1. 29 4月, 2016 12 次提交
    • C
      usb: core: hub: hub_port_init lock controller instead of bus · feb26ac3
      Chris Bainbridge 提交于
      The XHCI controller presents two USB buses to the system - one for USB2
      and one for USB3. The hub init code (hub_port_init) is reentrant but
      only locks one bus per thread, leading to a race condition failure when
      two threads attempt to simultaneously initialise a USB2 and USB3 device:
      
      [    8.034843] xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
      [   13.183701] usb 3-3: device descriptor read/all, error -110
      
      On a test system this failure occurred on 6% of all boots.
      
      The call traces at the point of failure are:
      
      Call Trace:
       [<ffffffff81b9bab7>] schedule+0x37/0x90
       [<ffffffff817da7cd>] usb_kill_urb+0x8d/0xd0
       [<ffffffff8111e5e0>] ? wake_up_atomic_t+0x30/0x30
       [<ffffffff817dafbe>] usb_start_wait_urb+0xbe/0x150
       [<ffffffff817db10c>] usb_control_msg+0xbc/0xf0
       [<ffffffff817d07de>] hub_port_init+0x51e/0xb70
       [<ffffffff817d4697>] hub_event+0x817/0x1570
       [<ffffffff810f3e6f>] process_one_work+0x1ff/0x620
       [<ffffffff810f3dcf>] ? process_one_work+0x15f/0x620
       [<ffffffff810f4684>] worker_thread+0x64/0x4b0
       [<ffffffff810f4620>] ? rescuer_thread+0x390/0x390
       [<ffffffff810fa7f5>] kthread+0x105/0x120
       [<ffffffff810fa6f0>] ? kthread_create_on_node+0x200/0x200
       [<ffffffff81ba183f>] ret_from_fork+0x3f/0x70
       [<ffffffff810fa6f0>] ? kthread_create_on_node+0x200/0x200
      
      Call Trace:
       [<ffffffff817fd36d>] xhci_setup_device+0x53d/0xa40
       [<ffffffff817fd87e>] xhci_address_device+0xe/0x10
       [<ffffffff817d047f>] hub_port_init+0x1bf/0xb70
       [<ffffffff811247ed>] ? trace_hardirqs_on+0xd/0x10
       [<ffffffff817d4697>] hub_event+0x817/0x1570
       [<ffffffff810f3e6f>] process_one_work+0x1ff/0x620
       [<ffffffff810f3dcf>] ? process_one_work+0x15f/0x620
       [<ffffffff810f4684>] worker_thread+0x64/0x4b0
       [<ffffffff810f4620>] ? rescuer_thread+0x390/0x390
       [<ffffffff810fa7f5>] kthread+0x105/0x120
       [<ffffffff810fa6f0>] ? kthread_create_on_node+0x200/0x200
       [<ffffffff81ba183f>] ret_from_fork+0x3f/0x70
       [<ffffffff810fa6f0>] ? kthread_create_on_node+0x200/0x200
      
      Which results from the two call chains:
      
      hub_port_init
       usb_get_device_descriptor
        usb_get_descriptor
         usb_control_msg
          usb_internal_control_msg
           usb_start_wait_urb
            usb_submit_urb / wait_for_completion_timeout / usb_kill_urb
      
      hub_port_init
       hub_set_address
        xhci_address_device
         xhci_setup_device
      
      Mathias Nyman explains the current behaviour violates the XHCI spec:
      
       hub_port_reset() will end up moving the corresponding xhci device slot
       to default state.
      
       As hub_port_reset() is called several times in hub_port_init() it
       sounds reasonable that we could end up with two threads having their
       xhci device slots in default state at the same time, which according to
       xhci 4.5.3 specs still is a big no no:
      
       "Note: Software shall not transition more than one Device Slot to the
        Default State at a time"
      
       So both threads fail at their next task after this.
       One fails to read the descriptor, and the other fails addressing the
       device.
      
      Fix this in hub_port_init by locking the USB controller (instead of an
      individual bus) to prevent simultaneous initialisation of both buses.
      
