mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-18 00:24:39 +00:00
bcf3985376
This patch (as1517b) fixes an error in the USB scatter-gather library. The library code uses urb->dev to determine whether or nor an URB is currently active; the completion handler sets urb->dev to NULL. However the core unlinking routines need to use urb->dev. Since unlinking always racing with completion, the completion handler must not clear urb->dev -- it can lead to invalid memory accesses when a transfer has to be cancelled. This patch fixes the problem by getting rid of the lines that clear urb->dev after urb has been submitted. As a result we may end up trying to unlink an URB that failed in submission or that has already completed, so an extra check is added after each unlink to avoid printing an error message when this happens. The checks are updated in both sg_complete() and sg_cancel(), and the second is updated to match the first (currently it prints out unnecessary warning messages if a device is unplugged while a transfer is in progress). Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-and-tested-by: Illia Zaitsev <I.Zaitsev@adbglobal.com> CC: Ming Lei <tom.leiming@gmail.com> CC: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| buffer.c | ||
| config.c | ||
| devices.c | ||
| devio.c | ||
| driver.c | ||
| endpoint.c | ||
| file.c | ||
| generic.c | ||
| hcd-pci.c | ||
| hcd.c | ||
| hub.c | ||
| inode.c | ||
| Kconfig | ||
| Makefile | ||
| message.c | ||
| notify.c | ||
| otg_whitelist.h | ||
| quirks.c | ||
| sysfs.c | ||
| urb.c | ||
| usb.c | ||
| usb.h | ||