-221.1822] [ msg: 4788] 3cc0: ca443ce4 ca443cd0 bfb3a024 bfb3f8a8 e5cf0330 e5cf0330 ca443d14 ca443ce8
> >> [1-221.1823] [ msg: 4788] 3ce0: be3661e0 bfb3a004 00000001 e5cf0330 e5cf0330 00000001 c05d6260 00000000
> >> [1-221.1823] [ msg: 4788] 3d00: 00000001 c08d1b3c ca443d2c ca443d18 be367994 be3661b4 e5cf0484 e5cf0330
> >> [1-221.1823] [ msg: 4788] 3d20: ca443d3c ca443d30 be37e3e4 be367978 ca443d5c ca443d40 bfb3a518 be37e3cc
> >> [1-221.1823] [ msg: 4788] 3d40: e5cf030c e5cf0000 00000001 c05d6260 ca443d7c ca443d60 bfb3b628 bfb3a4f0
> >> [1-221.1823] [ msg: 4788] 3d60: bfb3b5e8 40045613 00000000 c05d6260 ca443d94 ca443d80 c05d6288 bfb3b5f4
> >> [1-221.1823] [ msg: 4788] 3d80: e5cf0010 40045613 ca443dfc ca443d98 c05d9b84 c05d626c 00000068 ca443deb
> >> [1-221.1823] [ msg: 4788] 3da0: c08d1b3c 00000001 ca443e24 bfb44680 00000000 e2fa3780 c01a926c 031e1090
> >> [1-221.1823] [ msg: 4788] 3dc0: ca443df4 ffffffff c01e0048 0000072c 000012b4 00000000 40045613 00000000
> >> [1-221.1823] [ msg: 4788] 3de0: 00000000 00000001 00000004 ca443e24 ca443ed4 ca443e00 c05db320 c05d9a04
> >> [1-221.1823] [ msg: 4788] 3e00: 00000000 00000000 c05d99f8 e77a6700 ab8fd26c 00000000 00000000 00000000
> >> [1-221.1823] [ msg: 4788] 3e20: ca443f60 00000001 ca443ee0 00000000 ca443e9c ca443e40 c02390a8 be211e84
> >> [1-221.1823] [ msg: 4788] 3e40: 00000000 00000001 e2861600 00000000 00000000 00000000 00000000 00000000
> >> [1-221.1823] [ msg: 4788] 3e60: 00000000 00000000 00000000 c03681bc 00000008 00000000 ca443ee0 c0bbd748
> >> [1-221.1823] [ msg: 4788] 3e80: 00000000 c0be9a14 ca443ef4 00000002 ca443ed4 ca443ea0 c03681bc c036790c
> >> [1-221.1823] [ msg: 4788] 3ea0: ca443ef4 c0bbd748 e2861600 c05db7dc e6695448 40045613 ab8fd26c e77a6700
> >> [1-221.1823] [ msg: 4788] 3ec0: 00000021 00000036 ca443ee4 ca443ed8 c05db7fc c05db0f8 ca443efc ca443ee8
> >> [1-221.1823] [ msg: 4788] 3ee0: c05d4728 c05db7e8 ab8fd26c e6695448 ca443f6c ca443f00 c02506a0 c05d46e8
> >> [1-221.1823] [ msg: 4788] 3f00: ca443f04 c08a7a00 00000000 00000000 00000000 00000000 00000000 00000000
> >> [1-221.1823] [ msg: 4788] 3f20: 00000000 00000000 00000000 00000000 ab8fd26c c0abb6ec ab8fd26c e77a6700
> >> [1-221.1823] [ msg: 4788] 3f40: ca443f6c e77a6701 00000000 40045613 ab8fd26c e77a6700 00000021 00000036
> >> [1-221.1824] [ msg: 4788] 3f60: ca443f94 ca443f70 c0250b3c c02502fc 00000000 000006f7 00000000 00000036
> >> [1-221.1824] [ msg: 4788] 3f80: c000924c ca442000 ca443fa4 ca443f98 c0250b78 c0250adc 00000000 ca443fa8
> >> [1-221.1824] [ msg: 4788] 3fa0: c0009230 c0250b6c 00000000 000006f7 00000021 40045613 ab8fd26c 00000021
> >> [1-221.1824] [ msg: 4788] 3fc0: 00000000 000006f7 00000000 00000036 abb79e30 00000000 00000001 abb79e28
> >> [1-221.1824] [ msg: 4788] 3fe0: aeca607c ab8fd24c aec8e749 b5f1ed1c 20000010 00000021 00000000 00000000
> >> [1-221.1824] [ msg: 4788] Backtrace:
> >> [1-221.1824] [ msg: 4788] [<bede12d0>] (usb_ifnum_to_if [usbcore]) from [<bedee6e4>] (usb_hcd_alloc_bandwidth+0xa4/0x564 [usbcore])
> >> [1-221.1824] [ msg: 4788] [<bedee640>] (usb_hcd_alloc_bandwidth [usbcore]) from [<bedf22ac>] (usb_set_interface+0x2c4/0x61c [usbcore])
> >
> >This is the proximate cause.
> >
> >> [1-221.1824] [ msg: 4788] r10:e668b6c8 r9:e690c000 r8:00000001 r7:bee0ae78 r6:00000000 r5:e6b88340
> >> [1-221.1824] [ msg: 4788] r4:e7b78880
> >> [1-221.1825] [ msg: 4788] [<bedf1fe8>] (usb_set_interface [usbcore]) from [<bfb3f958>] (uvc_video_stop_streaming+0xbc/0xc4 [uvcvideo])
> >> [1-221.1825] [ msg: 4788] r10:c08d1b3c r9:00000001 r8:00000000 r7:e5cf0330 r6:00000001 r5:e5cf0330
> >> [1-221.1825] [ msg: 4788] r4:e5cf0000
> >> [1-221.1825] [ msg: 4788] [<bfb3f89c>] (uvc_video_stop_streaming [uvcvideo]) from [<bfb3a024>] (uvc_stop_streaming+0x2c/0x50 [uvcvideo])
> >
> >triggered from here
> >> [1-221.1826] [ msg: 4788] [<bfb3b5e8>] (uvc_ioctl_streamoff [uvcvideo]) from [<c05d6288>] (v4l_streamoff+0x28/0x2c)
> >> [1-221.1826] [ msg: 4788] r7:c05d6260 r6:00000000 r5:40045613 r4:bfb3b5e8
> >
> >User space is trying to execute an ioctl() on a device whose
> >disconnect() method has run. A driver has to either prevent or fail such calls.
> >
> >> I thought this issue can occur with other devices in simillar race conditions so i thought it will be fixed for all drivers.
> >
> >No, this will not work. You are failing to take into consideration
> >that the life time of the device is different from its association
> >with a particular device driver.
> >
> >> Please suggest if we need to add locking mechanism to cover such cases.
> >> i will try accordingly.
> >
> >For the reason I stated above this is not fixable with locking
> >at this level. The test for the device state is the wrong test.
> >Consequently no amount of locking can correct that. The conditions
> >only happen to conincide because your testing replicates the most
> >common code path. It is not the only one.
> >
> >You need to fix uvc_disconnect()
> >
> > HTH
> > Oliver
> >
>
> Thanks,
> Aman Deep
>

--
Ricardo Ribalda

Next message: Nishanth Menon: "Re: [PATCH V3 1/2] dt-bindings: opp: Convert ti-omap5-opp-supply to json schema"
Previous message: Maxim Mikityanskiy: "[PATCH] HID: logitech-hidpp: Add support for Logitech MX Anywhere 3 mouse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]