| Message ID | 20251210000737.180797-2-sjg@u-boot.org |
|---|---|
| State | New |
| Headers |
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org> X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325298; bh=AfzuWxWfF0X7Lmp/RDiXvA3qNRMb7r3MO8V3Km34CeM=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=f9yMTm/hS1NC/EIzNc9rTIZ/thFb8N6ZJgwK8XZjrWwuv+wF+DHdD3TEjy7CLrJAC 42s8D+GSqm7t27guWwFCROuYd7Cv7blDd8tsrSF41fdfCrJAnKSIH5So0NlSq1bsvo qps4P/AEyn2v4n7DQJxK287H4k0BQJLKw2qsBlYsDqhTydg5o5KNPjRFBKZE30AFuJ ojhCO8NblPJRU48MkPEa7lbvaBzUwIXvagwsn1mJrPlNpi9aVuBt0BOVyHSBfbsGDz Cdsy8P7IXLhjzDHjVUlBiz+dYzUY6tCKiECM0F7fndPzSGMYSmbv6CIUzgUN0ssUul nRDrPDt+evnIA== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 88329689EA for <u-boot-concept@u-boot.org>; Tue, 9 Dec 2025 17:08:18 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id xvMAmbdZvNTS for <u-boot-concept@u-boot.org>; Tue, 9 Dec 2025 17:08:18 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325298; bh=AfzuWxWfF0X7Lmp/RDiXvA3qNRMb7r3MO8V3Km34CeM=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=f9yMTm/hS1NC/EIzNc9rTIZ/thFb8N6ZJgwK8XZjrWwuv+wF+DHdD3TEjy7CLrJAC 42s8D+GSqm7t27guWwFCROuYd7Cv7blDd8tsrSF41fdfCrJAnKSIH5So0NlSq1bsvo qps4P/AEyn2v4n7DQJxK287H4k0BQJLKw2qsBlYsDqhTydg5o5KNPjRFBKZE30AFuJ ojhCO8NblPJRU48MkPEa7lbvaBzUwIXvagwsn1mJrPlNpi9aVuBt0BOVyHSBfbsGDz Cdsy8P7IXLhjzDHjVUlBiz+dYzUY6tCKiECM0F7fndPzSGMYSmbv6CIUzgUN0ssUul nRDrPDt+evnIA== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 76B6768974 for <u-boot-concept@u-boot.org>; Tue, 9 Dec 2025 17:08:18 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325295; bh=EpGVkQ0NrQQZ9kG6XzRshIUODuNysa9RzATkU8Ui7d4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ke7+ZzX5S934lOeR5ZUIfEp5ggtH+iZsQdJ8Y3vvx/8v8zjqsu6gEU/SzAigwZmTh 8/CnhHPMDPqeqH4AZK8acxhQ2ju+6xWW/KQekYqgtUFMp4ijYdszNBOIp6w5alebZn DEm8y9tGUSBc39hVOP0vYyOc5p5GxQu3p+bvVX++HCcgfPR/cZ5uXHhTHWgtS/SAJL c9fX1fpA8gqgySHEU2v5acoSHo4zDFLnIya/zBY7b57TSQT6zLodOs8mF+Se4xzFYG wCOffN6cwujlhYWNdsPvcAIoZlCl1zA9VOgw+qrPguJWz+3W6860HcymoAW/mtIydF K/GWhsJNW2n3A== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 7A7E868947; Tue, 9 Dec 2025 17:08:15 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id lLToLCezm18C; Tue, 9 Dec 2025 17:08:15 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325291; bh=CyG3xl/YeKjcJ2c4yivwNjAy0W9fQS1MIEjoIuyun78=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZBM88SZVNlf6bCLpZYqM9Nzmc+xND4kfjcrgGbER/rQHxJdnFReR/mh0Q7vyckujQ EzvT8PVJ9mtvcuwZoz85MyfW/sTQApomQAjf++t6Sy1kNiJE3XOZeerbONM1z1OluA a4/Yg+RXkIT+qLb2WgKBnVadFtoj352xQ7M61G5Nmph/qwIjcxZZDTnpvF08OyjKIX Lhd9XYYr9E6kUY7JWFnBMERCcdgSFuytymUCI1aST2vepCbQA2rNcYfBzP52xlUoiT Nhddb2swQ0zRF1sdcCqWrf4DpZKbCaVw1PX2KkbfQ79dKnhZ4fU5sX1HpOcTAUogfw A2MQ1MTm465ug== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id 07E2A687A7; Tue, 9 Dec 2025 17:08:10 -0700 (MST) From: Simon Glass <sjg@u-boot.org> To: U-Boot Concept <concept@u-boot.org> Date: Tue, 9 Dec 2025 17:06:52 -0700 Message-ID: <20251210000737.180797-2-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251210000737.180797-1-sjg@u-boot.org> References: <20251210000737.180797-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: QNLX734N76TYBHTDBSHUBWOQGVI556A3 X-Message-ID-Hash: QNLX734N76TYBHTDBSHUBWOQGVI556A3 X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Heinrich Schuchardt <xypron.glpk@gmx.de>, Simon Glass <simon.glass@canonical.com>, Claude <noreply@anthropic.com> X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 01/35] watchdog: Unregister cyclic on device removal List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org> Archived-At: <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/QNLX734N76TYBHTDBSHUBWOQGVI556A3/> List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/> List-Help: <mailto:concept-request@u-boot.org?subject=help> List-Owner: <mailto:concept-owner@u-boot.org> List-Post: <mailto:concept@u-boot.org> List-Subscribe: <mailto:concept-join@u-boot.org> List-Unsubscribe: <mailto:concept-leave@u-boot.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit |
| Series |
malloc: Add heap debugging commands and mcheck caller tracking
|
|
Commit Message
Simon Glass
Dec. 10, 2025, 12:06 a.m. UTC
From: Simon Glass <simon.glass@canonical.com> When a watchdog device is destroyed, the cyclic_info embedded in the device's private data is freed but remains in the global cyclic list. The subsequent cyclic_unregister_all() call then accesses freed memory, causing a crash. Add a pre_remove hook to the watchdog uclass to unregister the cyclic function before the device is destroyed. Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- drivers/watchdog/wdt-uclass.c | 11 +++++++++++ 1 file changed, 11 insertions(+)
Comments
Am 10. Dezember 2025 01:06:52 MEZ schrieb Simon Glass <sjg@u-boot.org>: >From: Simon Glass <simon.glass@canonical.com> > >When a watchdog device is destroyed, the cyclic_info embedded in the >device's private data is freed but remains in the global cyclic list. >The subsequent cyclic_unregister_all() call then accesses freed memory, >causing a crash. > >Add a pre_remove hook to the watchdog uclass to unregister the cyclic >function before the device is destroyed. Is this a sandbox only problem? Or can this happen on real hardware when booting? > >Co-developed-by: Claude <noreply@anthropic.com> >Signed-off-by: Simon Glass <simon.glass@canonical.com> >--- > > drivers/watchdog/wdt-uclass.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > >diff --git a/drivers/watchdog/wdt-uclass.c b/drivers/watchdog/wdt-uclass.c >index 10be334e9ed..c2d19530b3d 100644 >--- a/drivers/watchdog/wdt-uclass.c >+++ b/drivers/watchdog/wdt-uclass.c >@@ -256,10 +256,21 @@ static int wdt_pre_probe(struct udevice *dev) > return 0; > } > >+static int wdt_pre_remove(struct udevice *dev) >+{ >+ struct wdt_priv *priv = dev_get_uclass_priv(dev); >+ >+ if (IS_ENABLED(CONFIG_WATCHDOG) && priv->running) >+ cyclic_unregister(&priv->cyclic); >+ >+ return 0; >+} >+ > UCLASS_DRIVER(wdt) = { > .id = UCLASS_WDT, > .name = "watchdog", > .flags = DM_UC_FLAG_SEQ_ALIAS, > .pre_probe = wdt_pre_probe, >+ .pre_remove = wdt_pre_remove, > .per_device_auto = sizeof(struct wdt_priv), > };
