[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <72e48343-f87e-5fed-809c-41995197019e@gmail.com>
Date: Sat, 23 Jan 2021 19:41:48 +0300
From: Sergei Shtylyov <sergei.shtylyov@...il.com>
To: Paul Cercueil <paul@...pouillou.net>, Bin Liu <b-liu@...com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Tony Lindgren <tony@...mide.com>, od@...c.me,
linux-mips@...r.kernel.org, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [RE-RESEND PATCH 1/4] usb: musb: Fix runtime PM race in
musb_queue_resume_work
On 1/23/21 5:24 PM, Paul Cercueil wrote:
> musb_queue_resume_work() would call the provided callback if the runtime
> PM status was 'active'. Otherwise, it would enqueue the request if the
> hardware was still suspended (musb->is_runtime_suspended is true).
>
> This causes a race with the runtime PM handlers, as it is possible to be
> in the case where the runtime PM status is not yet 'active', but the
> hardware has been awaken (PM resume function has been called).
Awakened. :-)
> When hitting the race, the resume work was not enqueued, which probably
> triggered other bugs further down the stack. For instance, a telnet
> connection on Ingenic SoCs would result in a 50/50 chance of a
> segmentation fault somewhere in the musb code.
>
> Rework the code so that either we call the callback directly if
> (musb->is_runtime_suspended == 0), or enqueue the query otherwise.
>
> Fixes: ea2f35c01d5e ("usb: musb: Fix sleeping function called from invalid context for hdrc glue")
> Cc: stable@...r.kernel.org # v4.9+
> Signed-off-by: Paul Cercueil <paul@...pouillou.net>
> Reviewed-by: Tony Lindgren <tony@...mide.com>
> Tested-by: Tony Lindgren <tony@...mide.com>
[...]
MBR, Sergei
Powered by blists - more mailing lists