From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk, Elric Fu <elricfu1@gmail.com>,
Sarah Sharp <sarah.a.sharp@linux.intel.com>,
Miroslav Sabljic <miroslav.sabljic@avl.com>
Subject: [ 30/31] xHCI: cancel command after command timeout
Date: Thu, 25 Oct 2012 17:04:37 -0700 [thread overview]
Message-ID: <20121026000218.025251222@linuxfoundation.org> (raw)
In-Reply-To: <20121026000214.941721299@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Elric Fu <elricfu1@gmail.com>
commit 6e4468b9a0793dfb53eb80d9fe52c739b13b27fd upstream.
The patch is used to cancel command when the command isn't
acknowledged and a timeout occurs.
This patch should be backported to kernels as old as 3.0, that contain
the commit 7ed603ecf8b68ab81f4c83097d3063d43ec73bb8 "xhci: Add an
assertion to check for virt_dev=0 bug." That commit papers over a NULL
pointer dereference, and this patch fixes the underlying issue that
caused the NULL pointer dereference.
Signed-off-by: Elric Fu <elricfu1@gmail.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Tested-by: Miroslav Sabljic <miroslav.sabljic@avl.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci.c | 26 +++++++++++++++++++-------
drivers/usb/host/xhci.h | 3 +++
2 files changed, 22 insertions(+), 7 deletions(-)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1778,6 +1778,7 @@ static int xhci_configure_endpoint(struc
struct completion *cmd_completion;
u32 *cmd_status;
struct xhci_virt_device *virt_dev;
+ union xhci_trb *cmd_trb;
spin_lock_irqsave(&xhci->lock, flags);
virt_dev = xhci->devs[udev->slot_id];
@@ -1820,6 +1821,7 @@ static int xhci_configure_endpoint(struc
}
init_completion(cmd_completion);
+ cmd_trb = xhci->cmd_ring->dequeue;
if (!ctx_change)
ret = xhci_queue_configure_endpoint(xhci, in_ctx->dma,
udev->slot_id, must_succeed);
@@ -1841,14 +1843,17 @@ static int xhci_configure_endpoint(struc
/* Wait for the configure endpoint command to complete */
timeleft = wait_for_completion_interruptible_timeout(
cmd_completion,
- USB_CTRL_SET_TIMEOUT);
+ XHCI_CMD_DEFAULT_TIMEOUT);
if (timeleft <= 0) {
xhci_warn(xhci, "%s while waiting for %s command\n",
timeleft == 0 ? "Timeout" : "Signal",
ctx_change == 0 ?
"configure endpoint" :
"evaluate context");
- /* FIXME cancel the configure endpoint command */
+ /* cancel the configure endpoint command */
+ ret = xhci_cancel_cmd(xhci, command, cmd_trb);
+ if (ret < 0)
+ return ret;
return -ETIME;
}
@@ -2781,8 +2786,10 @@ int xhci_alloc_dev(struct usb_hcd *hcd,
unsigned long flags;
int timeleft;
int ret;
+ union xhci_trb *cmd_trb;
spin_lock_irqsave(&xhci->lock, flags);
+ cmd_trb = xhci->cmd_ring->dequeue;
ret = xhci_queue_slot_control(xhci, TRB_ENABLE_SLOT, 0);
if (ret) {
spin_unlock_irqrestore(&xhci->lock, flags);
@@ -2794,12 +2801,12 @@ int xhci_alloc_dev(struct usb_hcd *hcd,
/* XXX: how much time for xHC slot assignment? */
timeleft = wait_for_completion_interruptible_timeout(&xhci->addr_dev,
- USB_CTRL_SET_TIMEOUT);
+ XHCI_CMD_DEFAULT_TIMEOUT);
if (timeleft <= 0) {
xhci_warn(xhci, "%s while waiting for a slot\n",
timeleft == 0 ? "Timeout" : "Signal");
- /* FIXME cancel the enable slot request */
- return 0;
+ /* cancel the enable slot request */
+ return xhci_cancel_cmd(xhci, NULL, cmd_trb);
}
if (!xhci->slot_id) {
@@ -2860,6 +2867,7 @@ int xhci_address_device(struct usb_hcd *
struct xhci_slot_ctx *slot_ctx;
struct xhci_input_control_ctx *ctrl_ctx;
u64 temp_64;
+ union xhci_trb *cmd_trb;
if (!udev->slot_id) {
xhci_dbg(xhci, "Bad Slot ID %d\n", udev->slot_id);
@@ -2898,6 +2906,7 @@ int xhci_address_device(struct usb_hcd *
xhci_dbg_ctx(xhci, virt_dev->in_ctx, 2);
spin_lock_irqsave(&xhci->lock, flags);
+ cmd_trb = xhci->cmd_ring->dequeue;
ret = xhci_queue_address_device(xhci, virt_dev->in_ctx->dma,
udev->slot_id);
if (ret) {
@@ -2910,7 +2919,7 @@ int xhci_address_device(struct usb_hcd *
/* ctrl tx can take up to 5 sec; XXX: need more time for xHC? */
timeleft = wait_for_completion_interruptible_timeout(&xhci->addr_dev,
- USB_CTRL_SET_TIMEOUT);
+ XHCI_CMD_DEFAULT_TIMEOUT);
/* FIXME: From section 4.3.4: "Software shall be responsible for timing
* the SetAddress() "recovery interval" required by USB and aborting the
* command on a timeout.
@@ -2918,7 +2927,10 @@ int xhci_address_device(struct usb_hcd *
if (timeleft <= 0) {
xhci_warn(xhci, "%s while waiting for a slot\n",
timeleft == 0 ? "Timeout" : "Signal");
- /* FIXME cancel the address device command */
+ /* cancel the address device command */
+ ret = xhci_cancel_cmd(xhci, NULL, cmd_trb);
+ if (ret < 0)
+ return ret;
return -ETIME;
}
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1111,6 +1111,9 @@ struct xhci_td {
union xhci_trb *last_trb;
};
+/* xHCI command default timeout value */
+#define XHCI_CMD_DEFAULT_TIMEOUT (5 * HZ)
+
/* command descriptor */
struct xhci_cd {
struct list_head cancel_cmd_list;
next prev parent reply other threads:[~2012-10-26 0:47 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-26 0:04 [ 00/31] 3.0.49-stable review Greg Kroah-Hartman
2012-10-26 0:04 ` [ 01/31] arch/tile: avoid generating .eh_frame information in modules Greg Kroah-Hartman
2012-10-26 0:04 ` [ 02/31] NLM: nlm_lookup_file() may return NLMv4-specific error codes Greg Kroah-Hartman
2012-10-26 0:04 ` [ 03/31] oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() Greg Kroah-Hartman
2012-10-26 0:04 ` [ 04/31] SUNRPC: Prevent kernel stack corruption on long values of flush Greg Kroah-Hartman
2012-10-26 0:04 ` [ 05/31] Revert: lockd: use rpc clients cl_nodename for id encoding Greg Kroah-Hartman
2012-10-26 0:04 ` [ 06/31] pcmcia: sharpsl: dont discard sharpsl_pcmcia_ops Greg Kroah-Hartman
2012-10-26 0:04 ` [ 07/31] kernel/sys.c: fix stack memory content leak via UNAME26 Greg Kroah-Hartman
2012-10-26 0:04 ` [ 08/31] use clamp_t in UNAME26 fix Greg Kroah-Hartman
2012-10-26 0:11 ` Jonathan Nieder
2012-10-26 2:28 ` Greg Kroah-Hartman
2012-10-26 8:07 ` Jonathan Nieder
2012-10-26 0:04 ` [ 09/31] x86: Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping Greg Kroah-Hartman
2012-10-26 0:04 ` [ 10/31] xen/x86: dont corrupt %eip when returning from a signal handler Greg Kroah-Hartman
2012-10-26 0:04 ` [ 11/31] USB: cdc-acm: fix pipe type of write endpoint Greg Kroah-Hartman
2012-10-26 0:04 ` [ 12/31] usb: acm: fix the computation of the number of data bits Greg Kroah-Hartman
2012-10-26 0:04 ` [ 13/31] USB: option: blacklist net interface on ZTE devices Greg Kroah-Hartman
2012-10-26 0:04 ` [ 14/31] USB: option: add more " Greg Kroah-Hartman
2012-10-26 0:04 ` [ 15/31] cgroup: notify_on_release may not be triggered in some cases Greg Kroah-Hartman
2012-10-26 0:04 ` [ 16/31] amd64_edac:__amd64_set_scrub_rate(): avoid overindexing scrubrates[] Greg Kroah-Hartman
2012-10-26 0:04 ` [ 17/31] media: au0828: fix case where STREAMOFF being called on stopped stream causes BUG() Greg Kroah-Hartman
2012-10-26 0:04 ` [ 18/31] drm/i915: apply timing generator bug workaround on CPT and PPT Greg Kroah-Hartman
2012-10-26 0:04 ` [ 19/31] net: Fix skb_under_panic oops in neigh_resolve_output Greg Kroah-Hartman
2012-10-26 0:04 ` [ 20/31] skge: Add DMA mask quirk for Marvell 88E8001 on ASUS P5NSLI motherboard Greg Kroah-Hartman
2012-10-26 0:04 ` [ 21/31] RDS: fix rds-ping spinlock recursion Greg Kroah-Hartman
2012-10-26 0:04 ` [ 22/31] tcp: resets are misrouted Greg Kroah-Hartman
2012-10-26 0:04 ` [ 23/31] sparc64: fix ptrace interaction with force_successful_syscall_return() Greg Kroah-Hartman
2012-10-26 0:04 ` [ 24/31] sparc64: Like x86 we should check current->mm during perf backtrace generation Greg Kroah-Hartman
2012-10-26 0:04 ` [ 25/31] sparc64: Fix bit twiddling in sparc_pmu_enable_event() Greg Kroah-Hartman
2012-10-26 0:04 ` [ 26/31] sparc64: do not clobber personality flags in sys_sparc64_personality() Greg Kroah-Hartman
2012-10-26 0:04 ` [ 27/31] sparc64: Be less verbose during vmemmap population Greg Kroah-Hartman
2012-10-26 0:04 ` [ 28/31] xHCI: add cmd_ring_state Greg Kroah-Hartman
2012-10-26 0:04 ` [ 29/31] xHCI: add aborting command ring function Greg Kroah-Hartman
2012-10-26 0:04 ` Greg Kroah-Hartman [this message]
2012-10-26 0:04 ` [ 31/31] xHCI: handle command after aborting the command ring Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121026000218.025251222@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=elricfu1@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=miroslav.sabljic@avl.com \
--cc=sarah.a.sharp@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.