summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNobuo Iwata <nobuo.iwata@fujixerox.co.jp>2016-04-27 15:35:53 +0900
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2016-04-28 12:28:08 -0700
commit6dc38da4a53837835e2c3d9fec5d793ea9374a94 (patch)
treea03377b3483a59e4a6e60ff4845dcc4916ae6b1e
parent0255cf9e52a73ba0d5ca393c93c5fb458fea4532 (diff)
usbip: safe completion against unbind operation
This patch adds a code fragment to ignore completing URBs in closing connection. Regarding this patch, 2 execution contexts are related. 1) stub_tx.c: stub_complete() which is called from USB core 1-1) add to unlink list and free URB or 1-2) move to tx list 2) stub_dev.c: stub_shutdown_connection() which is invoked by unbind operation through sysfs. 2-1) stop TX/RX threads 2-2) close TCP connection and set ud.tcp_socket to NULL 2-3) cleanup pending URBs by stub_device_cleanup_urbs(sdev) 2-4) free unlink list (no lock) In the race condition, URBs which will be cleared in 2-3) may be handled in 1). In case 1-1), it will not be transferred bcause tx threads are stooped in 2-1). In case 1-2), may be freed in 2-4). With this patch, after 2-2), completing URBs in 1) will not be handled and cleared in 2-3). The kernel log with this patch is as below. kernel: usbip_core: usbip_kernel_unlink:792: shutting down tcp_socket ef61d980 kernel: usbip-host 1-3: free sdev f5df6180 kernel: usbip-host 1-3: free urb f5df6700 kernel: usbip-host 1-3: Enter kernel: usbip_core: usbip_stop_eh:132: usbip_eh waiting completion 5 kernel: usbip_host: stub_complete:71: complete! status 0 kernel: usbip_host: stub_complete:102: ignore urb for closed connection e725fc00 (*) kernel: usbip_host: stub_complete:71: complete! status -2 kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of cleaning up a virtual connection kernel: usbip-host 1-3: free urb e725fc00 (**) kernel: usbip-host 1-3: free urb e725e000 kernel: usbip_host: stub_complete:71: complete! status -2 kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of cleaning up a virtual connection kernel: usbip-host 1-3: free urb e725f800 kernel: usbip_host: stub_complete:71: complete! status -2 kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of cleaning up a virtual connection kernel: usbip-host 1-3: free urb e725e800 kernel: usbip_host: stub_complete:71: complete! status -2 kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of cleaning up a virtual connection kernel: usbip-host 1-3: device reset kernel: usbip-host 1-3: lock for reset kernel: usbip_host: store_match_busid:178: del busid 1-3 kernel: uvcvideo: Found UVC 1.00 device Venus USB2.0 Camera (056e:700a) kernel: input: Venus USB2.0 Camera as /devices/pci0000:00/0000:00:1a.7/usb1/1-3/1-3:1.0/input/input22 (*) skipped with this patch in completion (**) released in 2-3 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/usb/usbip/stub_tx.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/usb/usbip/stub_tx.c b/drivers/usb/usbip/stub_tx.c
index af1edad4683a..6b1e8c3f0e4b 100644
--- a/drivers/usb/usbip/stub_tx.c
+++ b/drivers/usb/usbip/stub_tx.c
@@ -97,7 +97,10 @@ void stub_complete(struct urb *urb)
/* link a urb to the queue of tx. */
spin_lock_irqsave(&sdev->priv_lock, flags);
- if (priv->unlinking) {
+ if (sdev->ud.tcp_socket == NULL) {
+ usbip_dbg_stub_tx("ignore urb for closed connection %p", urb);
+ /* It will be freed in stub_device_cleanup_urbs(). */
+ } else if (priv->unlinking) {
stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status);
stub_free_priv_and_urb(priv);
} else {