From a8edc42a11e1d7b7e158d4026670fd83854dfcc2 Mon Sep 17 00:00:00 2001
From: David Daney <david.daney@cavium.com>
Date: Thu, 22 Mar 2012 14:01:07 -0700
Subject: usb: Put USB Kconfig items back under USB.
commit 53c6bc24fdc8db87109a5760579cbb060fa644cf (usb: Don't make
USB_ARCH_HAS_{XHCI,OHCI,EHCI} depend on USB_SUPPORT.) Removed the
dependency of the USB_ARCH_HAS_* symbols on USB_SUPPORT. However the
resulting Kconfig somehow caused many of the USB configuration items
to appear under the top level devices menu.
To fix this we reunite the 'menuconfig USB_SUPPORT' with the 'if
USB_SUPPORT', and the config items magically go back to their desired
location.
Reported-by: Julian Wollrath <jwollrath@web.de>
Reported-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Reported-by: Borislav Petkov <bp@alien8.de>
Reported-by: Rupesh Gujare <rgujare@ozmodevices.com>
Reported-by: Feng King <ronyjin@tencent.com>
Reported-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: David Daney <david.daney@cavium.com>
Tested-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/Kconfig | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
(limited to 'drivers/usb')
diff --git a/drivers/usb/Kconfig b/drivers/usb/Kconfig
index cbd8f5f8059..76316a33061 100644
--- a/drivers/usb/Kconfig
+++ b/drivers/usb/Kconfig
@@ -2,14 +2,6 @@
# USB device configuration
#
-menuconfig USB_SUPPORT
- bool "USB support"
- depends on HAS_IOMEM
- default y
- ---help---
- This option adds core support for Universal Serial Bus (USB).
- You will also need drivers from the following menu to make use of it.
-
# many non-PCI SOC chips embed OHCI
config USB_ARCH_HAS_OHCI
boolean
@@ -63,6 +55,14 @@ config USB_ARCH_HAS_XHCI
boolean
default PCI
+menuconfig USB_SUPPORT
+ bool "USB support"
+ depends on HAS_IOMEM
+ default y
+ ---help---
+ This option adds core support for Universal Serial Bus (USB).
+ You will also need drivers from the following menu to make use of it.
+
if USB_SUPPORT
config USB_COMMON
--
cgit v1.2.3-70-g09d2
From c825bab0cef8b90bab8b63eb5686b8c8eb22e798 Mon Sep 17 00:00:00 2001
From: Ming Lei <tom.leiming@gmail.com>
Date: Mon, 19 Mar 2012 15:20:57 +0800
Subject: usb: storage: fix lockdep warning inside usb_stor_pre_reset(v2)
This patch fixes one lockdep warning[1] inside usb_stor_pre_reset.
If the current configuration includes multiple mass storage interfaces,
the 'AA' lockdep warning will be triggered since the lock class of
'us->dev_mutex' is acquired two times in .reset path. It isn't
a real deadlock, so just take the lockdep_set_class annotation to
remove the warning.
