• Dmitry Torokhov's avatar
    Input: uinput - avoid FF flush when destroying device · e8b95728
    Dmitry Torokhov authored
    Normally, when input device supporting force feedback effects is being
    destroyed, we try to "flush" currently playing effects, so that the
    physical device does not continue vibrating (or executing other effects).
    Unfortunately this does not work well for uinput as flushing of the effects
    deadlocks with the destroy action:
    
    - if device is being destroyed because the file descriptor is being closed,
      then there is noone to even service FF requests;
    
    - if device is being destroyed because userspace sent UI_DEV_DESTROY,
      while theoretically it could be possible to service FF requests,
      userspace is unlikely to do so (they'd need to make sure FF handling
      happens on a separate thread) even if kernel solves the issue with FF
      ioctls deadlocking with UI_DEV_DESTROY ioctl on udev->mutex.
    
    To avoid lockups like the one below, let's install a custom input device
    flush handler, and avoid trying to flush force feedback effects when we
    destroying the device, and instead rely on uinput to shut off the device
    properly.
    
    NMI watchdog: Watchdog detected hard LOCKUP on cpu 3
    ...
     <<EOE>>  [<ffffffff817a0307>] _raw_spin_lock_irqsave+0x37/0x40
     [<ffffffff810e633d>] complete+0x1d/0x50
     [<ffffffffa00ba08c>] uinput_request_done+0x3c/0x40 [uinput]
     [<ffffffffa00ba587>] uinput_request_submit.part.7+0x47/0xb0 [uinput]
     [<ffffffffa00bb62b>] uinput_dev_erase_effect+0x5b/0x76 [uinput]
     [<ffffffff815d91ad>] erase_effect+0xad/0xf0
     [<ffffffff815d929d>] flush_effects+0x4d/0x90
     [<ffffffff815d4cc0>] input_flush_device+0x40/0x60
     [<ffffffff815daf1c>] evdev_cleanup+0xac/0xc0
     [<ffffffff815daf5b>] evdev_disconnect+0x2b/0x60
     [<ffffffff815d74ac>] __input_unregister_device+0xac/0x150
     [<ffffffff815d75f7>] input_unregister_device+0x47/0x70
     [<ffffffffa00bac45>] uinput_destroy_device+0xb5/0xc0 [uinput]
     [<ffffffffa00bb2de>] uinput_ioctl_handler.isra.9+0x65e/0x740 [uinput]
     [<ffffffff811231ab>] ? do_futex+0x12b/0xad0
     [<ffffffffa00bb3f8>] uinput_ioctl+0x18/0x20 [uinput]
     [<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
     [<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
     [<ffffffff812414a9>] SyS_ioctl+0x79/0x90
     [<ffffffff817a04ee>] entry_SYSCALL_64_fastpath+0x12/0x71
    Reported-by: default avatarRodrigo Rivas Costa <rodrigorivascosta@gmail.com>
    Reported-by: default avatarClément VUCHENER <clement.vuchener@gmail.com>
    Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=193741Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
    e8b95728
ff-core.c 9.32 KB