Commit 04e90683 authored by Oliver Neukum's avatar Oliver Neukum Committed by Paolo Abeni

usbnet: fix cyclical race on disconnect with work queue

The work can submit URBs and the URBs can schedule the work.
This cycle needs to be broken, when a device is to be stopped.
Use a flag to do so.
This is a design issue as old as the driver.
Signed-off-by: default avatarOliver Neukum <oneukum@suse.com>
Fixes: 1da177e4 ("Linux-2.6.12-rc2")
CC: stable@vger.kernel.org
Link: https://patch.msgid.link/20240919123525.688065-1-oneukum@suse.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent b514c47e
...@@ -464,10 +464,15 @@ static enum skb_state defer_bh(struct usbnet *dev, struct sk_buff *skb, ...@@ -464,10 +464,15 @@ static enum skb_state defer_bh(struct usbnet *dev, struct sk_buff *skb,
void usbnet_defer_kevent (struct usbnet *dev, int work) void usbnet_defer_kevent (struct usbnet *dev, int work)
{ {
set_bit (work, &dev->flags); set_bit (work, &dev->flags);
if (!schedule_work (&dev->kevent)) if (!usbnet_going_away(dev)) {
netdev_dbg(dev->net, "kevent %s may have been dropped\n", usbnet_event_names[work]); if (!schedule_work(&dev->kevent))
else netdev_dbg(dev->net,
netdev_dbg(dev->net, "kevent %s scheduled\n", usbnet_event_names[work]); "kevent %s may have been dropped\n",
usbnet_event_names[work]);
else
netdev_dbg(dev->net,
"kevent %s scheduled\n", usbnet_event_names[work]);
}
} }
EXPORT_SYMBOL_GPL(usbnet_defer_kevent); EXPORT_SYMBOL_GPL(usbnet_defer_kevent);
...@@ -535,7 +540,8 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) ...@@ -535,7 +540,8 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags)
tasklet_schedule (&dev->bh); tasklet_schedule (&dev->bh);
break; break;
case 0: case 0:
__usbnet_queue_skb(&dev->rxq, skb, rx_start); if (!usbnet_going_away(dev))
__usbnet_queue_skb(&dev->rxq, skb, rx_start);
} }
} else { } else {
netif_dbg(dev, ifdown, dev->net, "rx: stopped\n"); netif_dbg(dev, ifdown, dev->net, "rx: stopped\n");
...@@ -843,9 +849,18 @@ int usbnet_stop (struct net_device *net) ...@@ -843,9 +849,18 @@ int usbnet_stop (struct net_device *net)
/* deferred work (timer, softirq, task) must also stop */ /* deferred work (timer, softirq, task) must also stop */
dev->flags = 0; dev->flags = 0;
del_timer_sync (&dev->delay); del_timer_sync(&dev->delay);
tasklet_kill (&dev->bh); tasklet_kill(&dev->bh);
cancel_work_sync(&dev->kevent); cancel_work_sync(&dev->kevent);
/* We have cyclic dependencies. Those calls are needed
* to break a cycle. We cannot fall into the gaps because
* we have a flag
*/
tasklet_kill(&dev->bh);
del_timer_sync(&dev->delay);
cancel_work_sync(&dev->kevent);
if (!pm) if (!pm)
usb_autopm_put_interface(dev->intf); usb_autopm_put_interface(dev->intf);
...@@ -1171,7 +1186,8 @@ usbnet_deferred_kevent (struct work_struct *work) ...@@ -1171,7 +1186,8 @@ usbnet_deferred_kevent (struct work_struct *work)
status); status);
} else { } else {
clear_bit (EVENT_RX_HALT, &dev->flags); clear_bit (EVENT_RX_HALT, &dev->flags);
tasklet_schedule (&dev->bh); if (!usbnet_going_away(dev))
tasklet_schedule(&dev->bh);
} }
} }
...@@ -1196,7 +1212,8 @@ usbnet_deferred_kevent (struct work_struct *work) ...@@ -1196,7 +1212,8 @@ usbnet_deferred_kevent (struct work_struct *work)
usb_autopm_put_interface(dev->intf); usb_autopm_put_interface(dev->intf);
fail_lowmem: fail_lowmem:
if (resched) if (resched)
tasklet_schedule (&dev->bh); if (!usbnet_going_away(dev))
tasklet_schedule(&dev->bh);
} }
} }
...@@ -1559,6 +1576,7 @@ static void usbnet_bh (struct timer_list *t) ...@@ -1559,6 +1576,7 @@ static void usbnet_bh (struct timer_list *t)
} else if (netif_running (dev->net) && } else if (netif_running (dev->net) &&
netif_device_present (dev->net) && netif_device_present (dev->net) &&
netif_carrier_ok(dev->net) && netif_carrier_ok(dev->net) &&
!usbnet_going_away(dev) &&
!timer_pending(&dev->delay) && !timer_pending(&dev->delay) &&
!test_bit(EVENT_RX_PAUSED, &dev->flags) && !test_bit(EVENT_RX_PAUSED, &dev->flags) &&
!test_bit(EVENT_RX_HALT, &dev->flags)) { !test_bit(EVENT_RX_HALT, &dev->flags)) {
...@@ -1606,6 +1624,7 @@ void usbnet_disconnect (struct usb_interface *intf) ...@@ -1606,6 +1624,7 @@ void usbnet_disconnect (struct usb_interface *intf)
usb_set_intfdata(intf, NULL); usb_set_intfdata(intf, NULL);
if (!dev) if (!dev)
return; return;
usbnet_mark_going_away(dev);
xdev = interface_to_usbdev (intf); xdev = interface_to_usbdev (intf);
......
...@@ -76,8 +76,23 @@ struct usbnet { ...@@ -76,8 +76,23 @@ struct usbnet {
# define EVENT_LINK_CHANGE 11 # define EVENT_LINK_CHANGE 11
# define EVENT_SET_RX_MODE 12 # define EVENT_SET_RX_MODE 12
# define EVENT_NO_IP_ALIGN 13 # define EVENT_NO_IP_ALIGN 13
/* This one is special, as it indicates that the device is going away
* there are cyclic dependencies between tasklet, timer and bh
* that must be broken
*/
# define EVENT_UNPLUG 31
}; };
static inline bool usbnet_going_away(struct usbnet *ubn)
{
return test_bit(EVENT_UNPLUG, &ubn->flags);
}
static inline void usbnet_mark_going_away(struct usbnet *ubn)
{
set_bit(EVENT_UNPLUG, &ubn->flags);
}
static inline struct usb_driver *driver_of(struct usb_interface *intf) static inline struct usb_driver *driver_of(struct usb_interface *intf)
{ {
return to_usb_driver(intf->dev.driver); return to_usb_driver(intf->dev.driver);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment