[PATCH] usb: dwc3: ep0: fix delayed status is queued too early

From: Zhuang Jin Can
Date: Wed May 07 2014 - 05:54:00 EST


A delayed status request may be queued before composite framework returns
USB_GADGET_DELAYED_STATUS, because the thread queueing the request can run
on a different core in parallel with the control request irq.

SETUP XferComplete IRQ fsg_main_thread
---------------------- ---------------
| |
spin_lock_irqsave(&dwc->lock) sleeping
| |
... ...
dwc3_ep0_inspect_setup() |
| |
dwc3_ep0_delegate_req() |
| |
... |
spin_unlock(&dwc->lock); |
| |
fsg_set_alt() ======> Signal Wakeup ====> |
| |
other gadgets->set_alt() handle exception
| |
| usb_composite_setup_continue()
| |
| spin_lock_irqsave(&dwc->lock)
| __dwc3_gadget_ep0_queue()
| delay_status is false
| spin_unlock_irqrestore(&dwc->lock)
| |
| sleeping
spin_lock(&dwc->lock); |
| |
delayed_status=true |
| |

STATUS XferNotReady IRQ
------------------------
|
dwc3_ep0_xfernotready()
|
delayed_status is true, return;

The result is the status packet will never be transferred, and
delayed_status is not cleared.

Signed-off-by: Zhuang Jin Can <jin.can.zhuang@xxxxxxxxx>
Reported-by: Zhou Liping <liping.zhou@xxxxxxxxx>
---
drivers/usb/dwc3/ep0.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c
index 21a3520..07292c0 100644
--- a/drivers/usb/dwc3/ep0.c
+++ b/drivers/usb/dwc3/ep0.c
@@ -1020,7 +1020,11 @@ static void dwc3_ep0_xfernotready(struct dwc3 *dwc,
if (dwc->delayed_status) {
WARN_ON_ONCE(event->endpoint_number != 1);
dev_vdbg(dwc->dev, "Mass Storage delayed status\n");
- return;
+
+ if (list_empty(&dwc->eps[0]->request_list))
+ return;
+ else
+ dwc->delayed_status = false;
}

dwc3_ep0_do_control_status(dwc, event);
--
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/