Re: [PATCH v2 1/1] usb: misc: usbtest: add fix for driver hang

From: Alan Stern
Date: Wed Aug 10 2016 - 14:20:34 EST


On Wed, 10 Aug 2016, Lu Baolu wrote:

> In sg_timeout(), req->status is set to "-ETIMEDOUT" before calling
> into usb_sg_cancel(). usb_sg_cancel() will do nothing and return
> directly if req->status has been set to a non-zero value. This will
> cause driver hang whenever transfer time out is triggered.
>
> This patch fixes this issue. It could be backported to stable kernel
> with version later than v3.15.
>
> Cc: stable@xxxxxxxxxxxxxxx # 3.15+
> Cc: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> ---
> v1->v2:
> - Set retval to -ETIMEDOUT after timed out
> - Removed the kernel log in patch description
>
> drivers/usb/misc/usbtest.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
> index 6b978f0..c273e11 100644
> --- a/drivers/usb/misc/usbtest.c
> +++ b/drivers/usb/misc/usbtest.c
> @@ -585,7 +585,6 @@ static void sg_timeout(unsigned long _req)
> {
> struct usb_sg_request *req = (struct usb_sg_request *) _req;
>
> - req->status = -ETIMEDOUT;
> usb_sg_cancel(req);
> }
>
> @@ -616,8 +615,10 @@ static int perform_sglist(
> mod_timer(&sg_timer, jiffies +
> msecs_to_jiffies(SIMPLE_IO_TIMEOUT));
> usb_sg_wait(req);
> - del_timer_sync(&sg_timer);
> - retval = req->status;
> + if (unlikely(!del_timer_sync(&sg_timer)))
> + retval = -ETIMEDOUT;
> + else
> + retval = req->status;
>
> /* FIXME check resulting data pattern */

I wouldn't bother with the "unlikely()" because this isn't a hot path.
Aside from that,

Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>

Alan Stern