Re: OHCI: NULL or LIST_POISON dereference on ueagle-atm disconnection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 7 Jun 2016, Michał Pecio wrote:

> > That's clear enough.
> > 
> > 	ISO IN 1007 bytes -> 793 us
> > 	INT IN   32 bytes ->  35 us
> > 	                     ------
> > 	                     825 us
> > 
> > The additional requirements are:
> > 
> > 	ISO IN  48 bytes  ->  45 us -> 870 us total
> > 	ISO IN 192 bytes  -> 158 us -> 983 us total
> 
> Or how about both, 1028 out of 1000 us total ;)
> 
> T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  8 Spd=12   MxCh= 0
> D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
> P:  Vendor=1130 ProdID=f211 Rev= 2.04
> S:  Product=USB  AUDIO  
> C:* #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA
> I:* If#= 0 Alt= 0 #EPs= 0 Cls=01(audio) Sub=01 Prot=00 Driver=snd-usb-audio
> I:  If#= 1 Alt= 0 #EPs= 0 Cls=01(audio) Sub=02 Prot=00 Driver=snd-usb-audio
> I:* If#= 1 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=00 Driver=snd-usb-audio
> E:  Ad=01(O) Atr=09(Isoc) MxPS= 192 Ivl=1ms
> I:  If#= 2 Alt= 0 #EPs= 0 Cls=01(audio) Sub=02 Prot=00 Driver=snd-usb-audio
> I:* If#= 2 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=00 Driver=snd-usb-audio
> E:  Ad=83(I) Atr=09(Isoc) MxPS=  48 Ivl=1ms
> I:* If#= 3 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=01 Prot=01 Driver=usbhid
> E:  Ad=82(I) Atr=03(Int.) MxPS=   8 Ivl=10ms
> I:* If#= 4 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=01 Prot=01 Driver=usbhid
> E:  Ad=84(I) Atr=03(Int.) MxPS=   8 Ivl=10ms
> 
> T:  Bus=01 Lev=01 Prnt=01 Port=02 Cnt=02 Dev#=  7 Spd=12   MxCh= 0
> D:  Ver= 1.00 Cls=02(comm.) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
> P:  Vendor=1110 ProdID=9031 Rev=20.0b
> S:  Product=ADSL-USB Modem
> S:  SerialNumber=00604C8D86AA
> C:* #Ifs= 3 Cfg#= 1 Atr=80 MxPwr=400mA
> I:* If#= 0 Alt= 0 #EPs= 1 Cls=02(comm.) Sub=07 Prot=00 Driver=ueagle-atm
> E:  Ad=84(I) Atr=03(Int.) MxPS=  32 Ivl=1ms
> I:* If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=04(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
> E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
> I:  If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=04(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
> E:  Ad=02(O) Atr=03(Int.) MxPS=  64 Ivl=1ms
> I:  If#= 2 Alt= 0 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
> I:  If#= 2 Alt= 1 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=88(I) Atr=01(Isoc) MxPS= 159 Ivl=1ms
> I:  If#= 2 Alt= 2 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=88(I) Atr=01(Isoc) MxPS= 265 Ivl=1ms
> I:  If#= 2 Alt= 3 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=88(I) Atr=01(Isoc) MxPS= 424 Ivl=1ms
> I:  If#= 2 Alt= 4 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=88(I) Atr=01(Isoc) MxPS= 530 Ivl=1ms
> I:  If#= 2 Alt= 5 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=88(I) Atr=01(Isoc) MxPS= 636 Ivl=1ms
> I:  If#= 2 Alt= 6 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=88(I) Atr=01(Isoc) MxPS= 795 Ivl=1ms
> I:  If#= 2 Alt= 7 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=88(I) Atr=01(Isoc) MxPS= 901 Ivl=1ms
