[ 48/68] USB: cdc-wdm: fix lockup on error in wdm_read

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Greg KH" <gregkh@linuxfoundation.org>,
	torvalds@linux-foundation.org, akpm@linux-foundation.org,
	alan@lxorguk.ukuu.org.uk, "Bjørn Mork" <bjorn@mork.no>,
	"Oliver Neukum" <oneukum@suse.de>
Subject: [ 48/68] USB: cdc-wdm: fix lockup on error in wdm_read
Date: Thu, 12 Jul 2012 16:02:22 -0700	[thread overview]
Message-ID: <20120712175039.694011552@linuxfoundation.org> (raw)
In-Reply-To: <20120712175035.530652872@linuxfoundation.org>

From: Greg KH <gregkh@linuxfoundation.org>

3.0-stable review patch.  If anyone has any objections, please let me know.

------------------

From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>

commit b086b6b10d9f182cd8d2f0dcfd7fd11edba93fc9 upstream.

Clear the WDM_READ flag on empty reads to avoid running
forever in an infinite tight loop, causing lockups:

Jul  1 21:58:11 nemi kernel: [ 3658.898647] qmi_wwan 2-1:1.2: Unexpected error -71
Jul  1 21:58:36 nemi kernel: [ 3684.072021] BUG: soft lockup - CPU#0 stuck for 23s! [qmi.pl:12235]
Jul  1 21:58:36 nemi kernel: [ 3684.072212] CPU 0
Jul  1 21:58:36 nemi kernel: [ 3684.072355]
Jul  1 21:58:36 nemi kernel: [ 3684.072367] Pid: 12235, comm: qmi.pl Tainted: P           O 3.5.0-rc2+ #13 LENOVO 2776LEG/2776LEG
Jul  1 21:58:36 nemi kernel: [ 3684.072383] RIP: 0010:[<ffffffffa0635008>]  [<ffffffffa0635008>] spin_unlock_irq+0x8/0xc [cdc_wdm]
Jul  1 21:58:36 nemi kernel: [ 3684.072388] RSP: 0018:ffff88022dca1e70  EFLAGS: 00000282
Jul  1 21:58:36 nemi kernel: [ 3684.072393] RAX: ffff88022fc3f650 RBX: ffffffff811c56f7 RCX: 00000001000ce8c1
Jul  1 21:58:36 nemi kernel: [ 3684.072398] RDX: 0000000000000010 RSI: 000000000267d810 RDI: ffff88022fc3f650
Jul  1 21:58:36 nemi kernel: [ 3684.072403] RBP: ffff88022dca1eb0 R08: ffffffffa063578e R09: 0000000000000000
Jul  1 21:58:36 nemi kernel: [ 3684.072407] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002
Jul  1 21:58:36 nemi kernel: [ 3684.072412] R13: 0000000000000246 R14: ffffffff00000002 R15: ffff8802281d8c88
Jul  1 21:58:36 nemi kernel: [ 3684.072418] FS:  00007f666a260700(0000) GS:ffff88023bc00000(0000) knlGS:0000000000000000
Jul  1 21:58:36 nemi kernel: [ 3684.072423] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul  1 21:58:36 nemi kernel: [ 3684.072428] CR2: 000000000270d9d8 CR3: 000000022e865000 CR4: 00000000000007f0
Jul  1 21:58:36 nemi kernel: [ 3684.072433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jul  1 21:58:36 nemi kernel: [ 3684.072438] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jul  1 21:58:36 nemi kernel: [ 3684.072444] Process qmi.pl (pid: 12235, threadinfo ffff88022dca0000, task ffff88022ff76380)
Jul  1 21:58:36 nemi kernel: [ 3684.072448] Stack:
Jul  1 21:58:36 nemi kernel: [ 3684.072458]  ffffffffa063592e 0000000100020000 ffff88022fc3f650 ffff88022fc3f6a8
Jul  1 21:58:36 nemi kernel: [ 3684.072466]  0000000000000200 0000000100000000 000000000267d810 0000000000000000
Jul  1 21:58:36 nemi kernel: [ 3684.072475]  0000000000000000 ffff880212cfb6d0 0000000000000200 ffff880212cfb6c0
Jul  1 21:58:36 nemi kernel: [ 3684.072479] Call Trace:
Jul  1 21:58:36 nemi kernel: [ 3684.072489]  [<ffffffffa063592e>] ? wdm_read+0x1a0/0x263 [cdc_wdm]
Jul  1 21:58:36 nemi kernel: [ 3684.072500]  [<ffffffff8110adb7>] ? vfs_read+0xa1/0xfb
Jul  1 21:58:36 nemi kernel: [ 3684.072509]  [<ffffffff81040589>] ? alarm_setitimer+0x35/0x64
Jul  1 21:58:36 nemi kernel: [ 3684.072517]  [<ffffffff8110aec7>] ? sys_read+0x45/0x6e
Jul  1 21:58:36 nemi kernel: [ 3684.072525]  [<ffffffff813725f9>] ? system_call_fastpath+0x16/0x1b
Jul  1 21:58:36 nemi kernel: [ 3684.072557] Code: <66> 66 90 c3 83 ff ed 89 f8 74 16 7f 06 83 ff a1 75 0a c3 83 ff f4

