Commit e3fa252a0ef3d1f93bc55cefc2f707359b43c70d
Exists in
smarc-l5.0.0_1.0.0-ga
and in
5 other branches
Merge 3.2-rc1 into usb-linus
This is needed to catch the resume bug that was bothering lots of us from testing some XHCI bug fixes in the suspend/resume path. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing 7 changed files Side-by-side Diff
Documentation/usb/URB.txt
| ... | ... | @@ -168,6 +168,28 @@ |
| 168 | 168 | they will get a -EPERM error. Thus you can be sure that when |
| 169 | 169 | usb_kill_urb() returns, the URB is totally idle. |
| 170 | 170 | |
| 171 | +There is a lifetime issue to consider. An URB may complete at any | |
| 172 | +time, and the completion handler may free the URB. If this happens | |
| 173 | +while usb_unlink_urb or usb_kill_urb is running, it will cause a | |
| 174 | +memory-access violation. The driver is responsible for avoiding this, | |
| 175 | +which often means some sort of lock will be needed to prevent the URB | |
| 176 | +from being deallocated while it is still in use. | |
| 177 | + | |
| 178 | +On the other hand, since usb_unlink_urb may end up calling the | |
| 179 | +completion handler, the handler must not take any lock that is held | |
| 180 | +when usb_unlink_urb is invoked. The general solution to this problem | |
| 181 | +is to increment the URB's reference count while holding the lock, then | |
| 182 | +drop the lock and call usb_unlink_urb or usb_kill_urb, and then | |
| 183 | +decrement the URB's reference count. You increment the reference | |
| 184 | +count by calling | |
| 185 | + | |
| 186 | + struct urb *usb_get_urb(struct urb *urb) | |
| 187 | + | |
| 188 | +(ignore the return value; it is the same as the argument) and | |
| 189 | +decrement the reference count by calling usb_free_urb. Of course, | |
| 190 | +none of this is necessary if there's no danger of the URB being freed | |
| 191 | +by the completion handler. | |
| 192 | + | |
| 171 | 193 | |
| 172 | 194 | 1.7. What about the completion handler? |
| 173 | 195 |
Documentation/usb/usbmon.txt
| ... | ... | @@ -183,10 +183,10 @@ |
| 183 | 183 | d5ea89a0 3575914555 S Ci:1:001:0 s a3 00 0000 0003 0004 4 < |
| 184 | 184 | d5ea89a0 3575914560 C Ci:1:001:0 0 4 = 01050000 |
| 185 | 185 | |
| 186 | -An output bulk transfer to send a SCSI command 0x5E in a 31-byte Bulk wrapper | |
| 187 | -to a storage device at address 5: | |
| 186 | +An output bulk transfer to send a SCSI command 0x28 (READ_10) in a 31-byte | |
| 187 | +Bulk wrapper to a storage device at address 5: | |
| 188 | 188 | |
| 189 | -dd65f0e8 4128379752 S Bo:1:005:2 -115 31 = 55534243 5e000000 00000000 00000600 00000000 00000000 00000000 000000 | |
| 189 | +dd65f0e8 4128379752 S Bo:1:005:2 -115 31 = 55534243 ad000000 00800000 80010a28 20000000 20000040 00000000 000000 | |
| 190 | 190 | dd65f0e8 4128379808 C Bo:1:005:2 0 31 > |
| 191 | 191 | |
| 192 | 192 | * Raw binary format and API |
drivers/usb/Kconfig
| ... | ... | @@ -2,14 +2,6 @@ |
| 2 | 2 | # USB device configuration |
| 3 | 3 | # |
| 4 | 4 | |
| 5 | -menuconfig USB_SUPPORT | |
| 6 | - bool "USB support" | |
| 7 | - depends on HAS_IOMEM | |
| 8 | - default y | |
| 9 | - ---help--- | |
| 10 | - This option adds core support for Universal Serial Bus (USB). | |
| 11 | - You will also need drivers from the following menu to make use of it. | |
| 12 | - | |
| 13 | 5 | # many non-PCI SOC chips embed OHCI |
| 14 | 6 | config USB_ARCH_HAS_OHCI |
| 15 | 7 | boolean |
| ... | ... | @@ -62,6 +54,14 @@ |
| 62 | 54 | config USB_ARCH_HAS_XHCI |
| 63 | 55 | boolean |
| 64 | 56 | default PCI |
| 57 | + | |
| 58 | +menuconfig USB_SUPPORT | |
| 59 | + bool "USB support" | |
| 60 | + depends on HAS_IOMEM | |
| 61 | + default y | |
| 62 | + ---help--- | |
| 63 | + This option adds core support for Universal Serial Bus (USB). | |
| 64 | + You will also need drivers from the following menu to make use of it. | |
| 65 | 65 | |
| 66 | 66 | if USB_SUPPORT |
| 67 | 67 |
drivers/usb/core/message.c
| ... | ... | @@ -308,7 +308,8 @@ |
| 308 | 308 | retval = usb_unlink_urb(io->urbs [i]); |
| 309 | 309 | if (retval != -EINPROGRESS && |
| 310 | 310 | retval != -ENODEV && |
| 311 | - retval != -EBUSY) | |
| 311 | + retval != -EBUSY && | |
| 312 | + retval != -EIDRM) | |
| 312 | 313 | dev_err(&io->dev->dev, |
| 313 | 314 | "%s, unlink --> %d\n", |
| 314 | 315 | __func__, retval); |
| ... | ... | @@ -317,7 +318,6 @@ |
| 317 | 318 | } |
| 318 | 319 | spin_lock(&io->lock); |
| 319 | 320 | } |
| 320 | - urb->dev = NULL; | |
| 321 | 321 | |
| 322 | 322 | /* on the last completion, signal usb_sg_wait() */ |
| 323 | 323 | io->bytes += urb->actual_length; |
| ... | ... | @@ -524,7 +524,6 @@ |
| 524 | 524 | case -ENXIO: /* hc didn't queue this one */ |
| 525 | 525 | case -EAGAIN: |
| 526 | 526 | case -ENOMEM: |
| 527 | - io->urbs[i]->dev = NULL; | |
| 528 | 527 | retval = 0; |
| 529 | 528 | yield(); |
| 530 | 529 | break; |
| ... | ... | @@ -542,7 +541,6 @@ |
| 542 | 541 | |
| 543 | 542 | /* fail any uncompleted urbs */ |
| 544 | 543 | default: |
| 545 | - io->urbs[i]->dev = NULL; | |
| 546 | 544 | io->urbs[i]->status = retval; |
| 547 | 545 | dev_dbg(&io->dev->dev, "%s, submit --> %d\n", |
| 548 | 546 | __func__, retval); |
| ... | ... | @@ -593,7 +591,10 @@ |
| 593 | 591 | if (!io->urbs [i]->dev) |
| 594 | 592 | continue; |
| 595 | 593 | retval = usb_unlink_urb(io->urbs [i]); |
| 596 | - if (retval != -EINPROGRESS && retval != -EBUSY) | |
| 594 | + if (retval != -EINPROGRESS | |
| 595 | + && retval != -ENODEV | |
| 596 | + && retval != -EBUSY | |
| 597 | + && retval != -EIDRM) | |
| 597 | 598 | dev_warn(&io->dev->dev, "%s, unlink --> %d\n", |
| 598 | 599 | __func__, retval); |
| 599 | 600 | } |
drivers/usb/core/urb.c
| ... | ... | @@ -539,6 +539,10 @@ |
| 539 | 539 | * never submitted, or it was unlinked before, or the hardware is already |
| 540 | 540 | * finished with it), even if the completion handler has not yet run. |
| 541 | 541 | * |
| 542 | + * The URB must not be deallocated while this routine is running. In | |
| 543 | + * particular, when a driver calls this routine, it must insure that the | |
| 544 | + * completion handler cannot deallocate the URB. | |
| 545 | + * | |
| 542 | 546 | * Unlinking and Endpoint Queues: |
| 543 | 547 | * |
| 544 | 548 | * [The behaviors and guarantees described below do not apply to virtual |
