From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08779C43603 for ; Tue, 17 Dec 2019 15:23:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D36302072D for ; Tue, 17 Dec 2019 15:23:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1576596205; bh=AWr53SZL6zU34wrDAuOc2PlBHR0vANdc062K7fLZoIA=; h=Subject:To:Cc:References:From:Date:In-Reply-To:List-ID:From; b=Ubbk6b7hLCmjvtpMvIqPxYAhUekdzsV/SOeyV5fKqBxUsELWLIN0m720nZY4JkSyZ UvkRUvPfcbTWsTYDJZOtS2DGTSmYJmQdLjjkQ+FRtsWD9q0ZcpzAGVn2KoLx9XzrHq SiDmm4lK+cCf6gBeMcRFCa8iA43NN8hCzEZ5yaVY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728611AbfLQPXZ (ORCPT ); Tue, 17 Dec 2019 10:23:25 -0500 Received: from mail.kernel.org ([198.145.29.99]:57372 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728443AbfLQPXX (ORCPT ); Tue, 17 Dec 2019 10:23:23 -0500 Received: from [192.168.1.112] (c-24-9-64-241.hsd1.co.comcast.net [24.9.64.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CB15D2072D; Tue, 17 Dec 2019 15:23:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1576596202; bh=AWr53SZL6zU34wrDAuOc2PlBHR0vANdc062K7fLZoIA=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=zMuAk80CRLTlgF5FRyg46dH0PWyW0TyFaSPmNu7ODQdpeBYHwNKv/Im1JDoIeMyEc trDdXpMBDaWWzsdE08cgYdIl3dZ+GIrKJSFyND0pqB+pMzi9apL0XRlyvFfHCJyY9m Ed4RniaX0lggCQB6edP3vZ7sYT0OA7v1nw2KCK2s= Subject: Re: [PATCH v2 2/2] usbip: Fix error path of vhci_recv_ret_submit() To: Suwan Kim , valentina.manea.m@gmail.com, gregkh@linuxfoundation.org, marmarek@invisiblethingslab.com Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, stern@rowland.harvard.edu, shuah , Shuah Khan References: <20191213023055.19933-1-suwan.kim027@gmail.com> <20191213023055.19933-3-suwan.kim027@gmail.com> From: shuah Message-ID: Date: Tue, 17 Dec 2019 08:23:21 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <20191213023055.19933-3-suwan.kim027@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/12/19 7:30 PM, Suwan Kim wrote: > If a transaction error happens in vhci_recv_ret_submit(), event > handler closes connection and changes port status to kick hub_event. > Then hub tries to flush the endpoint URBs, but that causes infinite > loop between usb_hub_flush_endpoint() and vhci_urb_dequeue() because > "vhci_priv" in vhci_urb_dequeue() was already released by > vhci_recv_ret_submit() before a transmission error occurred. Thus, > vhci_urb_dequeue() terminates early and usb_hub_flush_endpoint() > continuously calls vhci_urb_dequeue(). > > The root cause of this issue is that vhci_recv_ret_submit() > terminates early without giving back URB when transaction error > occurs in vhci_recv_ret_submit(). That causes the error URB to still > be linked at endpoint list without “vhci_priv". > > So, in the case of transaction error in vhci_recv_ret_submit(), > unlink URB from the endpoint, insert proper error code in > urb->status and give back URB. > > Reported-by: Marek Marczykowski-Górecki > Tested-by: Marek Marczykowski-Górecki > Signed-off-by: Suwan Kim > --- > drivers/usb/usbip/vhci_rx.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/drivers/usb/usbip/vhci_rx.c b/drivers/usb/usbip/vhci_rx.c > index 33f8972ba842..00fc98741c5d 100644 > --- a/drivers/usb/usbip/vhci_rx.c > +++ b/drivers/usb/usbip/vhci_rx.c > @@ -77,16 +77,21 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, > usbip_pack_pdu(pdu, urb, USBIP_RET_SUBMIT, 0); > > /* recv transfer buffer */ > - if (usbip_recv_xbuff(ud, urb) < 0) > - return; > + if (usbip_recv_xbuff(ud, urb) < 0) { > + urb->status = -EPROTO; > + goto error; > + } > > /* recv iso_packet_descriptor */ > - if (usbip_recv_iso(ud, urb) < 0) > - return; > + if (usbip_recv_iso(ud, urb) < 0) { > + urb->status = -EPROTO; > + goto error; > + } > > /* restore the padding in iso packets */ > usbip_pad_iso(ud, urb); > > +error: > if (usbip_dbg_flag_vhci_rx) > usbip_dump_urb(urb); > > Acked-by: Shuah Khan thanks, -- Shuah