diff options
author | Nobuo Iwata <nobuo.iwata@fujixerox.co.jp> | 2016-04-27 15:35:53 +0900 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-04-28 12:28:08 -0700 |
commit | 6dc38da4a53837835e2c3d9fec5d793ea9374a94 (patch) | |
tree | a03377b3483a59e4a6e60ff4845dcc4916ae6b1e | |
parent | 0255cf9e52a73ba0d5ca393c93c5fb458fea4532 (diff) |
usbip: safe completion against unbind operation
This patch adds a code fragment to ignore completing URBs in closing
connection.
Regarding this patch, 2 execution contexts are related.
1) stub_tx.c: stub_complete() which is called from USB core
1-1) add to unlink list and free URB or
1-2) move to tx list
2) stub_dev.c: stub_shutdown_connection() which is invoked by unbind
operation through sysfs.
2-1) stop TX/RX threads
2-2) close TCP connection and set ud.tcp_socket to NULL
2-3) cleanup pending URBs by stub_device_cleanup_urbs(sdev)
2-4) free unlink list (no lock)
In the race condition, URBs which will be cleared in 2-3) may be
handled in 1).
In case 1-1), it will not be transferred bcause tx threads are stooped
in 2-1).
In case 1-2), may be freed in 2-4).
With this patch, after 2-2), completing URBs in 1) will not be handled
and cleared in 2-3).
The kernel log with this patch is as below.
kernel: usbip_core: usbip_kernel_unlink:792: shutting down tcp_socket
ef61d980
kernel: usbip-host 1-3: free sdev f5df6180
kernel: usbip-host 1-3: free urb f5df6700
kernel: usbip-host 1-3: Enter
kernel: usbip_core: usbip_stop_eh:132: usbip_eh waiting completion 5
kernel: usbip_host: stub_complete:71: complete! status 0
kernel: usbip_host: stub_complete:102: ignore urb for closed connection
e725fc00 (*)
kernel: usbip_host: stub_complete:71: complete! status -2
kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of
cleaning up a virtual connection
kernel: usbip-host 1-3: free urb e725fc00 (**)
kernel: usbip-host 1-3: free urb e725e000
kernel: usbip_host: stub_complete:71: complete! status -2
kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of
cleaning up a virtual connection
kernel: usbip-host 1-3: free urb e725f800
kernel: usbip_host: stub_complete:71: complete! status -2
kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of
cleaning up a virtual connection
kernel: usbip-host 1-3: free urb e725e800
kernel: usbip_host: stub_complete:71: complete! status -2
kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of
cleaning up a virtual connection
kernel: usbip-host 1-3: device reset
kernel: usbip-host 1-3: lock for reset
kernel: usbip_host: store_match_busid:178: del busid 1-3
kernel: uvcvideo: Found UVC 1.00 device Venus USB2.0 Camera (056e:700a)
kernel: input: Venus USB2.0 Camera as
/devices/pci0000:00/0000:00:1a.7/usb1/1-3/1-3:1.0/input/input22
(*) skipped with this patch in completion
(**) released in 2-3
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | drivers/usb/usbip/stub_tx.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/usb/usbip/stub_tx.c b/drivers/usb/usbip/stub_tx.c index af1edad4683a..6b1e8c3f0e4b 100644 --- a/drivers/usb/usbip/stub_tx.c +++ b/drivers/usb/usbip/stub_tx.c @@ -97,7 +97,10 @@ void stub_complete(struct urb *urb) /* link a urb to the queue of tx. */ spin_lock_irqsave(&sdev->priv_lock, flags); - if (priv->unlinking) { + if (sdev->ud.tcp_socket == NULL) { + usbip_dbg_stub_tx("ignore urb for closed connection %p", urb); + /* It will be freed in stub_device_cleanup_urbs(). */ + } else if (priv->unlinking) { stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status); stub_free_priv_and_urb(priv); } else { |