Hi,
Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> writes:
> For some reason, Tuba can't seem to post to linux-usb@vger, so I'm
> forwarding on his message below.
>
> Felipe, sorry if you have seen this 3+ times already :(
>
> thanks,
>
> greg k-h
>
> On Fri, Mar 23, 2018 at 01:05:28PM +0000, Yavuz, Tuba wrote:
>>
>> Hello,
>>
>> It looks like there is a deadlock possibility due to double locking of a spinlock in the f_hidg_write function of the f_hid driver.
>>
>> spin_lock_irqsave(&hidg->write_spinlock, flags); // first acquire
>>
>> /* we our function has been disabled by host */
>> if (!hidg->req) {
>> free_ep_req(hidg->in_ep, hidg->req);
>> /*
>> * TODO
>> * Should we fail with error here?
>> */
>> goto try_again;
>> }
>>
>> ...
>>
>> status = usb_ep_queue(hidg->in_ep, hidg->req, GFP_ATOMIC);
>> =>
>> ...
>> => usb_gadget_giveback_request
>> =>
>> f_hidg_req_complete
>> =>
>> spin_lock_irqsave(&hidg->write_spinlock, flags); // second acquire
>>
>> The bug was introduced with commit
>> 749494b6bdbbaf0899aa1c62a1ad74cd747bce47.
Seems like the best idea is to teach dwc3 that it shouldn't call
->complete() on a failed ->queue(). Just unmap the request, delete from
dwc3's list and return error code.
I'll try to implement this and also update documentation to reflect this
requirement.
--
balbi
Attachment:
signature.asc
Description: PGP signature
