* [PATCH v3 0/2] Fix syzkaller bug: hung task in hub_port_init
@ 2021-08-13 18:25 Anirudh Rayabharam
2021-08-13 18:25 ` [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup Anirudh Rayabharam
2021-08-13 18:25 ` [PATCH v3 2/2] usbip: eliminate duplicate code in vhci_device_unlink_cleanup Anirudh Rayabharam
0 siblings, 2 replies; 8+ messages in thread
From: Anirudh Rayabharam @ 2021-08-13 18:25 UTC (permalink / raw)
To: valentina.manea.m, shuah, gregkh
Cc: Anirudh Rayabharam, linux-usb, linux-kernel, linux-kernel-mentees
This series fixes the hung task bug in hub_port_init reported by
syzkaller at:
https://syzkaller.appspot.com/bug?id=08f12df95ae7da69814e64eb5515d5a85ed06b76
The first patch in the series fixes the issue and the second patch does
some refactoring to avoid duplicate code.
Changes in v3:
- Split the patch into two patches
- Remove the convenience wrappers as suggested by Shuah
- Remove the WARN as suggested by Greg
Changes in v2:
Use WARN_ON() instead of BUG() when unlink_list is neither unlink_tx nor
unlink_rx.
v2: https://lore.kernel.org/lkml/20210806181335.2078-1-mail@anirudhrb.com/
v1: https://lore.kernel.org/lkml/20210806164015.25263-1-mail@anirudhrb.com/
Anirudh Rayabharam (2):
usbip: give back URBs for unsent unlink requests during cleanup
usbip: eliminate duplicate code in vhci_device_unlink_cleanup
drivers/usb/usbip/vhci_hcd.c | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
--
2.26.2
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup
2021-08-13 18:25 [PATCH v3 0/2] Fix syzkaller bug: hung task in hub_port_init Anirudh Rayabharam
@ 2021-08-13 18:25 ` Anirudh Rayabharam
2021-08-17 23:16 ` Shuah Khan
2021-08-13 18:25 ` [PATCH v3 2/2] usbip: eliminate duplicate code in vhci_device_unlink_cleanup Anirudh Rayabharam
1 sibling, 1 reply; 8+ messages in thread
From: Anirudh Rayabharam @ 2021-08-13 18:25 UTC (permalink / raw)
To: valentina.manea.m, shuah, gregkh
Cc: Anirudh Rayabharam, linux-usb, linux-kernel,
linux-kernel-mentees, syzbot+74d6ef051d3d2eacf428
In vhci_device_unlink_cleanup(), the URBs for unsent unlink requests are
not given back. This sometimes causes usb_kill_urb to wait indefinitely
for that urb to be given back. syzbot has reported a hung task issue [1]
for this.
To fix this, give back the urbs corresponding to unsent unlink requests
(unlink_tx list) similar to how urbs corresponding to unanswered unlink
requests (unlink_rx list) are given back.
[1]: https://syzkaller.appspot.com/bug?id=08f12df95ae7da69814e64eb5515d5a85ed06b76
Reported-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
Tested-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
---
drivers/usb/usbip/vhci_hcd.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
index 4ba6bcdaa8e9..6f3f374d4bbc 100644
--- a/drivers/usb/usbip/vhci_hcd.c
+++ b/drivers/usb/usbip/vhci_hcd.c
@@ -957,8 +957,34 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
spin_lock(&vdev->priv_lock);
list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) {
+ struct urb *urb;
+
+ /* give back URB of unsent unlink request */
pr_info("unlink cleanup tx %lu\n", unlink->unlink_seqnum);
+
+ urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
+ if (!urb) {
+ pr_info("the urb (seqnum %lu) was already given back\n",
+ unlink->unlink_seqnum);
+ list_del(&unlink->list);
+ kfree(unlink);
+ continue;
+ }
+
+ urb->status = -ENODEV;
+
+ usb_hcd_unlink_urb_from_ep(hcd, urb);
+
list_del(&unlink->list);
+
+ spin_unlock(&vdev->priv_lock);
+ spin_unlock_irqrestore(&vhci->lock, flags);
+
+ usb_hcd_giveback_urb(hcd, urb, urb->status);
+
+ spin_lock_irqsave(&vhci->lock, flags);
+ spin_lock(&vdev->priv_lock);
+
kfree(unlink);
}
--
2.26.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 2/2] usbip: eliminate duplicate code in vhci_device_unlink_cleanup
2021-08-13 18:25 [PATCH v3 0/2] Fix syzkaller bug: hung task in hub_port_init Anirudh Rayabharam
2021-08-13 18:25 ` [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup Anirudh Rayabharam
@ 2021-08-13 18:25 ` Anirudh Rayabharam
1 sibling, 0 replies; 8+ messages in thread
From: Anirudh Rayabharam @ 2021-08-13 18:25 UTC (permalink / raw)
To: valentina.manea.m, shuah, gregkh
Cc: Anirudh Rayabharam, linux-usb, linux-kernel, linux-kernel-mentees
The cleanup code for unlink_tx and unlink_rx lists is almost the same.