> I:* If#= 2 Alt= 8 #EPs= 1 Cls=0a(data ) Sub=00 Prot=00 Driver=ueagle-atm
> E:  Ad=88(I) Atr=01(Isoc) MxPS=1007 Ivl=1ms
> 
> T:  Bus=01 Lev=01 Prnt=01 Port=04 Cnt=03 Dev#=  2 Spd=1.5  MxCh= 0
> D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
> P:  Vendor=0461 ProdID=4ebc Rev= 1.04
> S:  Manufacturer=NOVATEK
> S:  Product=Classic USB Keyboard
> C:* #Ifs= 2 Cfg#= 1 Atr=a0 MxPwr=100mA
> I:* If#= 0 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=01 Prot=01 Driver=usbhid
> E:  Ad=81(I) Atr=03(Int.) MxPS=   8 Ivl=10ms
> I:* If#= 1 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
> E:  Ad=82(I) Atr=03(Int.) MxPS=   8 Ivl=10ms
> 
> size = 32
>  0 [354]: ed8/ffff8800df655050 (ls dev2 ep1in-int qlen 1 max 8 00083082) ed1/ffff8800df655140 (fs dev7 ep4in-int qlen 1 max 32 00201207) ed1/ffff8800df6551e0 (fs dev7 ep8in-iso qlen 12 max 1007 03ef9407) ed1/ffff8800df655370 (fs dev8 ep1out-iso qlen 13 max 192 00c08888) ed1/ffff8800df6553c0 (fs dev8 ep3in-iso qlen 12 max 48 00309188)
>  1 [354]: ed8/ffff8800df6550a0 (ls dev2 ep2in-int qlen 1 max 8 00083102) ed1/ffff8800df655140
>  2 [253]: ed8/ffff8800df655280 (fs dev8 ep2in-int qlen 1 max 8 00081108) ed1/ffff8800df655140
>  3 [253]: ed8/ffff8800df655230 (fs dev8 ep4in-int qlen 1 max 8 00081208) ed1/ffff8800df655140
>  4 [237]: ed1/ffff8800df655140
>  5 [237]: ed1/ffff8800df655140
>  6 [237]: ed1/ffff8800df655140
>  7 [237]: ed1/ffff8800df655140
>  8 [354]: ed8/ffff8800df655050
>  9 [354]: ed8/ffff8800df6550a0
> 10 [253]: ed8/ffff8800df655280
> 11 [253]: ed8/ffff8800df655230
> 12 [237]: ed1/ffff8800df655140
> 13 [237]: ed1/ffff8800df655140
> 14 [237]: ed1/ffff8800df655140
> 15 [237]: ed1/ffff8800df655140
> 16 [354]: ed8/ffff8800df655050
> 17 [354]: ed8/ffff8800df6550a0
> 18 [253]: ed8/ffff8800df655280
> 19 [253]: ed8/ffff8800df655230
> 20 [237]: ed1/ffff8800df655140
> 21 [237]: ed1/ffff8800df655140
> 22 [237]: ed1/ffff8800df655140
> 23 [237]: ed1/ffff8800df655140
> 24 [354]: ed8/ffff8800df655050
> 25 [354]: ed8/ffff8800df6550a0
> 26 [253]: ed8/ffff8800df655280
> 27 [253]: ed8/ffff8800df655230
> 28 [237]: ed1/ffff8800df655140
> 29 [237]: ed1/ffff8800df655140
> 30 [237]: ed1/ffff8800df655140
> 31 [237]: ed1/ffff8800df655140

Clearly a bug, and almost certainly the bug that we just identified.

> Audio playback and keyboard work perfectly, audio recording produces
> *some* output (didn't check what) and the network seems good enough to
> fetch small website with curl every second, although I feel like pppd
> takes unusually long to start.

Periodic scheduling is "pessimistic"; it uses worst-case values.  So if 
the driver over-commits, things will still work okay most of the time.

> This is 3.14.25 and I'm almost sure *every* current kernel allows that.

No doubt.

> I'm almost sure your fix eleminates this issue as well, so I wonder if
> maybe it shouldn't be sent to all LTS releases, if somebody can confirm
> that this looks like a real problem and not just me being clueless ;)

Yes, it is a real problem.  On the other hand, I'm concerned about 
fixing it, because (as you saw) it will cause things that work pretty 
well to stop working.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux