Message ID | 20231102071138.828126-1-piyush.mehta@amd.com |
---|---|
State | Superseded |
Headers | show |
Series | usb: gadget: uvc_video: unlock before submitting a request to ep | expand |
Hello! On 11/2/23 10:11 AM, Piyush Mehta wrote: > There could be chances where the usb_ep_queue() could fail and trigger > complete() handler with error status. In this case, if usb_ep_queue() > is called with lock held and the triggered complete() handler is waiting > for the same lock to be cleared could result in a deadlock situation and > could result in system hang. To aviod this scenerio, call usb_ep_queue() Scenario. :-) > with lock removed. This patch does the same. The last sentence is hardly needed. > Signed-off-by: Piyush Mehta <piyush.mehta@amd.com> > --- > drivers/usb/gadget/function/uvc_video.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/usb/gadget/function/uvc_video.c b/drivers/usb/gadget/function/uvc_video.c > index 91af3b1ef0d4..0a5d9ac145e7 100644 > --- a/drivers/usb/gadget/function/uvc_video.c > +++ b/drivers/usb/gadget/function/uvc_video.c > @@ -460,11 +460,12 @@ static void uvcg_video_pump(struct work_struct *work) > req->no_interrupt = 1; > } > > - /* Queue the USB request */ > - ret = uvcg_video_ep_queue(video, req); > spin_unlock_irqrestore(&queue->irqlock, flags); > > + /* Queue the USB request */ > + ret = uvcg_video_ep_queue(video, req); > if (ret < 0) { > + usb_ep_set_halt(video->ep); Hm, you don't say anything about this change in the patch description... [...] MBR, Sergey
diff --git a/drivers/usb/gadget/function/uvc_video.c b/drivers/usb/gadget/function/uvc_video.c index 91af3b1ef0d4..0a5d9ac145e7 100644 --- a/drivers/usb/gadget/function/uvc_video.c +++ b/drivers/usb/gadget/function/uvc_video.c @@ -460,11 +460,12 @@ static void uvcg_video_pump(struct work_struct *work) req->no_interrupt = 1; } - /* Queue the USB request */ - ret = uvcg_video_ep_queue(video, req); spin_unlock_irqrestore(&queue->irqlock, flags); + /* Queue the USB request */ + ret = uvcg_video_ep_queue(video, req); if (ret < 0) { + usb_ep_set_halt(video->ep); uvcg_queue_cancel(queue, 0); break; }
There could be chances where the usb_ep_queue() could fail and trigger complete() handler with error status. In this case, if usb_ep_queue() is called with lock held and the triggered complete() handler is waiting for the same lock to be cleared could result in a deadlock situation and could result in system hang. To aviod this scenerio, call usb_ep_queue() with lock removed. This patch does the same. Signed-off-by: Piyush Mehta <piyush.mehta@amd.com> --- drivers/usb/gadget/function/uvc_video.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)