      Fixes: 638139eb ("usb: hub: allow to process more usb hub events in parallel")
      Link: https://lkml.org/lkml/2016/2/8/312
      Link: https://lkml.org/lkml/2016/2/4/748Signed-off-by: NChris Bainbridge <chris.bainbridge@gmail.com>
      Cc: stable <stable@vger.kernel.org>
      Acked-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      feb26ac3
    • N
      usb/host/: const data must use __initconst not __initdata · edc8c54b
      Nicolas Pitre 提交于
      Init data marked const should be annotated with __initconst for
      correctness and not __initdata.  This also fixes LTO builds that
      otherwise fail with section mismatch errors.
      Signed-off-by: NNicolas Pitre <nico@linaro.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      edc8c54b
    • M
      usb: devio: declare usbdev_vm_ops as static · 10871c13
      Michele Curti 提交于
      usbdev_vm_ops is used in devio.c only, so declare it as static
      Signed-off-by: NMichele Curti <michele.curti@gmail.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      10871c13
    • C
      usb: misc: usbtest: fix error of urb allocation · 26186e5f
      Chunfeng Yun 提交于
      urb allocation will fail when usbtest_alloc_urb() tries to
      allocate zero length buffer, but it doesn't need it in fact,
      so just skips buffer allocation in the case.
      Signed-off-by: NChunfeng Yun <chunfeng.yun@mediatek.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      26186e5f
    • C
      usb: core: buffer: avoid NULL pointer dereferrence · f5e6253f
      Chunfeng Yun 提交于
      NULL pointer dereferrence will happen when class driver
      wants to allocate zero length buffer and pool_max[0]
      can't be used, so simply returns NULL in the case.
      Signed-off-by: NChunfeng Yun <chunfeng.yun@mediatek.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f5e6253f
    • A
      usbip: vudc: fix Kconfig dependencies · b5a2a8ec
      Arnd Bergmann 提交于
      With the addition of VUDC, the USBIP stack can now be used on
      configurations without USB host support, but trying to build
      it with USB gadget support disabled fails with
      
      drivers/usb/built-in.o: In function `vep_dequeue':
      vudc_main.c:(.text+0xa6ddc): undefined reference to `usb_gadget_giveback_request'
      drivers/usb/built-in.o: In function `nuke':
      vudc_main.c:(.text+0xa6ea8): undefined reference to `usb_gadget_giveback_request'
      drivers/usb/built-in.o: In function `vudc_device_reset':
      vudc_main.c:(.text+0xa720c): undefined reference to `usb_gadget_udc_reset'
      drivers/usb/built-in.o: In function `vudc_probe':
      
      This addresses both issues, by changing the dependency for USBIP_CORE
      to USB_COMMON, and adding additional dependencies on USB or USB_GADGET
      for the individual portions as needed.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Fixes: 9360575c ("usbip: vudc: Add vudc to Kconfig")
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b5a2a8ec
    • N
      usbip: safe completion against unbind operation · 6dc38da4
      Nobuo Iwata 提交于
      This patch adds a code fragment to ignore completing URBs in closing
      connection.
      
      Regarding this patch, 2 execution contexts are related.
      
      1) stub_tx.c: stub_complete() which is called from USB core
      1-1) add to unlink list and free URB or
      1-2) move to tx list
      
      2) stub_dev.c: stub_shutdown_connection() which is invoked by unbind
      operation through sysfs.
      2-1) stop TX/RX threads
      2-2) close TCP connection and set ud.tcp_socket to NULL
      2-3) cleanup pending URBs by stub_device_cleanup_urbs(sdev)
      2-4) free unlink list (no lock)
      
      In the race condition, URBs which will be cleared in 2-3) may be
      handled in 1).
      In case 1-1), it will not be transferred bcause tx threads are stooped
      in 2-1).
      In case 1-2), may be freed in 2-4).
      
      With this patch, after 2-2), completing URBs in 1) will not be handled
      and cleared in 2-3).
      
