Am Dienstag, 3. August 2010, 02:32:28 schrieb Christian Lamparter:
Hi,
sorry for answering late. I was ill.
> This patch fixes a race condition in two utility routines
> related to the removal/unlinking of urbs from an anchor.
>
> If two threads are concurrently accessing the same anchor,
> both could end up with the same urb - thinking they are
> the exclusive owner.
Very good fix. I simply didn't envision that use case.
> Alan Stern pointed out a related issue in
> usb_unlink_anchored_urbs:
>
> "The URB isn't removed from the anchor until it completes
> (as a by-product of completion, in fact), which might not
> be for quite some time after the unlink call returns.
> In the meantime, the subroutine will keep trying to unlink
> it, over and over again."
Yes. I simply don't find time to test the fix.
> @@ -749,20 +756,11 @@ EXPORT_SYMBOL_GPL(usb_unpoison_anchored_urbs);
> void usb_unlink_anchored_urbs(struct usb_anchor *anchor)
> {
> struct urb *victim;
> - unsigned long flags;
>
> - spin_lock_irqsave(&anchor->lock, flags);
> - while (!list_empty(&anchor->urb_list)) {
> - victim = list_entry(anchor->urb_list.prev, struct urb,
> - anchor_list);
> - usb_get_urb(victim);
> - spin_unlock_irqrestore(&anchor->lock, flags);
> - /* this will unanchor the URB */
> + while ((victim = usb_get_from_anchor(anchor)) != NULL) {
> usb_unlink_urb(victim);
> usb_put_urb(victim);
> - spin_lock_irqsave(&anchor->lock, flags);
> }
> - spin_unlock_irqrestore(&anchor->lock, flags);
This was written in the slightly convoluted manner out of fear that HCDs
would call right back into usb_hcd_giveback_urb() which would unanchor
the URB.
Alan, do we have HCD drivers that do that?
Regards
Oliver
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