So, extract it into a new function and call it for both unlink_rx and
unlink_tx.
Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
---
drivers/usb/usbip/vhci_hcd.c | 57 ++++++++++++------------------------
1 file changed, 18 insertions(+), 39 deletions(-)
diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
index 6f3f374d4bbc..b142508b46ce 100644
--- a/drivers/usb/usbip/vhci_hcd.c
+++ b/drivers/usb/usbip/vhci_hcd.c
@@ -945,7 +945,8 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
return 0;
}
-static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
+static void vhci_cleanup_unlink_list(struct vhci_device *vdev,
+ struct list_head *unlink_list)
{
struct vhci_hcd *vhci_hcd = vdev_to_vhci_hcd(vdev);
struct usb_hcd *hcd = vhci_hcd_to_hcd(vhci_hcd);
@@ -956,46 +957,15 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
spin_lock_irqsave(&vhci->lock, flags);
spin_lock(&vdev->priv_lock);
- list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) {
+ list_for_each_entry_safe(unlink, tmp, unlink_list, list) {
struct urb *urb;
- /* give back urb of unsent unlink request */
- pr_info("unlink cleanup tx %lu\n", unlink->unlink_seqnum);
-
- urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
- if (!urb) {
- pr_info("the urb (seqnum %lu) was already given back\n",
- unlink->unlink_seqnum);
- list_del(&unlink->list);
- kfree(unlink);
- continue;
- }
-
- urb->status = -ENODEV;
-
- usb_hcd_unlink_urb_from_ep(hcd, urb);
-
- list_del(&unlink->list);
-
- spin_unlock(&vdev->priv_lock);
- spin_unlock_irqrestore(&vhci->lock, flags);
-
- usb_hcd_giveback_urb(hcd, urb, urb->status);
-
- spin_lock_irqsave(&vhci->lock, flags);
- spin_lock(&vdev->priv_lock);
-
- kfree(unlink);
- }
-
- while (!list_empty(&vdev->unlink_rx)) {
- struct urb *urb;
-
- unlink = list_first_entry(&vdev->unlink_rx, struct vhci_unlink,
- list);
-
- /* give back URB of unanswered unlink request */
- pr_info("unlink cleanup rx %lu\n", unlink->unlink_seqnum);
+ if (unlink_list == &vdev->unlink_tx)
+ pr_info("unlink cleanup tx %lu\n",
+ unlink->unlink_seqnum);
+ else
+ pr_info("unlink_cleanup rx %lu\n",
+ unlink->unlink_seqnum);
urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
if (!urb) {
@@ -1027,6 +997,15 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
spin_unlock_irqrestore(&vhci->lock, flags);
}
+static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
+{
+ /* give back URB of unsent unlink request */
+ vhci_cleanup_unlink_list(vdev, &vdev->unlink_tx);
+
+ /* give back URB of unanswered unlink request */
+ vhci_cleanup_unlink_list(vdev, &vdev->unlink_rx);
+}
+
/*
* The important thing is that only one context begins cleanup.