[1], lockdep warning log
:[ INFO: possible recursive locking detected ]
:3.3.0-0.rc5.git3.1.fc17.x86_64 #1 Tainted: G W
:---------------------------------------------
:usb-storage/14846 is trying to acquire lock:
: (&(us->dev_mutex)){+.+.+.}, at: [<ffffffffa0481c0c>] usb_stor_pre_reset+0x1c/0x20 [usb_storage]
:but task is already holding lock:
: (&(us->dev_mutex)){+.+.+.}, at: [<ffffffffa0481c0c>] usb_stor_pre_reset+0x1c/0x20 [usb_storage]
:other info that might help us debug this:
: Possible unsafe locking scenario:
: CPU0
: ----
: lock(&(us->dev_mutex));
: lock(&(us->dev_mutex));
: *** DEADLOCK ***
: May be due to missing lock nesting notation
:2 locks held by usb-storage/14846:
: #0: (&__lockdep_no_validate__){......}, at: [<ffffffff8147e6a5>] usb_lock_device_for_reset+0x95/0x100
: #1: (&(us->dev_mutex)){+.+.+.}, at: [<ffffffffa0481c0c>] usb_stor_pre_reset+0x1c/0x20 [usb_storage]
:stack backtrace:
:Pid: 14846, comm: usb-storage Tainted: G W 3.3.0-0.rc5.git3.1.fc17.x86_64 #1
:Call Trace:
: [<ffffffff810cbdaf>] __lock_acquire+0x168f/0x1bb0
: [<ffffffff81021083>] ? native_sched_clock+0x13/0x80
: [<ffffffff810210f9>] ? sched_clock+0x9/0x10
: [<ffffffff810210f9>] ? sched_clock+0x9/0x10
: [<ffffffff810a2975>] ? sched_clock_local+0x25/0xa0
: [<ffffffff810cc9a1>] lock_acquire+0xa1/0x1e0
: [<ffffffffa0481c0c>] ? usb_stor_pre_reset+0x1c/0x20 [usb_storage]
: [<ffffffff81699c86>] mutex_lock_nested+0x76/0x3a0
: [<ffffffffa0481c0c>] ? usb_stor_pre_reset+0x1c/0x20 [usb_storage]
: [<ffffffffa0481c0c>] ? usb_stor_pre_reset+0x1c/0x20 [usb_storage]
: [<ffffffffa0481c0c>] usb_stor_pre_reset+0x1c/0x20 [usb_storage]
: [<ffffffff8148184d>] usb_reset_device+0x7d/0x190
: [<ffffffffa048119c>] usb_stor_port_reset+0x7c/0x80 [usb_storage]
: [<ffffffffa0481234>] usb_stor_invoke_transport+0x94/0x560 [usb_storage]
: [<ffffffff810cd3b2>] ? mark_held_locks+0xb2/0x130
: [<ffffffff8169dbd0>] ? _raw_spin_unlock_irq+0x30/0x50
: [<ffffffffa047fe3e>] usb_stor_transparent_scsi_command+0xe/0x10 [usb_storage]
: [<ffffffffa0481ae3>] usb_stor_control_thread+0x173/0x280 [usb_storage]
: [<ffffffffa0481970>] ? fill_inquiry_response+0x20/0x20 [usb_storage]
: [<ffffffff8108a3f7>] kthread+0xb7/0xc0
: [<ffffffff816a7d34>] kernel_thread_helper+0x4/0x10
: [<ffffffff8169e0f4>] ? retint_restore_args+0x13/0x13
: [<ffffffff8108a340>] ? kthread_worker_fn+0x1a0/0x1a0
: [<ffffffff816a7d30>] ? gs_change+0x13/0x13
Reported-By: Dave Jones <davej@redhat.com>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/usb.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
(limited to 'drivers/usb')
diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c
index c18538e4a6d..2653e73db62 100644
--- a/drivers/usb/storage/usb.c
+++ b/drivers/usb/storage/usb.c
@@ -132,6 +132,35 @@ static struct us_unusual_dev for_dynamic_ids =
#undef COMPLIANT_DEV
#undef USUAL_DEV
+#ifdef CONFIG_LOCKDEP
+
+static struct lock_class_key us_interface_key[USB_MAXINTERFACES];
+
+static void us_set_lock_class(struct mutex *mutex,
+ struct usb_interface *intf)
+{
+ struct usb_device *udev = interface_to_usbdev(intf);
+ struct usb_host_config *config = udev->actconfig;
+ int i;
+
+ for (i = 0; i < config->desc.bNumInterfaces; i++) {
+ if (config->interface[i] == intf)
+ break;
+ }
+
+ BUG_ON(i == config->desc.bNumInterfaces);
+
+ lockdep_set_class(mutex, &us_interface_key[i]);
+}
+
+#else
+
+static void us_set_lock_class(struct mutex *mutex,
+ struct usb_interface *intf)
+{
+}
+
+#endif
#ifdef CONFIG_PM /* Minimal support for suspend and resume */
@@ -895,6 +924,7 @@ int usb_stor_probe1(struct us_data **pus,
*pus = us = host_to_us(host);
memset(us, 0, sizeof(struct us_data));
mutex_init(&(us->dev_mutex));
+ us_set_lock_class(&us->dev_mutex, intf);
init_completion(&us->cmnd_ready);
init_completion(&(us->notify));
init_waitqueue_head(&us->delay_wait);
--
cgit v1.2.3-70-g09d2
From bcf398537630bf20b4dbe59ba855b69f404c93cf Mon Sep 17 00:00:00 2001
From: Alan Stern <stern@rowland.harvard.edu>
Date: Thu, 22 Mar 2012 11:00:21 -0400
Subject: USB: don't clear urb->dev in scatter-gather library
This patch (as1517b) fixes an error in the USB scatter-gather library.
