A sysfs driven USB authorisation change can trigger a usb_set_configuration while a hub_event worker thread is running. This can result in a USB device being disabled just after it was configured and bringing down all the devices and impacting hardware and user processes that were established on top of this these interfaces. In some cases the USB disable never completed and the whole system hung. At my work I had an occasional hang due to this race condition. Roughly 1 in 50 boots had the race occurrence and 1 in 4 of those resulted in a hang. This patch fixed the problem and I had no problems (spurious disables or hangs) in 750+ boots. Signed-off-by: Andrew Worsley <amworsley@xxxxxxxxx> --- drivers/usb/core/hub.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index f76b2e0aba9d..dabd07aa8602 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -51,6 +51,9 @@ static DEFINE_SPINLOCK(device_state_lock); static struct workqueue_struct *hub_wq; static void hub_event(struct work_struct *work); +/* synchronize hub_event and authorize_device operations */ +DEFINE_MUTEX(usb_authorize_mutex); + /* synchronize hub-port add/remove and peering operations */ DEFINE_MUTEX(usb_port_peer_mutex); @@ -2538,6 +2541,7 @@ int usb_new_device(struct usb_device *udev) */ int usb_deauthorize_device(struct usb_device *usb_dev) { + mutex_lock(&usb_authorize_mutex); usb_lock_device(usb_dev); if (usb_dev->authorized == 0) goto out_unauthorized; @@ -2547,6 +2551,7 @@ int usb_deauthorize_device(struct usb_device *usb_dev) out_unauthorized: usb_unlock_device(usb_dev); + mutex_unlock(&usb_authorize_mutex); return 0; } @@ -2555,6 +2560,7 @@ int usb_authorize_device(struct usb_device *usb_dev) { int result = 0, c; + mutex_lock(&usb_authorize_mutex); usb_lock_device(usb_dev); if (usb_dev->authorized == 1) goto out_authorized; @@ -2596,6 +2602,7 @@ int usb_authorize_device(struct usb_device *usb_dev) error_autoresume: out_authorized: usb_unlock_device(usb_dev); /* complements locktree */ + mutex_unlock(&usb_authorize_mutex); return result; } @@ -5320,6 +5327,7 @@ static void hub_event(struct work_struct *work) hub_dev = hub->intfdev; intf = to_usb_interface(hub_dev); + mutex_lock(&usb_authorize_mutex); dev_dbg(hub_dev, "state %d ports %d chg %04x evt %04x\n", hdev->state, hdev->maxchild, /* NOTE: expects max 15 ports... */ @@ -5422,6 +5430,7 @@ static void hub_event(struct work_struct *work) usb_autopm_put_interface_no_suspend(intf); out_hdev_lock: usb_unlock_device(hdev); + mutex_unlock(&usb_authorize_mutex); /* Balance the stuff in kick_hub_wq() and allow autosuspend */ usb_autopm_put_interface(intf); -- 2.19.2