Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

BUG: sleeping function called from invalid context at mm/slub.c:1717

390 views
Skip to first unread message

Jens Axboe

unread,
Sep 15, 2009, 5:00:12 AM9/15/09
to
Hi,

This is new with todays -git:

BUG: sleeping function called from invalid context at mm/slub.c:1717
in_atomic(): 1, irqs_disabled(): 1, pid: 0, name: swapper
Pid: 0, comm: swapper Not tainted 2.6.31 #206
Call Trace:
<IRQ> [<ffffffff8103eb23>] __might_sleep+0xf3/0x110
[<ffffffff810e4d83>] kmem_cache_alloc+0x123/0x170
[<ffffffff813306c9>] hid_input_report+0x89/0x3a0
[<ffffffffa00cd5f4>] hid_ctrl+0xa4/0x1f0 [usbhid]
[<ffffffff8108a4c7>] ? handle_IRQ_event+0xa7/0x1e0
[<ffffffffa004da1f>] usb_hcd_giveback_urb+0x3f/0xa0 [usbcore]
[<ffffffffa0074ab4>] uhci_giveback_urb+0xb4/0x240 [uhci_hcd]
[<ffffffffa00750e7>] uhci_scan_schedule+0x357/0xab0 [uhci_hcd]
[<ffffffffa0077a01>] uhci_irq+0x91/0x190 [uhci_hcd]
[<ffffffffa004d44e>] usb_hcd_irq+0x2e/0x70 [usbcore]
[<ffffffff8108a4c7>] handle_IRQ_event+0xa7/0x1e0
[<ffffffff8108c58c>] handle_fasteoi_irq+0x7c/0xf0
[<ffffffff8100f176>] handle_irq+0x46/0xa0
[<ffffffff8100e49a>] do_IRQ+0x6a/0xf0
[<ffffffff8100c853>] ret_from_intr+0x0/0xa

And I notice there's a HID merge from yesterday, Jiri CC'ed.

--
Jens Axboe

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Jiri Kosina

unread,
Sep 15, 2009, 6:20:07 AM9/15/09
to
On Tue, 15 Sep 2009, Jens Axboe wrote:

> This is new with todays -git:
>
> BUG: sleeping function called from invalid context at mm/slub.c:1717
> in_atomic(): 1, irqs_disabled(): 1, pid: 0, name: swapper
> Pid: 0, comm: swapper Not tainted 2.6.31 #206
> Call Trace:
> <IRQ> [<ffffffff8103eb23>] __might_sleep+0xf3/0x110
> [<ffffffff810e4d83>] kmem_cache_alloc+0x123/0x170
> [<ffffffff813306c9>] hid_input_report+0x89/0x3a0
> [<ffffffffa00cd5f4>] hid_ctrl+0xa4/0x1f0 [usbhid]
> [<ffffffff8108a4c7>] ? handle_IRQ_event+0xa7/0x1e0
> [<ffffffffa004da1f>] usb_hcd_giveback_urb+0x3f/0xa0 [usbcore]
> [<ffffffffa0074ab4>] uhci_giveback_urb+0xb4/0x240 [uhci_hcd]
> [<ffffffffa00750e7>] uhci_scan_schedule+0x357/0xab0 [uhci_hcd]
> [<ffffffffa0077a01>] uhci_irq+0x91/0x190 [uhci_hcd]
> [<ffffffffa004d44e>] usb_hcd_irq+0x2e/0x70 [usbcore]
> [<ffffffff8108a4c7>] handle_IRQ_event+0xa7/0x1e0
> [<ffffffff8108c58c>] handle_fasteoi_irq+0x7c/0xf0
> [<ffffffff8100f176>] handle_irq+0x46/0xa0
> [<ffffffff8100e49a>] do_IRQ+0x6a/0xf0
> [<ffffffff8100c853>] ret_from_intr+0x0/0xa
>
> And I notice there's a HID merge from yesterday, Jiri CC'ed.

Thanks for letting me know. The patch below should fix it.

From: Jiri Kosina <jko...@suse.cz>
Subject: [PATCH] HID: fix non-atomic allocation in hid_input_report

'interrupt' variable can't be used to safely determine whether
we are running in atomic context or not, as we might be called from
during control transfer completion through hid_ctrl() in atomic
context with interrupt == 0.

Reported-by: Jens Axboe <jens....@oracle.com>
Signed-off-by: Jiri Kosina <jko...@suse.cz>
---
drivers/hid/hid-core.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 342b7d3..ca9bb26 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1089,8 +1089,7 @@ int hid_input_report(struct hid_device *hid, int type, u8 *data, int size, int i
return -1;
}

- buf = kmalloc(sizeof(char) * HID_DEBUG_BUFSIZE,
- interrupt ? GFP_ATOMIC : GFP_KERNEL);
+ buf = kmalloc(sizeof(char) * HID_DEBUG_BUFSIZE, GFP_ATOMIC);

if (!buf) {
report = hid_get_report(report_enum, data);
--
1.5.6

Jens Axboe

unread,
Sep 16, 2009, 3:00:19 AM9/16/09
to
On Tue, Sep 15 2009, Jiri Kosina wrote:
> On Tue, 15 Sep 2009, Jens Axboe wrote:
>
> > This is new with todays -git:
> >
> > BUG: sleeping function called from invalid context at mm/slub.c:1717
> > in_atomic(): 1, irqs_disabled(): 1, pid: 0, name: swapper
> > Pid: 0, comm: swapper Not tainted 2.6.31 #206
> > Call Trace:
> > <IRQ> [<ffffffff8103eb23>] __might_sleep+0xf3/0x110
> > [<ffffffff810e4d83>] kmem_cache_alloc+0x123/0x170
> > [<ffffffff813306c9>] hid_input_report+0x89/0x3a0
> > [<ffffffffa00cd5f4>] hid_ctrl+0xa4/0x1f0 [usbhid]
> > [<ffffffff8108a4c7>] ? handle_IRQ_event+0xa7/0x1e0
> > [<ffffffffa004da1f>] usb_hcd_giveback_urb+0x3f/0xa0 [usbcore]
> > [<ffffffffa0074ab4>] uhci_giveback_urb+0xb4/0x240 [uhci_hcd]
> > [<ffffffffa00750e7>] uhci_scan_schedule+0x357/0xab0 [uhci_hcd]
> > [<ffffffffa0077a01>] uhci_irq+0x91/0x190 [uhci_hcd]
> > [<ffffffffa004d44e>] usb_hcd_irq+0x2e/0x70 [usbcore]
> > [<ffffffff8108a4c7>] handle_IRQ_event+0xa7/0x1e0
> > [<ffffffff8108c58c>] handle_fasteoi_irq+0x7c/0xf0
> > [<ffffffff8100f176>] handle_irq+0x46/0xa0
> > [<ffffffff8100e49a>] do_IRQ+0x6a/0xf0
> > [<ffffffff8100c853>] ret_from_intr+0x0/0xa
> >
> > And I notice there's a HID merge from yesterday, Jiri CC'ed.
>
> Thanks for letting me know. The patch below should fix it.

Yes that works, thanks Jiri!

--
Jens Axboe

Minchan Kim

unread,
Sep 16, 2009, 3:30:06 AM9/16/09
to
Hi, Jiri.

I am not a USB expert so It might be dump comment. :)

We have to change description of hid_input_report.

* @interrupt: called from atomic?

I think it lost meaning.
I am worried that interrupt variable is propagated down
to sub functions. Is it right on sub functions?

One more thing, I am concerned about increasing
GFP_ATOMIC customers although we can avoid it.
Is it called rarely?
Could you find a alternative method to overcome this issue?


>
> Reported-by: Jens Axboe <jens....@oracle.com>
> Signed-off-by: Jiri Kosina <jko...@suse.cz>
> ---
> �drivers/hid/hid-core.c | � �3 +--
> �1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> index 342b7d3..ca9bb26 100644
> --- a/drivers/hid/hid-core.c
> +++ b/drivers/hid/hid-core.c
> @@ -1089,8 +1089,7 @@ int hid_input_report(struct hid_device *hid, int type, u8 *data, int size, int i
> � � � � � � � �return -1;
> � � � �}
>
> - � � � buf = kmalloc(sizeof(char) * HID_DEBUG_BUFSIZE,
> - � � � � � � � � � � � interrupt ? GFP_ATOMIC : GFP_KERNEL);
> + � � � buf = kmalloc(sizeof(char) * HID_DEBUG_BUFSIZE, GFP_ATOMIC);
>
> � � � �if (!buf) {
> � � � � � � � �report = hid_get_report(report_enum, data);
> --
> 1.5.6
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majo...@vger.kernel.org
> More majordomo info at �http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at �http://www.tux.org/lkml/
>

--
Kind regards,
Minchan Kim

Jiri Kosina

unread,
Sep 21, 2009, 5:20:06 AM9/21/09
to
On Wed, 16 Sep 2009, Minchan Kim wrote:

> We have to change description of hid_input_report.
>
> * @interrupt: called from atomic?
> I think it lost meaning.

Good point, I will change it, thanks.

> I am worried that interrupt variable is propagated down to sub
> functions. Is it right on sub functions?

Yes. This variable is not used for chosing correct allocation flags
anywhere else, it is just carrying the semantics what the HID core should
do, what callbacks to call, etc. So it's correct.
But you are right that the name and kerneldocs is confusing, and I will
fix that.

> One more thing, I am concerned about increasing GFP_ATOMIC customers
> although we can avoid it. Is it called rarely? Could you find a
> alternative method to overcome this issue?

This is just a temporary buffer for debugging output, it is freed almost
immediately later in the function, and even if the allocation fails,
nothing bad happens (just the debugging output is not delivered to the
debugfs buffer).

Thanks,

--
Jiri Kosina
SUSE Labs, Novell Inc.

0 new messages