From cde217a556ec552d28ac9e136c5a94684a69ae94 Mon Sep 17 00:00:00 2001 From: Alan Stern Date: Tue, 21 Oct 2008 15:28:46 -0400 Subject: USB: fix crash when URBs are unlinked after the device is gone This patch (as1151) protects usbcore against drivers that try to unlink an URB after the URB's device or bus have been removed. The core does not currently check for this, and certain drivers can cause a crash if they are running while an HCD is unloaded. Certainly it would be best to fix the guilty drivers. But a little defensive programming doesn't hurt, especially since it appears that quite a few drivers need to be fixed. The patch prevents the problem by grabbing a reference to the device while an unlink is in progress and using a new spinlock to synchronize unlinks with device removal. (There's no need to acquire a reference to the bus as well, since the device structure itself keeps a reference to the bus.) In addition, the kerneldoc is updated to indicate that URBs should not be unlinked after the disconnect method returns. Signed-off-by: Alan Stern Cc: stable Signed-off-by: Greg Kroah-Hartman --- drivers/usb/core/hub.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/usb/core/hub.c') diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 9b3f16bd12cb..37ff8aed256d 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -1429,6 +1429,7 @@ void usb_disconnect(struct usb_device **pdev) */ dev_dbg (&udev->dev, "unregistering device\n"); usb_disable_device(udev, 0); + usb_hcd_synchronize_unlinks(udev); usb_unlock_device(udev); -- cgit v1.2.3 From 61fbeba11c553c489ba5284c0ed67067dc7b7c0f Mon Sep 17 00:00:00 2001 From: Alan Stern Date: Mon, 27 Oct 2008 12:07:44 -0400 Subject: USB: prevent autosuspend during hub initialization This patch (as1153) fixes a potential problem in hub initialization. Starting in 2.6.28, initialization was split into several tasks to help speed up booting. This opens the possibility that the hub may be autosuspended before all the initialization tasks can complete. Normally that wouldn't matter, but with incomplete initialization there is a risk that the hub would never autoresume -- especially if devices were plugged into the hub beforehand. The solution is a simple one-line change to suppress autosuspend until the initialization is finished. Signed-off-by: Alan Stern Signed-off-by: Greg Kroah-Hartman --- drivers/usb/core/hub.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'drivers/usb/core/hub.c') diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 37ff8aed256d..b19cbfcd51da 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -659,6 +659,9 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) PREPARE_DELAYED_WORK(&hub->init_work, hub_init_func2); schedule_delayed_work(&hub->init_work, msecs_to_jiffies(delay)); + + /* Suppress autosuspend until init is done */ + to_usb_interface(hub->intfdev)->pm_usage_cnt = 1; return; /* Continues at init2: below */ } else { hub_power_on(hub, true); -- cgit v1.2.3