On Friday, April 20, 2012 06:17:51 PM Ming Lei wrote:
> On Fri, Apr 20, 2012 at 3:57 PM, Oliver Neukum <oneukum@xxxxxxx> wrote:
> > You are racing with hid_irq_out(). It calls hid_submit_out()
> > under lock. So if hid_irq_out() is running between dropping
> > the lock and usb_unlink_urb() you may kill the newly submitted
> > urb, not the old urb that has timed out.
>
> Yes, it is the race I missed, :-(
>
> > You must make sure that between the times you check usbhid->last_out
> > and calling unlink hid_submit_out() cannot be called.
> > You can't just drop the lock (at least on SMP)
>
> Looks it is not easy to avoid the race if the lock is to be dropped.
>
> So how about not acquiring the lock during unlinking as below?
<skip>
Why don't you do something like this:
urb_to_unlink = usbhid->urbout;
usbhid->urbout = NULL;
spin_unlock(&usbhid->lock);
usb_unlink_urb(urb_to_unlink);
spin_lock(&usbhid->lock);
and of course comment it properly.
Thanks.
--
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