The library code uses urb->dev to determine whether or nor an URB is
currently active; the completion handler sets urb->dev to NULL.
However the core unlinking routines need to use urb->dev. Since
unlinking always racing with completion, the completion handler must
not clear urb->dev -- it can lead to invalid memory accesses when a
transfer has to be cancelled.
This patch fixes the problem by getting rid of the lines that clear
urb->dev after urb has been submitted. As a result we may end up
trying to unlink an URB that failed in submission or that has already
completed, so an extra check is added after each unlink to avoid
printing an error message when this happens. The checks are updated
in both sg_complete() and sg_cancel(), and the second is updated to
match the first (currently it prints out unnecessary warning messages
if a device is unplugged while a transfer is in progress).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: Illia Zaitsev <I.Zaitsev@adbglobal.com>
CC: Ming Lei <tom.leiming@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/message.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
(limited to 'drivers/usb')
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index b3bdfede45e..aed3e07942d 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -308,7 +308,8 @@ static void sg_complete(struct urb *urb)
retval = usb_unlink_urb(io->urbs [i]);
if (retval != -EINPROGRESS &&
retval != -ENODEV &&
- retval != -EBUSY)
+ retval != -EBUSY &&
+ retval != -EIDRM)
dev_err(&io->dev->dev,
"%s, unlink --> %d\n",
__func__, retval);
@@ -317,7 +318,6 @@ static void sg_complete(struct urb *urb)
}
spin_lock(&io->lock);
}
- urb->dev = NULL;
/* on the last completion, signal usb_sg_wait() */
io->bytes += urb->actual_length;
@@ -524,7 +524,6 @@ void usb_sg_wait(struct usb_sg_request *io)
case -ENXIO: /* hc didn't queue this one */
case -EAGAIN:
case -ENOMEM:
- io->urbs[i]->dev = NULL;
retval = 0;
yield();
break;
@@ -542,7 +541,6 @@ void usb_sg_wait(struct usb_sg_request *io)
/* fail any uncompleted urbs */
default:
- io->urbs[i]->dev = NULL;
io->urbs[i]->status = retval;
dev_dbg(&io->dev->dev, "%s, submit --> %d\n",
__func__, retval);
@@ -593,7 +591,10 @@ void usb_sg_cancel(struct usb_sg_request *io)
if (!io->urbs [i]->dev)
continue;
retval = usb_unlink_urb(io->urbs [i]);
- if (retval != -EINPROGRESS && retval != -EBUSY)
+ if (retval != -EINPROGRESS
+ && retval != -ENODEV
+ && retval != -EBUSY
+ && retval != -EIDRM)
dev_warn(&io->dev->dev, "%s, unlink --> %d\n",
__func__, retval);
}
--
cgit v1.2.3-70-g09d2
From da8bfb090c2b30af9f3879443355f7eb1d0fe10a Mon Sep 17 00:00:00 2001
From: Alan Stern <stern@rowland.harvard.edu>
Date: Wed, 28 Mar 2012 16:13:28 -0400
Subject: USB documentation: explain lifetime rules for unlinking URBs
This patch (as1534c) updates the documentation for usb_unlink_urb and
related functions. It explains that the caller must prevent the URB
being unlinked from getting deallocated while the unlink is taking
place.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/usb/URB.txt | 22 ++++++++++++++++++++++
drivers/usb/core/urb.c | 12 ++++++++++++
2 files changed, 34 insertions(+)
(limited to 'drivers/usb')
diff --git a/Documentation/usb/URB.txt b/Documentation/usb/URB.txt
index 8ffce746d49..00d2c644068 100644
--- a/Documentation/usb/URB.txt
+++ b/Documentation/usb/URB.txt
@@ -168,6 +168,28 @@ that if the completion handler or anyone else tries to resubmit it
they will get a -EPERM error. Thus you can be sure that when
usb_kill_urb() returns, the URB is totally idle.
