public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-04 00:06:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers
History
Shigeru Yoshida b2685bdacd ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() 
Running io_watchdog_func() while ohci_urb_enqueue() is running can
cause a race condition where ohci->prev_frame_no is corrupted and the
watchdog can mis-detect following error:

  ohci-platform 664a0800.usb: frame counter not updating; disabled
  ohci-platform 664a0800.usb: HC died; cleaning up

Specifically, following scenario causes a race condition:

  1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
     and enters the critical section
  2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
     returns false
  3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number
     read by ohci_frame_no(ohci)
  4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
  5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
     flags) and exits the critical section
  6. Later, ohci_urb_enqueue() is called
  7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
     and enters the critical section
  8. The timer scheduled on step 4 expires and io_watchdog_func() runs
  9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags)
     and waits on it because ohci_urb_enqueue() is already in the
     critical section on step 7
 10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
     returns false
 11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number
     read by ohci_frame_no(ohci) because the frame number proceeded
     between step 3 and 6
 12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
 13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
     flags) and exits the critical section, then wake up
     io_watchdog_func() which is waiting on step 9
 14. io_watchdog_func() enters the critical section
 15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no
     variable to the frame number
 16. io_watchdog_func() compares frame_no and ohci->prev_frame_no

On step 16, because this calling of io_watchdog_func() is scheduled on
step 4, the frame number set in ohci->prev_frame_no is expected to the
number set on step 3.  However, ohci->prev_frame_no is overwritten on
step 11.  Because step 16 is executed soon after step 11, the frame
number might not proceed, so ohci->prev_frame_no must equals to
frame_no.

To address above scenario, this patch introduces a special sentinel
value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when
the watchdog is not pending or running.  When ohci_urb_enqueue()
schedules the watchdog (step 4 and 12 above), it compares
ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is
not overwritten while io_watchdog_func() is running.

Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida@windriver.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-15 18:43:57 +01:00
..
accessibility
acpi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
amba
android vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ata pci-v4.16-changes 2018-02-06 09:59:40 -08:00
atm atm: he: use 64-bit arithmetic instead of 32-bit 2018-02-08 15:05:16 -05:00
auxdisplay
base More power management updates for v4.16-rc1 2018-02-09 09:40:33 -08:00
bcma
block Things have been very quiet on the rbd side, as work continues on the 2018-02-08 11:38:59 -08:00
bluetooth vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
bus ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
cdrom
char vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
clk MIPS changes for 4.16 2018-02-07 11:22:44 -08:00
clocksource
connector
cpufreq arm: imx: Add MODULE_ALIAS for cpufreq 2018-02-08 10:21:39 +01:00
cpuidle powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
crypto KVM changes for 4.16 2018-02-10 13:16:35 -08:00
dax Merge branch 'for-4.16/dax' into libnvdimm-for-next 2018-02-03 00:26:10 -07:00
dca
devfreq
dio
dma Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-02-02 09:50:51 -08:00
dma-buf vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
edac
eisa
extcon
firewire vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
firmware 2nd set of arm64 updates for 4.16: 2018-02-08 10:44:25 -08:00
fmc
fpga
fsi
gpio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
gpu vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hid vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hsi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hv vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hwmon hwmon: (dell-smm) Disable fan support for Dell Vostro 3360 2018-01-27 09:34:22 -08:00
hwspinlock
hwtracing Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
i2c Merge branch 'i2c/for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-02-04 10:57:43 -08:00
ide pci-v4.16-changes 2018-02-06 09:59:40 -08:00
idle
iio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
infiniband vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
input vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
iommu IOMMU Updates for Linux v4.16 2018-02-08 12:03:54 -08:00
ipack
irqchip pci-v4.16-changes 2018-02-06 09:59:40 -08:00
isdn vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
leds vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
lightnvm
macintosh vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mailbox vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mcb
md vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
media vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
memory ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
memstick
message
mfd vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
misc vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mmc Kbuild updates for v4.16 (2nd) 2018-02-09 19:32:41 -08:00
mtd dma mapping changes for Linux 4.16: 2018-01-31 11:32:27 -08:00
mux Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
net vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
nfc
ntb NTB: ntb_perf: fix cast to restricted __le32 2018-01-28 22:17:24 -05:00
nubus
nvdimm Merge branch 'for-4.16/nfit' into libnvdimm-for-next 2018-02-03 00:26:26 -07:00
nvme for-linus-20180204 2018-02-04 11:16:35 -08:00
nvmem
of pci-v4.16-changes 2018-02-06 09:59:40 -08:00
opp
oprofile
parisc
parport
pci vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pcmcia Merge branch 'pcmcia' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia 2018-02-08 11:48:49 -08:00
perf bitmap: replace bitmap_{from,to}_u32array 2018-02-06 18:32:44 -08:00
phy USB/PHY updates for 4.16-rc1 2018-02-01 09:40:49 -08:00
pinctrl This is the bulk of pin control changes for the v4.16 kernel cycle: 2018-02-02 14:22:53 -08:00
platform vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pnp
power power supply and reset changes for the v4.16 series 2018-01-31 12:55:31 -08:00
powercap
pps vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ps3
ptp vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pwm
rapidio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ras
regulator regulator: Fix suspend to idle 2018-01-30 12:25:59 +00:00
remoteproc remoteproc updates for v4.16 2018-02-05 10:07:40 -08:00
reset
rpmsg vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
rtc vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
s390 vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
sbus pci-v4.16-changes 2018-02-06 09:59:40 -08:00
scsi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
sfi
sh cpufreq: Add and use cpufreq_for_each_{valid_,}entry_idx() 2018-02-08 10:21:39 +01:00
siox
slimbus
sn
soc ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
soundwire
spi Merge remote-tracking branch 'spi/topic/xilinx' into spi-next 2018-01-26 17:57:34 +00:00
spmi
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git 2018-02-01 10:37:39 +02:00
staging vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2018-02-09 14:49:46 -08:00
tc
tee
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2018-02-06 15:04:58 -08:00
thunderbolt
tty vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
uio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
usb ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() 2018-02-15 18:43:57 +01:00
uwb
vfio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
vhost vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
video Kbuild updates for v4.16 (2nd) 2018-02-09 19:32:41 -08:00
virt vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
virtio virtio_pci: don't kfree device on register failure 2018-02-01 16:26:45 +02:00
visorbus
vlynq
vme
w1 Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
watchdog linux-watchdog 4.16-rc1 merge window tag 2018-02-07 11:54:34 -08:00
xen vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
zorro
Kconfig Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
Makefile pci-v4.16-changes 2018-02-06 09:59:40 -08:00