The WDM_READ flag is normally cleared by wdm_int_callback
before resubmitting the read urb, and set by wdm_in_callback
when this urb returns with data or an error.  But a crashing
device may cause both a read error and cancelling all urbs.
Make sure that the flag is cleared by wdm_read if the buffer
is empty.

We don't clear the flag on errors, as there may be pending
data in the buffer which should be processed.  The flag will
instead be cleared on the next wdm_read call.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/class/cdc-wdm.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/usb/class/cdc-wdm.c
+++ b/drivers/usb/class/cdc-wdm.c
@@ -457,6 +457,8 @@ retry:
 			goto retry;
 		}
 		if (!desc->reslength) { /* zero length read */
+			dev_dbg(&desc->intf->dev, "%s: zero length - clearing WDM_READ\n", __func__);
+			clear_bit(WDM_READ, &desc->flags);
 			spin_unlock_irq(&desc->iuspin);
 			goto retry;
 		}

next prev parent reply	other threads:[~2012-07-12 23:05 UTC|newest]

Thread overview: 77+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-07-12 17:50 [ 00/68] 3.0.37-stable review Greg KH
2012-07-12 23:01 ` [ 01/68] ALSA: hda - Add Realtek ALC280 codec support Greg Kroah-Hartman
2012-07-12 23:01   ` [ 02/68] powerpc/xmon: Use cpumask iterator to avoid warning Greg Kroah-Hartman
2012-07-12 23:01   ` [ 03/68] media: smsusb: add autodetection support for USB ID 2040:f5a0 Greg Kroah-Hartman
2012-07-12 23:01   ` [ 04/68] ARM: fix rcu stalls on SMP platforms Greg Kroah-Hartman
2012-07-12 23:01   ` [ 05/68] net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() Greg Kroah-Hartman
2012-07-12 23:01   ` [ 06/68] cipso: handle CIPSO options correctly when NetLabel is disabled Greg Kroah-Hartman
2012-07-12 23:01   ` [ 07/68] net: l2tp_eth: fix kernel panic on rmmod l2tp_eth Greg Kroah-Hartman
2012-07-12 23:01   ` [ 08/68] dummy: fix rcu_sched self-detected stalls Greg Kroah-Hartman
2012-07-13 14:09     ` Herton Ronaldo Krzesinski
2012-07-16 15:46       ` Greg Kroah-Hartman
2012-07-12 23:01   ` [ 09/68] ethtool: allow ETHTOOL_GSSET_INFO for users Greg Kroah-Hartman
2012-07-12 23:01   ` [ 10/68] bridge: Assign rtnl_link_ops to bridge devices created via ioctl (v2) Greg Kroah-Hartman
2012-07-12 23:01   ` [ 11/68] bonding: Fix corrupted queue_mapping Greg Kroah-Hartman
2012-07-12 23:01   ` [ 12/68] ipv6: Move ipv6 proc file registration to end of init order Greg Kroah-Hartman
2012-07-12 23:01   ` [ 13/68] sky2: fix checksum bit management on some chips Greg Kroah-Hartman
2012-07-12 23:01   ` [ 14/68] be2net: fix a race in be_xmit() Greg Kroah-Hartman
2012-07-12 23:01   ` [ 15/68] netpoll: fix netpoll_send_udp() bugs Greg Kroah-Hartman
2012-07-12 23:01   ` [ 16/68] hwmon: (applesmc) Limit key length in warning messages Greg Kroah-Hartman