+There is a lifetime issue to consider. An URB may complete at any
+time, and the completion handler may free the URB. If this happens
+while usb_unlink_urb or usb_kill_urb is running, it will cause a
+memory-access violation. The driver is responsible for avoiding this,
+which often means some sort of lock will be needed to prevent the URB
+from being deallocated while it is still in use.
+
+On the other hand, since usb_unlink_urb may end up calling the
+completion handler, the handler must not take any lock that is held
+when usb_unlink_urb is invoked. The general solution to this problem
+is to increment the URB's reference count while holding the lock, then
+drop the lock and call usb_unlink_urb or usb_kill_urb, and then
+decrement the URB's reference count. You increment the reference
+count by calling
+
+ struct urb *usb_get_urb(struct urb *urb)
+
+(ignore the return value; it is the same as the argument) and
+decrement the reference count by calling usb_free_urb. Of course,
+none of this is necessary if there's no danger of the URB being freed
+by the completion handler.
+
1.7. What about the completion handler?
diff --git a/drivers/usb/core/urb.c b/drivers/usb/core/urb.c
index 7239a73c1b8..cd9b3a2cd8a 100644
--- a/drivers/usb/core/urb.c
+++ b/drivers/usb/core/urb.c
@@ -539,6 +539,10 @@ EXPORT_SYMBOL_GPL(usb_submit_urb);
* never submitted, or it was unlinked before, or the hardware is already
* finished with it), even if the completion handler has not yet run.
*
+ * The URB must not be deallocated while this routine is running. In
+ * particular, when a driver calls this routine, it must insure that the
+ * completion handler cannot deallocate the URB.
+ *
* Unlinking and Endpoint Queues:
*
* [The behaviors and guarantees described below do not apply to virtual
@@ -603,6 +607,10 @@ EXPORT_SYMBOL_GPL(usb_unlink_urb);
* with error -EPERM. Thus even if the URB's completion handler always
* tries to resubmit, it will not succeed and the URB will become idle.
*
+ * The URB must not be deallocated while this routine is running. In
+ * particular, when a driver calls this routine, it must insure that the
+ * completion handler cannot deallocate the URB.
+ *
* This routine may not be used in an interrupt context (such as a bottom
* half or a completion handler), or when holding a spinlock, or in other
* situations where the caller can't schedule().
@@ -640,6 +648,10 @@ EXPORT_SYMBOL_GPL(usb_kill_urb);
* with error -EPERM. Thus even if the URB's completion handler always
* tries to resubmit, it will not succeed and the URB will become idle.
*
+ * The URB must not be deallocated while this routine is running. In
+ * particular, when a driver calls this routine, it must insure that the
+ * completion handler cannot deallocate the URB.
+ *
* This routine may not be used in an interrupt context (such as a bottom
* half or a completion handler), or when holding a spinlock, or in other
* situations where the caller can't schedule().
--
cgit v1.2.3-70-g09d2
From a2457ee691edeffb511dbff9a69008f480192197 Mon Sep 17 00:00:00 2001
From: Michael BRIGHT <mjbrightfr@gmail.com>
Date: Thu, 22 Mar 2012 18:42:52 +0100
Subject: USB: remove compile warning on gadget/inode.c
Removed unused "restart:" label, which was causing compiler warning.
Signed-off-by: Michael BRIGHT <mjbrightfr+git-kernel@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/inode.c | 1 -
1 file changed, 1 deletion(-)
(limited to 'drivers/usb')
diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c
index 8793f32bab1..e58b1644297 100644
--- a/drivers/usb/gadget/inode.c
+++ b/drivers/usb/gadget/inode.c
@@ -1574,7 +1574,6 @@ static void destroy_ep_files (struct dev_data *dev)
DBG (dev, "%s %d\n", __func__, dev->state);
/* dev->state must prevent interference */
-restart:
spin_lock_irq (&dev->lock);
while (!list_empty(&dev->epfiles)) {
struct ep_data *ep;
--
cgit v1.2.3-70-g09d2