From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Florian Wolter <wolly84@web.de>,
Sarah Sharp <sarah.a.sharp@linux.intel.com>,
Jonghwan Choi <jhbird.choi@samsung.com>
Subject: [ 05/13] xhci: Fix race between ep halt and URB cancellation
Date: Wed, 2 Oct 2013 21:04:30 -0700 [thread overview]
Message-ID: <20131003040401.131996115@linuxfoundation.org> (raw)
In-Reply-To: <20131003040400.753642257@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Wolter <wolly84@web.de>
commit 526867c3ca0caa2e3e846cb993b0f961c33c2abb upstream.
The halted state of a endpoint cannot be cleared over CLEAR_HALT from a
user process, because the stopped_td variable was overwritten in the
handle_stopped_endpoint() function. So the xhci_endpoint_reset() function will
refuse the reset and communication with device can not run over this endpoint.
https://bugzilla.kernel.org/show_bug.cgi?id=60699
Signed-off-by: Florian Wolter <wolly84@web.de>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: Jonghwan Choi <jhbird.choi@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -882,8 +882,12 @@ remove_finished_td:
/* Otherwise ring the doorbell(s) to restart queued transfers */
ring_doorbell_for_active_rings(xhci, slot_id, ep_index);
}
- ep->stopped_td = NULL;
- ep->stopped_trb = NULL;
+
+ /* Clear stopped_td and stopped_trb if endpoint is not halted */
+ if (!(ep->ep_state & EP_HALTED)) {
+ ep->stopped_td = NULL;
+ ep->stopped_trb = NULL;
+ }
/*
* Drop the lock and complete the URBs in the cancelled TD list.
next prev parent reply other threads:[~2013-10-03 4:04 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-03 4:04 [ 00/13] 3.0.99-stable review Greg Kroah-Hartman
2013-10-03 4:04 ` [ 01/13] x86/reboot: Add quirk to make Dell C6100 use reboot=pci automatically Greg Kroah-Hartman
2013-10-03 4:04 ` [ 02/13] x86, efi: Dont map Boot Services on i386 Greg Kroah-Hartman
2013-10-03 4:04 ` [ 03/13] staging: vt6656: [BUG] main_usb.c oops on device_close move flag earlier Greg Kroah-Hartman
2013-10-03 4:04 ` [ 04/13] xhci: Fix oops happening after address device timeout Greg Kroah-Hartman
2013-10-03 4:04 ` Greg Kroah-Hartman [this message]
2013-10-03 4:04 ` [ 06/13] usb/core/devio.c: Dont reject control message to endpoint with wrong direction bit Greg Kroah-Hartman
2013-10-03 4:04 ` [ 07/13] dm snapshot: workaround for a false positive lockdep warning Greg Kroah-Hartman
2013-10-03 4:04 ` [ 08/13] dm-snapshot: fix performance degradation due to small hash size Greg Kroah-Hartman
2013-10-03 4:04 ` [ 09/13] drm/i915/dp: increase i2c-over-aux retry interval on AUX DEFER Greg Kroah-Hartman
2013-10-03 4:04 ` [ 10/13] hwmon: (applesmc) Check key count before proceeding Greg Kroah-Hartman
2013-10-03 4:04 ` [ 11/13] mm: fix aio performance regression for database caused by THP Greg Kroah-Hartman
2013-10-03 4:04 ` [ 12/13] hwmon: (applesmc) Silence uninitialized warnings Greg Kroah-Hartman
2013-10-03 4:04 ` [ 13/13] splice: fix racy pipe->buffers uses Greg Kroah-Hartman
2013-10-03 5:53 ` [ 00/13] 3.0.99-stable review Guenter Roeck
2013-10-03 12:47 ` Christoph Biedl
2013-10-03 13:29 ` Guenter Roeck
2013-10-03 13:35 ` Khalid Aziz
2013-10-03 14:41 ` Christoph Biedl
2013-10-03 14:56 ` Khalid Aziz
2013-10-03 15:12 ` Khalid Aziz
2013-10-03 18:34 ` Greg Kroah-Hartman
2013-10-03 19:15 ` Christoph Biedl
2013-10-03 20:03 ` Khalid Aziz
2013-10-03 15:56 ` Guenter Roeck
2013-10-03 18:40 ` Greg Kroah-Hartman
2013-10-03 21:18 ` Guenter Roeck
2013-10-03 18:36 ` Greg Kroah-Hartman
2013-10-04 0:16 ` Shuah Khan
2013-10-04 2:37 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131003040401.131996115@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jhbird.choi@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sarah.a.sharp@linux.intel.com \
--cc=stable@vger.kernel.org \
--cc=wolly84@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).