2012-07-12 23:01   ` [ 17/68] nilfs2: ensure proper cache clearing for gc-inodes Greg Kroah-Hartman
2012-07-12 23:01   ` [ 18/68] udf: Use ret instead of abusing i in udf_load_logicalvol() Greg Kroah-Hartman
2012-07-12 23:01   ` [ 19/68] udf: Avoid run away loop when partition table length is corrupted Greg Kroah-Hartman
2012-07-12 23:01   ` [ 20/68] udf: Fortify loading of sparing table Greg Kroah-Hartman
2012-07-12 23:01   ` [ 21/68] ath9k: Fix softlockup in AR9485 Greg Kroah-Hartman
2012-07-12 23:01   ` [ 22/68] ath9k_hw: avoid possible infinite loop in ar9003_get_pll_sqsum_dvc Greg Kroah-Hartman
2012-07-13  1:38     ` Herton Ronaldo Krzesinski
2012-07-13  1:49       ` Greg Kroah-Hartman
2012-07-12 23:01   ` [ 23/68] ath9k: enable serialize_regmode for non-PCIE AR9287 Greg Kroah-Hartman
2012-07-12 23:01   ` [ 24/68] ASoC: tlv320aic3x: Fix codec pll configure bug Greg Kroah-Hartman
2012-07-12 23:01   ` [ 25/68] Btrfs: run delayed directory updates during log replay Greg Kroah-Hartman
2012-07-12 23:02   ` [ 26/68] drm/edid: dont return stack garbage from supports_rb Greg Kroah-Hartman
2012-07-12 23:02   ` [ 27/68] drm/nouveau/fbcon: using nv_two_heads is not a good idea Greg Kroah-Hartman
2012-07-12 23:02   ` [ 28/68] drm/i915: Fix eDP blank screen after S3 resume on HP desktops Greg Kroah-Hartman
2012-07-12 23:02   ` [ 29/68] acpi_pad: fix power_saving thread deadlock Greg Kroah-Hartman
2012-07-12 23:02   ` [ 30/68] ACPI: Add a quirk for "AMILO PRO V2030" to ignore the timer overriding Greg Kroah-Hartman
2012-07-12 23:02   ` [ 31/68] ACPI, x86: fix Dell M6600 ACPI reboot regression via DMI Greg Kroah-Hartman
2012-07-12 23:02   ` [ 32/68] ACPI sysfs.c strlen fix Greg Kroah-Hartman
2012-07-12 23:02   ` [ 33/68] stable: Allow merging of backports for serious user-visible performance issues Greg Kroah-Hartman
2012-07-12 23:02   ` [ 34/68] USB: option: add id for Cellient MEN-200 Greg Kroah-Hartman
2012-07-12 23:02   ` [ 35/68] USB: option: Add USB ID for Novatel Ovation MC551 Greg Kroah-Hartman
2012-07-12 23:02   ` [ 36/68] USB: CP210x Add 10 Device IDs Greg Kroah-Hartman
2012-07-12 23:02   ` [ 37/68] cfg80211: fix potential deadlock in regulatory Greg Kroah-Hartman
2012-07-12 23:02   ` [ 38/68] can: c_can: precedence error in c_can_chip_config() Greg Kroah-Hartman
2012-07-12 23:02   ` [ 39/68] oprofile: perf: use NR_CPUS instead or nr_cpumask_bits for static array Greg Kroah-Hartman
2012-07-12 23:02   ` [ 40/68] mac80211: correct behaviour on unrecognised action frames Greg Kroah-Hartman
2012-07-12 23:02   ` [ 41/68] mwifiex: fix 11n rx packet drop issue Greg Kroah-Hartman
2012-07-12 23:02   ` [ 42/68] vfs: make O_PATH file descriptors usable for fchdir() Greg Kroah-Hartman
2012-07-12 22:40     ` ольга крыжановская
2012-07-12 23:02   ` [ 43/68] mtd: cafe_nand: fix an & vs | mistake Greg Kroah-Hartman