| ... | ... | @@ -603,6 +607,10 @@ |
| 603 | 607 | * with error -EPERM. Thus even if the URB's completion handler always |
| 604 | 608 | * tries to resubmit, it will not succeed and the URB will become idle. |
| 605 | 609 | * |
| 610 | + * The URB must not be deallocated while this routine is running. In | |
| 611 | + * particular, when a driver calls this routine, it must insure that the | |
| 612 | + * completion handler cannot deallocate the URB. | |
| 613 | + * | |
| 606 | 614 | * This routine may not be used in an interrupt context (such as a bottom |
| 607 | 615 | * half or a completion handler), or when holding a spinlock, or in other |
| 608 | 616 | * situations where the caller can't schedule(). |
| ... | ... | @@ -639,6 +647,10 @@ |
| 639 | 647 | * After and while the routine runs, attempts to resubmit the URB will fail |
| 640 | 648 | * with error -EPERM. Thus even if the URB's completion handler always |
| 641 | 649 | * tries to resubmit, it will not succeed and the URB will become idle. |
| 650 | + * | |
| 651 | + * The URB must not be deallocated while this routine is running. In | |
| 652 | + * particular, when a driver calls this routine, it must insure that the | |
| 653 | + * completion handler cannot deallocate the URB. | |
| 642 | 654 | * |
| 643 | 655 | * This routine may not be used in an interrupt context (such as a bottom |
| 644 | 656 | * half or a completion handler), or when holding a spinlock, or in other |
drivers/usb/gadget/inode.c
drivers/usb/storage/usb.c
| ... | ... | @@ -132,7 +132,36 @@ |
| 132 | 132 | #undef COMPLIANT_DEV |
| 133 | 133 | #undef USUAL_DEV |
| 134 | 134 | |
| 135 | +#ifdef CONFIG_LOCKDEP | |
| 135 | 136 | |
| 137 | +static struct lock_class_key us_interface_key[USB_MAXINTERFACES]; | |
| 138 | + | |
| 139 | +static void us_set_lock_class(struct mutex *mutex, | |
| 140 | + struct usb_interface *intf) | |
| 141 | +{ | |
| 142 | + struct usb_device *udev = interface_to_usbdev(intf); | |
| 143 | + struct usb_host_config *config = udev->actconfig; | |
| 144 | + int i; | |
| 145 | + | |
| 146 | + for (i = 0; i < config->desc.bNumInterfaces; i++) { | |
| 147 | + if (config->interface[i] == intf) | |
| 148 | + break; | |
| 149 | + } | |
| 150 | + | |
| 151 | + BUG_ON(i == config->desc.bNumInterfaces); | |
| 152 | + | |
| 153 | + lockdep_set_class(mutex, &us_interface_key[i]); | |
| 154 | +} | |
| 155 | + | |
| 156 | +#else | |
| 157 | + | |
| 158 | +static void us_set_lock_class(struct mutex *mutex, | |
| 159 | + struct usb_interface *intf) | |
| 160 | +{ | |
| 161 | +} | |
| 162 | + | |
| 163 | +#endif | |
| 164 | + | |
| 136 | 165 | #ifdef CONFIG_PM /* Minimal support for suspend and resume */ |
| 137 | 166 | |
| 138 | 167 | int usb_stor_suspend(struct usb_interface *iface, pm_message_t message) |
| ... | ... | @@ -895,6 +924,7 @@ |
| 895 | 924 | *pus = us = host_to_us(host); |
| 896 | 925 | memset(us, 0, sizeof(struct us_data)); |
| 897 | 926 | mutex_init(&(us->dev_mutex)); |
| 927 | + us_set_lock_class(&us->dev_mutex, intf); | |
| 898 | 928 | init_completion(&us->cmnd_ready); |
| 899 | 929 | init_completion(&(us->notify)); |
| 900 | 930 | init_waitqueue_head(&us->delay_wait); |