tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

net: usb: r8152: fix resume reset deadlock

rtl8152 can trigger device reset during reset which
potentially can result in a deadlock:

**** DPM device timeout after 10 seconds; 15 seconds until panic ****
Call Trace:
<TASK>
schedule+0x483/0x1370
schedule_preempt_disabled+0x15/0x30
__mutex_lock_common+0x1fd/0x470
__rtl8152_set_mac_address+0x80/0x1f0
dev_set_mac_address+0x7f/0x150
rtl8152_post_reset+0x72/0x150
usb_reset_device+0x1d0/0x220
rtl8152_resume+0x99/0xc0
usb_resume_interface+0x3e/0xc0
usb_resume_both+0x104/0x150
usb_resume+0x22/0x110

The problem is that rtl8152 resume calls reset under
tp->control mutex while reset basically re-enters rtl8152
and attempts to acquire the same tp->control lock once
again.

Reset INACCESSIBLE device outside of tp->control mutex
scope to avoid recursive mutex_lock() deadlock.

Fixes: 4933b066fefb ("r8152: If inaccessible at resume time, issue a reset")
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Link: https://patch.msgid.link/20260129031106.3805887-1-senozhatsky@chromium.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Sergey Senozhatsky and committed by
Jakub Kicinski 6d06bc83 f8db6475

+15 -14
+15 -14
drivers/net/usb/r8152.c
··· 8535 8535 usb_submit_urb(tp->intr_urb, GFP_NOIO); 8536 8536 } 8537 8537 8538 - /* If the device is RTL8152_INACCESSIBLE here then we should do a 8539 - * reset. This is important because the usb_lock_device_for_reset() 8540 - * that happens as a result of usb_queue_reset_device() will silently 8541 - * fail if the device was suspended or if too much time passed. 8542 - * 8543 - * NOTE: The device is locked here so we can directly do the reset. 8544 - * We don't need usb_lock_device_for_reset() because that's just a 8545 - * wrapper over device_lock() and device_resume() (which calls us) 8546 - * does that for us. 8547 - */ 8548 - if (test_bit(RTL8152_INACCESSIBLE, &tp->flags)) 8549 - usb_reset_device(tp->udev); 8550 - 8551 8538 return 0; 8552 8539 } 8553 8540 ··· 8645 8658 static int rtl8152_resume(struct usb_interface *intf) 8646 8659 { 8647 8660 struct r8152 *tp = usb_get_intfdata(intf); 8661 + bool runtime_resume = test_bit(SELECTIVE_SUSPEND, &tp->flags); 8648 8662 int ret; 8649 8663 8650 8664 mutex_lock(&tp->control); 8651 8665 8652 8666 rtl_reset_ocp_base(tp); 8653 8667 8654 - if (test_bit(SELECTIVE_SUSPEND, &tp->flags)) 8668 + if (runtime_resume) 8655 8669 ret = rtl8152_runtime_resume(tp); 8656 8670 else 8657 8671 ret = rtl8152_system_resume(tp); 8658 8672 8659 8673 mutex_unlock(&tp->control); 8674 + 8675 + /* If the device is RTL8152_INACCESSIBLE here then we should do a 8676 + * reset. This is important because the usb_lock_device_for_reset() 8677 + * that happens as a result of usb_queue_reset_device() will silently 8678 + * fail if the device was suspended or if too much time passed. 8679 + * 8680 + * NOTE: The device is locked here so we can directly do the reset. 8681 + * We don't need usb_lock_device_for_reset() because that's just a 8682 + * wrapper over device_lock() and device_resume() (which calls us) 8683 + * does that for us. 8684 + */ 8685 + if (!runtime_resume && test_bit(RTL8152_INACCESSIBLE, &tp->flags)) 8686 + usb_reset_device(tp->udev); 8660 8687 8661 8688 return ret; 8662 8689 }