2012-07-12 23:02   ` [ 44/68] tcm_fc: Resolve suspicious RCU usage warnings Greg Kroah-Hartman
2012-07-12 23:02   ` [ 45/68] eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files Greg Kroah-Hartman
2012-07-12 23:02   ` [ 46/68] eCryptfs: Fix lockdep warning in miscdev operations Greg Kroah-Hartman
2012-07-12 23:02   ` [ 47/68] eCryptfs: Properly check for O_RDONLY flag before doing privileged open Greg Kroah-Hartman
2012-07-12 23:02   ` Greg Kroah-Hartman [this message]
2012-07-12 23:02   ` [ 49/68] USB: option: add ZTE MF60 Greg Kroah-Hartman
2012-07-12 23:02   ` [ 50/68] USB: option: Add MEDIATEK product ids Greg Kroah-Hartman
2012-07-12 23:02   ` [ 51/68] PCI: EHCI: fix crash during suspend on ASUS computers Greg Kroah-Hartman
2012-07-13  1:42     ` Herton Ronaldo Krzesinski
2012-07-12 23:02   ` [ 52/68] xhci: Avoid dead ports when CONFIG_USB_XHCI_HCD=n Greg Kroah-Hartman
2012-07-12 23:02   ` [ 53/68] ipheth: add support for iPad Greg Kroah-Hartman
2012-07-12 23:02   ` [ 54/68] tracing: change CPU ring buffer state from tracing_cpumask Greg Kroah-Hartman
2012-07-13  1:47     ` Herton Ronaldo Krzesinski
2012-07-12 23:02   ` [ 55/68] vhost: dont forget to schedule() Greg Kroah-Hartman
2012-07-12 23:02   ` [ 56/68] raid5: delayed stripe fix Greg Kroah-Hartman
2012-07-12 23:02   ` [ 57/68] rtl8187: ->brightness_set can not sleep Greg Kroah-Hartman
2012-07-12 23:02   ` [ 58/68] umem: fix up unplugging Greg Kroah-Hartman
2012-07-12 23:02   ` [ 59/68] x86, cpufeature: Rename X86_FEATURE_DTS to X86_FEATURE_DTHERM Greg Kroah-Hartman
2012-07-12 23:02   ` [ 60/68] md/raid5: Do not add data_offset before call to is_badblock Greg Kroah-Hartman
2012-07-12 23:02   ` [ 61/68] md/raid10: Dont try to recovery unmatched (and unused) chunks Greg Kroah-Hartman
2012-07-12 23:02   ` [ 62/68] memory hotplug: fix invalid memory access caused by stale kswapd pointer Greg Kroah-Hartman
2012-07-12 23:02   ` [ 63/68] drivers/rtc/rtc-mxc.c: fix irq enabled interrupts warning Greg Kroah-Hartman
2012-07-12 23:02   ` [ 64/68] mm, thp: abort compaction if migration page cannot be charged to memcg Greg Kroah-Hartman
2012-07-12 23:02   ` [ 65/68] fs: ramfs: file-nommu: add SetPageUptodate() Greg Kroah-Hartman
2012-07-12 23:02   ` [ 66/68] mm: Hold a file reference in madvise_remove Greg Kroah-Hartman
2012-07-13  1:49     ` Herton Ronaldo Krzesinski
2012-07-12 23:02   ` [ 67/68] ACPI: Make acpi_skip_timer_override cover all source_irq==0 cases Greg Kroah-Hartman
2012-07-12 23:02   ` [ 68/68] ACPI: Remove one board specific WARN when ignoring timer overriding Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120712175039.694011552@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=bjorn@mork.no \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oneukum@suse.de \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox