Oliver Neukum <oneukum@xxxxxxx> writes:
> On Mon, 2013-09-30 at 04:50 +0000, Enrico Mioso wrote:
>
>> +static int huawei_cdc_ncm_manage_power(struct usbnet *usbnet_dev, int on)
>> +{
>> + struct huawei_cdc_ncm_state *drvstate = (void *)&usbnet_dev->data;
>> + int rv = 0;
>> +
>> + if ((on && atomic_add_return(1, &drvstate->pmcount) == 1) ||
>> + (!on && atomic_dec_and_test(&drvstate->pmcount))) {
>> + rv = usb_autopm_get_interface(usbnet_dev->intf);
>> + if (rv < 0)
>> + goto err;
>
> The error case corrupts drvstate->pmcount
>
>> + usbnet_dev->intf->needs_remote_wakeup = on;
>> + usb_autopm_put_interface(usbnet_dev->intf);
>> + }
>> +err:
>> + return rv;
>> +}
Hello Oliver,
I finally got around to looking closer at this and you are of course
correct. This is all my fault when I initially wrapped the
needs_remote_wakeup update in usb_autopm_{get,put}_interface,
And the problem is not only here in this new driver, but *everywhere* I
did this, including in cdc-wdm. That driver doesn't have the counter to
corrupt, but failing to update intf->needs_remote_wakeup if
usb_autopm_get_interface fails is still wrong. The get/put were only
added to make the change take effect immediately. Things sort of worked
fine before that, and ignoring a get error would only revert to that
older behaviour.
So I believe we should do the update unconditionally, and but skip
usb_autopm_put_interface if the get failed. Accordingly, these
functions should always return 0 (not that there is anything currently
checking the return anyway).
I'll prepare patches for cdc-wdm, qmi_wwan and cdc_mbim.
Bjørn
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
