On Wed, 23 Jul 2014, Li RongQing wrote: > This commit introduced this bug > > commit a9232076374334ca2bc2a448dfde96d38a54349a > Author: Jeff Westfahl <jeff.westfahl@xxxxxx> > Date: Thu May 29 09:49:41 2014 +0300 > > usb: gadget: u_ether: synchronize with transmit when stopping queue > > When disconnecting, it's possible that another thread has already made it > into eth_start_xmit before we call netif_stop_queue. This can lead to a > crash as eth_start_xmit tries to use resources that gether_disconnect is > freeing. Use netif_tx_lock/unlock around netif_stop_queue to ensure no > threads are executing during the remainder of gether_disconnect. > > Signed-off-by: Jeff Westfahl <jeff.westfahl@xxxxxx> > Tested-by: Jaeden Amero <jaeden.amero@xxxxxx> > Signed-off-by: Felipe Balbi <balbi@xxxxxx> So what's the fix? > diff --git a/drivers/usb/gadget/u_ether.c b/drivers/usb/gadget/u_ether.c > index 3d78a88..97b0277 100644 > --- a/drivers/usb/gadget/u_ether.c > +++ b/drivers/usb/gadget/u_ether.c > @@ -1120,7 +1120,10 @@ void gether_disconnect(struct gether *link) > > DBG(dev, "%s\n", __func__); > > + netif_tx_lock(dev->net); > netif_stop_queue(dev->net); > + netif_tx_unlock(dev->net); > + > netif_carrier_off(dev->net); -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