* This is why error handling and cleanup become simple.
--
2.26.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup
2021-08-13 18:25 ` [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup Anirudh Rayabharam
@ 2021-08-17 23:16 ` Shuah Khan
2021-08-18 5:39 ` Greg KH
0 siblings, 1 reply; 8+ messages in thread
From: Shuah Khan @ 2021-08-17 23:16 UTC (permalink / raw)
To: Anirudh Rayabharam, valentina.manea.m, shuah, gregkh
Cc: syzbot+74d6ef051d3d2eacf428, linux-kernel-mentees, linux-usb,
linux-kernel, Shuah Khan
On 8/13/21 12:25 PM, Anirudh Rayabharam wrote:
> In vhci_device_unlink_cleanup(), the URBs for unsent unlink requests are
> not given back. This sometimes causes usb_kill_urb to wait indefinitely
> for that urb to be given back. syzbot has reported a hung task issue [1]
> for this.
>
> To fix this, give back the urbs corresponding to unsent unlink requests
> (unlink_tx list) similar to how urbs corresponding to unanswered unlink
> requests (unlink_rx list) are given back.
>
> [1]: https://syzkaller.appspot.com/bug?id=08f12df95ae7da69814e64eb5515d5a85ed06b76
>
> Reported-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
> Tested-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
> Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
> ---
> drivers/usb/usbip/vhci_hcd.c | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
> index 4ba6bcdaa8e9..6f3f374d4bbc 100644
> --- a/drivers/usb/usbip/vhci_hcd.c
> +++ b/drivers/usb/usbip/vhci_hcd.c
> @@ -957,8 +957,34 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
> spin_lock(&vdev->priv_lock);
>
> list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) {
> + struct urb *urb;
> +
> + /* give back URB of unsent unlink request */
> pr_info("unlink cleanup tx %lu\n", unlink->unlink_seqnum);
I know this is an exiting one.
Let's make this pr_debug or remove it all together.
> +
> + urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
> + if (!urb) {
> + pr_info("the urb (seqnum %lu) was already given back\n",
> + unlink->unlink_seqnum);
Let's make this pr_debug or remove it all together.
> + list_del(&unlink->list);
> + kfree(unlink);
> + continue;
> + }
> +
> + urb->status = -ENODEV;
> +
> + usb_hcd_unlink_urb_from_ep(hcd, urb);
> +
> list_del(&unlink->list);
> +
> + spin_unlock(&vdev->priv_lock);
> + spin_unlock_irqrestore(&vhci->lock, flags);
> +
> + usb_hcd_giveback_urb(hcd, urb, urb->status);
> +
> + spin_lock_irqsave(&vhci->lock, flags);
> + spin_lock(&vdev->priv_lock);
> +
> kfree(unlink);
> }
>
>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup
2021-08-17 23:16 ` Shuah Khan
@ 2021-08-18 5:39 ` Greg KH
2021-08-18 18:36 ` Shuah Khan
0 siblings, 1 reply; 8+ messages in thread
From: Greg KH @ 2021-08-18 5:39 UTC (permalink / raw)
To: Shuah Khan
Cc: Anirudh Rayabharam, valentina.manea.m, shuah,
syzbot+74d6ef051d3d2eacf428, linux-kernel-mentees, linux-usb,
linux-kernel
On Tue, Aug 17, 2021 at 05:16:51PM -0600, Shuah Khan wrote:
> On 8/13/21 12:25 PM, Anirudh Rayabharam wrote:
> > In vhci_device_unlink_cleanup(), the URBs for unsent unlink requests are
> > not given back. This sometimes causes usb_kill_urb to wait indefinitely
> > for that urb to be given back. syzbot has reported a hung task issue [1]
> > for this.
> >
> > To fix this, give back the urbs corresponding to unsent unlink requests
> > (unlink_tx list) similar to how urbs corresponding to unanswered unlink
> > requests (unlink_rx list) are given back.
