Hello,
We verified the updated patch and everything seems to be ok. All 61 USB hub testcases pass.
Regards,
/Alex
-----Original Message-----
From: Alan Stern [mailto:stern@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, December 15, 2015 10:54 PM
To: Cornea, Alexandru <alexandru.cornea@xxxxxxxxx>
Cc: linux-usb@xxxxxxxxxxxxxxx; Maxim, Costel <costel.maxim@xxxxxxxxx>; Moraru, Cristina <cristina.moraru@xxxxxxxxx>
Subject: RE: [PROBLEM] usb hub malformed packets causes null pointer dereference
On Tue, 15 Dec 2015, Alan Stern wrote:
> On Tue, 15 Dec 2015, Cornea, Alexandru wrote:
>
> > Hello,
> > Apologies for the late response.
> > We tried the patch, and although the system does not crash anymore, another issue occurs.
> > Depending on platform (Gigabyte GXBT, Galileo board), the USB port that is used for testing or all USB ports become blocked and cannot recognize new devices. Also, soft shutdown / reboot seems to hang.
>
>
> I can't figure out the problem from this trace. Were there any other
> tasks blocked like this one?
>
> Please enable USB debugging (echo 'module usbcore =p'
> > /sys/kernel/debug/dynamic_debug/control), run the test again, and
> > post
> the resulting dmesg log.
Never mind, I found the mistake. An updated patch is below.
Alan Stern
Index: usb-4.3/drivers/usb/core/hub.c
===================================================================
--- usb-4.3.orig/drivers/usb/core/hub.c
+++ usb-4.3/drivers/usb/core/hub.c
@@ -1031,10 +1031,20 @@ static void hub_activate(struct usb_hub
unsigned delay;
/* Continue a partial initialization */
- if (type == HUB_INIT2)
- goto init2;
- if (type == HUB_INIT3)
+ if (type == HUB_INIT2 || type == HUB_INIT3) {
+ device_lock(hub->intfdev);
+
+ /* Was the hub disconnected while we were waiting? */
+ if (hub->disconnected) {
+ device_unlock(hub->intfdev);
+ kref_put(&hub->kref, hub_release);
+ return;
+ }
+ if (type == HUB_INIT2)
+ goto init2;
goto init3;
+ }
+ kref_get(&hub->kref);
/* The superspeed hub except for root hub has to use Hub Depth
* value as an offset into the route string to locate the bits @@ -1232,6 +1242,7 @@ static void hub_activate(struct usb_hub
queue_delayed_work(system_power_efficient_wq,
&hub->init_work,
msecs_to_jiffies(delay));
+ device_unlock(hub->intfdev);
return; /* Continues at init3: below */
} else {
msleep(delay);
@@ -1253,6 +1264,11 @@ static void hub_activate(struct usb_hub
/* Allow autosuspend if it was suppressed */
if (type <= HUB_INIT3)
usb_autopm_put_interface_async(to_usb_interface(hub->intfdev));
+
+ if (type == HUB_INIT2 || type == HUB_INIT3)
+ device_unlock(hub->intfdev);
+
+ kref_put(&hub->kref, hub_release);
}
/* Implement the continuations for the delays above */
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