Hi Heinrich, On Tue, 9 Dec 2025 at 23:53, Heinrich Schuchardt via Concept <concept@u-boot.org> wrote: > > Am 10. Dezember 2025 01:06:52 MEZ schrieb Simon Glass <sjg@u-boot.org>: > >From: Simon Glass <simon.glass@canonical.com> > > > >When a watchdog device is destroyed, the cyclic_info embedded in the > >device's private data is freed but remains in the global cyclic list. > >The subsequent cyclic_unregister_all() call then accesses freed memory, > >causing a crash. > > > >Add a pre_remove hook to the watchdog uclass to unregister the cyclic > >function before the device is destroyed. > > Is this a sandbox only problem? Or can this happen on real hardware when booting? Normally when booting we don't have idle time, so cyclic is not called. It looks like only octeontx_wdt.c is marked with the DM_FLAG_OS_PREPARE flag. So perhaps on that platform, if the device is removed and then schedule() is called, it would cause the problem. Regards, Simon > > > > > >Co-developed-by: Claude <noreply@anthropic.com> > >Signed-off-by: Simon Glass <simon.glass@canonical.com> > >--- > > > > drivers/watchdog/wdt-uclass.c | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > > >diff --git a/drivers/watchdog/wdt-uclass.c b/drivers/watchdog/wdt-uclass.c > >index 10be334e9ed..c2d19530b3d 100644 > >--- a/drivers/watchdog/wdt-uclass.c > >+++ b/drivers/watchdog/wdt-uclass.c > >@@ -256,10 +256,21 @@ static int wdt_pre_probe(struct udevice *dev) > > return 0; > > } > > > >+static int wdt_pre_remove(struct udevice *dev) > >+{ > >+ struct wdt_priv *priv = dev_get_uclass_priv(dev); > >+ > >+ if (IS_ENABLED(CONFIG_WATCHDOG) && priv->running) > >+ cyclic_unregister(&priv->cyclic); > >+ > >+ return 0; > >+} > >+ > > UCLASS_DRIVER(wdt) = { > > .id = UCLASS_WDT, > > .name = "watchdog", > > .flags = DM_UC_FLAG_SEQ_ALIAS, > > .pre_probe = wdt_pre_probe, > >+ .pre_remove = wdt_pre_remove, > > .per_device_auto = sizeof(struct wdt_priv), > > }; > > _______________________________________________ > Concept mailing list -- concept@u-boot.org > To unsubscribe send an email to concept-leave@u-boot.org
diff --git a/drivers/watchdog/wdt-uclass.c b/drivers/watchdog/wdt-uclass.c index 10be334e9ed..c2d19530b3d 100644 --- a/drivers/watchdog/wdt-uclass.c +++ b/drivers/watchdog/wdt-uclass.c @@ -256,10 +256,21 @@ static int wdt_pre_probe(struct udevice *dev) return 0; } +static int wdt_pre_remove(struct udevice *dev) +{ + struct wdt_priv *priv = dev_get_uclass_priv(dev); + + if (IS_ENABLED(CONFIG_WATCHDOG) && priv->running) + cyclic_unregister(&priv->cyclic); + + return 0; +} + UCLASS_DRIVER(wdt) = { .id = UCLASS_WDT, .name = "watchdog", .flags = DM_UC_FLAG_SEQ_ALIAS, .pre_probe = wdt_pre_probe, + .pre_remove = wdt_pre_remove, .per_device_auto = sizeof(struct wdt_priv), };