      The kernel log with this patch is as below.
      
      kernel: usbip_core: usbip_kernel_unlink:792: shutting down tcp_socket
      ef61d980
      kernel: usbip-host 1-3: free sdev f5df6180
      kernel: usbip-host 1-3: free urb f5df6700
      kernel: usbip-host 1-3: Enter
      kernel: usbip_core: usbip_stop_eh:132: usbip_eh waiting completion 5
      kernel: usbip_host: stub_complete:71: complete! status 0
      kernel: usbip_host: stub_complete:102: ignore urb for closed connection
      e725fc00 (*)
      kernel: usbip_host: stub_complete:71: complete! status -2
      kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of
      cleaning up a virtual connection
      kernel: usbip-host 1-3: free urb e725fc00 (**)
      kernel: usbip-host 1-3: free urb e725e000
      kernel: usbip_host: stub_complete:71: complete! status -2
      kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of
      cleaning up a virtual connection
      kernel: usbip-host 1-3: free urb e725f800
      kernel: usbip_host: stub_complete:71: complete! status -2
      kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of
      cleaning up a virtual connection
      kernel: usbip-host 1-3: free urb e725e800
      kernel: usbip_host: stub_complete:71: complete! status -2
      kernel: usbip-host 1-3: stopped by a call to usb_kill_urb() because of
      cleaning up a virtual connection
      kernel: usbip-host 1-3: device reset
      kernel: usbip-host 1-3: lock for reset
      kernel: usbip_host: store_match_busid:178: del busid 1-3
      kernel: uvcvideo: Found UVC 1.00 device Venus USB2.0 Camera (056e:700a)
      kernel: input: Venus USB2.0 Camera as
      /devices/pci0000:00/0000:00:1a.7/usb1/1-3/1-3:1.0/input/input22
      
      (*) skipped with this patch in completion
      (**) released in 2-3
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6dc38da4
    • K
      usb: usbip: vudc: Rename find_endpoint() to vudc_find_endpoint() · 0255cf9e
      Krzysztof Opasiak 提交于
      As find_endpoint() is a global funcion rename it to vudc_find_endpoint()
      to clearly mark where does it come from.
      Signed-off-by: NKrzysztof Opasiak <k.opasiak@samsung.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0255cf9e
    • A
      usbip: fix NULL pointer dereference on errors · 8c7003a3
      Alexander Popov 提交于
      Fix NULL pointer dereference and obsolete comments forgotten when
      usbip server was converted from an interface driver to a device driver.
      Signed-off-by: NAlexander Popov <alpopov@ptsecurity.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8c7003a3
    • K
      usb: usbip: vudc: Fix WARN_ON() usage pattern · 2bdf6ea5
      Krzysztof Opasiak 提交于
      Fix WARN_ON() macro usage as suggested by Felipe.
      Instead of using:
      if (cond) {
         WARN_ON(1);
         do_stuff();
      }
      
      Use a better pattern with WARN_ON() placed in if condition:
      
      if (WARN_ON(cond))
         do_stuff();
      Signed-off-by: NKrzysztof Opasiak <k.opasiak@samsung.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2bdf6ea5
    • K
      Documentation: ABI: Add doc for usbip-vudc attributes · f945c546
      Krzysztof Opasiak 提交于
      As vudc provides some new attributes using sysfs infrastructure,
      add a suitable documentation file for those attributes.
      Signed-off-by: NKrzysztof Opasiak <k.opasiak@samsung.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f945c546
    • G
      Merge tag 'usb-for-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-next · ce15bda1
      Greg Kroah-Hartman 提交于
      Felipe writes:
      
      usb: changes for v4.7 merge window
      
      Here's the big USB Gadget pull request. This time
      not as large as usual with only 57 non-merge
      commits.
      
      The most important part here is, again, all the work
      on dwc3. This time around we're treating all
      endpoints (except for control endpoint) exactly the
      same. They all have the same amount of TRBs on the
      ring, they all treat the ring as an actual ring with
      a link TRB pointing to the head, etc.
      
      We're also helping the host side burst (on
      SuperSpeed GEN1 or GEN2 at least) for as long as
      possible until the endpoint returns NRDY.
      
      Other than this big TRB ring rework on dwc3, we also
      have a dwc3-omap DMA initialization fix, some extra
      debugfs files to aid in some odd debug sessions and
      a complete removal of our FIFO resizing logic.
      
      We have a new quirk for some dwc3 P3 quirk in some
      implementations.
      
      The rest is basically non-critical fixes and the
      usual cleanups.
      ce15bda1
  2. 28 4月, 2016 12 次提交
  3. 27 4月, 2016 16 次提交