From cc8a9d79222c6b259ea9eceef21b94a5610616f0 Mon Sep 17 00:00:00 2001 From: Oliver Neukum Date: Thu, 5 Nov 2015 12:55:27 +0100 Subject: HID: usbhid: discarded events don't abort idleness If an event is discarded the device stays idle. Just reverse the order of check and marking busy. Found by code inspection. Signed-off-by: Oliver Neukum Signed-off-by: Jiri Kosina --- drivers/hid/usbhid/hid-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/hid/usbhid') diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 36712e9f56c2..19a4364c9085 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -274,10 +274,10 @@ static void hid_irq_in(struct urb *urb) switch (urb->status) { case 0: /* success */ - usbhid_mark_busy(usbhid); usbhid->retry_delay = 0; if ((hid->quirks & HID_QUIRK_ALWAYS_POLL) && !hid->open) break; + usbhid_mark_busy(usbhid); if (!test_bit(HID_RESUME_RUNNING, &usbhid->iofl)) { hid_input_report(urb->context, HID_INPUT_REPORT, urb->transfer_buffer, -- cgit v1.2.3 From e470127e9606b1fa151c4184243e61296d1e0c0f Mon Sep 17 00:00:00 2001 From: Ioan-Adrian Ratiu Date: Fri, 20 Nov 2015 22:19:02 +0200 Subject: HID: usbhid: fix recursive deadlock The critical section protected by usbhid->lock in hid_ctrl() is too big and because of this it causes a recursive deadlock. "Too big" means the case statement and the call to hid_input_report() do not need to be protected by the spinlock (no URB operations are done inside them). The deadlock happens because in certain rare cases drivers try to grab the lock while handling the ctrl irq which grabs the lock before them as described above. For example newer wacom tablets like 056a:033c try to reschedule proximity reads from wacom_intuos_schedule_prox_event() calling hid_hw_request() -> usbhid_request() -> usbhid_submit_report() which tries to grab the usbhid lock already held by hid_ctrl(). There are two ways to get out of this deadlock: 1. Make the drivers work "around" the ctrl critical region, in the wacom case for ex. by delaying the scheduling of the proximity read request itself to a workqueue. 2. Shrink the critical region so the usbhid lock protects only the instructions which modify usbhid state, calling hid_input_report() with the spinlock unlocked, allowing the device driver to grab the lock first, finish and then grab the lock afterwards in hid_ctrl(). This patch implements the 2nd solution. Signed-off-by: Ioan-Adrian Ratiu Signed-off-by: Jiri Kosina --- drivers/hid/usbhid/hid-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/hid/usbhid') diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 19a4364c9085..ad71160b9ea4 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -477,8 +477,6 @@ static void hid_ctrl(struct urb *urb) struct usbhid_device *usbhid = hid->driver_data; int unplug = 0, status = urb->status; - spin_lock(&usbhid->lock); - switch (status) { case 0: /* success */ if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN) @@ -498,6 +496,8 @@ static void hid_ctrl(struct urb *urb) hid_warn(urb->dev, "ctrl urb status %d received\n", status); } + spin_lock(&usbhid->lock); + if (unplug) { usbhid->ctrltail = usbhid->ctrlhead; } else { -- cgit v1.2.3 From 7775fb929d959eade7c705e27a0a759997463da8 Mon Sep 17 00:00:00 2001 From: Geliang Tang Date: Wed, 23 Dec 2015 21:26:53 +0800 Subject: HID: usbhid: use to_usb_device Use to_usb_device() instead of open-coding it. Signed-off-by: Geliang Tang Signed-off-by: Jiri Kosina --- drivers/hid/usbhid/usbhid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/hid/usbhid') diff --git a/drivers/hid/usbhid/usbhid.h b/drivers/hid/usbhid/usbhid.h index 807922b49aa4..fa47d666cfcf 100644 --- a/drivers/hid/usbhid/usbhid.h +++ b/drivers/hid/usbhid/usbhid.h @@ -96,7 +96,7 @@ struct usbhid_device { }; #define hid_to_usb_dev(hid_dev) \ - container_of(hid_dev->dev.parent->parent, struct usb_device, dev) + to_usb_device(hid_dev->dev.parent->parent) #endif -- cgit v1.2.3