> >
> > [1]: https://syzkaller.appspot.com/bug?id=08f12df95ae7da69814e64eb5515d5a85ed06b76
> >
> > Reported-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
> > Tested-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
> > Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
> > ---
> > drivers/usb/usbip/vhci_hcd.c | 26 ++++++++++++++++++++++++++
> > 1 file changed, 26 insertions(+)
> >
> > diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
> > index 4ba6bcdaa8e9..6f3f374d4bbc 100644
> > --- a/drivers/usb/usbip/vhci_hcd.c
> > +++ b/drivers/usb/usbip/vhci_hcd.c
> > @@ -957,8 +957,34 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
> > spin_lock(&vdev->priv_lock);
> > list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) {
> > + struct urb *urb;
> > +
> > + /* give back URB of unsent unlink request */
> > pr_info("unlink cleanup tx %lu\n", unlink->unlink_seqnum);
>
> I know this is an exiting one.
> Let's make this pr_debug or remove it all together.
>
> > +
> > + urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
> > + if (!urb) {
> > + pr_info("the urb (seqnum %lu) was already given back\n",
> > + unlink->unlink_seqnum);
>
> Let's make this pr_debug or remove it all together.
As you have a struct device for all of these, please use dev_dbg() and
friends, not pr_*(), for all of these.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup
2021-08-18 5:39 ` Greg KH
@ 2021-08-18 18:36 ` Shuah Khan
2021-08-19 18:09 ` Anirudh Rayabharam
0 siblings, 1 reply; 8+ messages in thread
From: Shuah Khan @ 2021-08-18 18:36 UTC (permalink / raw)
To: Greg KH
Cc: Anirudh Rayabharam, valentina.manea.m, shuah,
syzbot+74d6ef051d3d2eacf428, linux-kernel-mentees, linux-usb,
linux-kernel, Shuah Khan
On 8/17/21 11:39 PM, Greg KH wrote:
> On Tue, Aug 17, 2021 at 05:16:51PM -0600, Shuah Khan wrote:
>> On 8/13/21 12:25 PM, Anirudh Rayabharam wrote:
>>> In vhci_device_unlink_cleanup(), the URBs for unsent unlink requests are
>>> not given back. This sometimes causes usb_kill_urb to wait indefinitely
>>> for that urb to be given back. syzbot has reported a hung task issue [1]
>>> for this.
>>>
>>> To fix this, give back the urbs corresponding to unsent unlink requests
>>> (unlink_tx list) similar to how urbs corresponding to unanswered unlink
>>> requests (unlink_rx list) are given back.
>>>
>>> [1]: https://syzkaller.appspot.com/bug?id=08f12df95ae7da69814e64eb5515d5a85ed06b76
>>>
>>> Reported-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
>>> Tested-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
>>> Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
>>> ---
>>> drivers/usb/usbip/vhci_hcd.c | 26 ++++++++++++++++++++++++++
>>> 1 file changed, 26 insertions(+)
>>>
>>> diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
>>> index 4ba6bcdaa8e9..6f3f374d4bbc 100644
>>> --- a/drivers/usb/usbip/vhci_hcd.c
>>> +++ b/drivers/usb/usbip/vhci_hcd.c
>>> @@ -957,8 +957,34 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
>>> spin_lock(&vdev->priv_lock);
>>> list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) {
>>> + struct urb *urb;
>>> +
>>> + /* give back URB of unsent unlink request */
>>> pr_info("unlink cleanup tx %lu\n", unlink->unlink_seqnum);
>>
>> I know this is an exiting one.
>> Let's make this pr_debug or remove it all together.
>>
>>> +
>>> + urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
>>> + if (!urb) {
>>> + pr_info("the urb (seqnum %lu) was already given back\n",
>>> + unlink->unlink_seqnum);
>>
>> Let's make this pr_debug or remove it all together.
>
> As you have a struct device for all of these, please use dev_dbg() and
> friends, not pr_*(), for all of these.
>
Yes. Makes perfect sense.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup
2021-08-18 18:36 ` Shuah Khan
@ 2021-08-19 18:09 ` Anirudh Rayabharam
2021-08-19 18:49 ` Shuah Khan
0 siblings, 1 reply; 8+ messages in thread
From: Anirudh Rayabharam @ 2021-08-19 18:09 UTC (permalink / raw)
To: Shuah Khan
Cc: Greg KH, valentina.manea.m, shuah, syzbot+74d6ef051d3d2eacf428,
linux-kernel-mentees, linux-usb, linux-kernel
On Wed, Aug 18, 2021 at 12:36:11PM -0600, Shuah Khan wrote:
> On 8/17/21 11:39 PM, Greg KH wrote:
> > On Tue, Aug 17, 2021 at 05:16:51PM -0600, Shuah Khan wrote:
> > > On 8/13/21 12:25 PM, Anirudh Rayabharam wrote:
> > > > In vhci_device_unlink_cleanup(), the URBs for unsent unlink requests are
> > > > not given back. This sometimes causes usb_kill_urb to wait indefinitely
> > > > for that urb to be given back. syzbot has reported a hung task issue [1]
> > > > for this.
> > > >
> > > > To fix this, give back the urbs corresponding to unsent unlink requests
> > > > (unlink_tx list) similar to how urbs corresponding to unanswered unlink
> > > > requests (unlink_rx list) are given back.
> > > >
> > > > [1]: https://syzkaller.appspot.com/bug?id=08f12df95ae7da69814e64eb5515d5a85ed06b76
> > > >
> > > > Reported-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
> > > > Tested-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
> > > > Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
> > > > ---
> > > > drivers/usb/usbip/vhci_hcd.c | 26 ++++++++++++++++++++++++++
> > > > 1 file changed, 26 insertions(+)
> > > >
> > > > diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
> > > > index 4ba6bcdaa8e9..6f3f374d4bbc 100644
> > > > --- a/drivers/usb/usbip/vhci_hcd.c
> > > > +++ b/drivers/usb/usbip/vhci_hcd.c
> > > > @@ -957,8 +957,34 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
> > > > spin_lock(&vdev->priv_lock);
> > > > list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) {
> > > > + struct urb *urb;
> > > > +
> > > > + /* give back URB of unsent unlink request */
> > > > pr_info("unlink cleanup tx %lu\n", unlink->unlink_seqnum);
> > >
> > > I know this is an exiting one.
> > > Let's make this pr_debug or remove it all together.
> > >
> > > > +
> > > > + urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
> > > > + if (!urb) {
> > > > + pr_info("the urb (seqnum %lu) was already given back\n",
> > > > + unlink->unlink_seqnum);
> > >
> > > Let's make this pr_debug or remove it all together.
> >
> > As you have a struct device for all of these, please use dev_dbg() and
> > friends, not pr_*(), for all of these.
> >
>
> Yes. Makes perfect sense.
Perhaps we should use usbip_dbg_vhci_hc() instead of dev_dbg()? It is
one of the custom macros defined by the usbip driver for printing debug
logs.
Thanks,
Anirudh
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup
2021-08-19 18:09 ` Anirudh Rayabharam
@ 2021-08-19 18:49 ` Shuah Khan
0 siblings, 0 replies; 8+ messages in thread
From: Shuah Khan @ 2021-08-19 18:49 UTC (permalink / raw)
To: Anirudh Rayabharam
Cc: Greg KH, valentina.manea.m, shuah, syzbot+74d6ef051d3d2eacf428,
linux-kernel-mentees, linux-usb, linux-kernel, Shuah Khan
On 8/19/21 12:09 PM, Anirudh Rayabharam wrote:
> On Wed, Aug 18, 2021 at 12:36:11PM -0600, Shuah Khan wrote:
>> On 8/17/21 11:39 PM, Greg KH wrote:
>>> On Tue, Aug 17, 2021 at 05:16:51PM -0600, Shuah Khan wrote:
>>>> On 8/13/21 12:25 PM, Anirudh Rayabharam wrote:
>>>>> In vhci_device_unlink_cleanup(), the URBs for unsent unlink requests are
>>>>> not given back. This sometimes causes usb_kill_urb to wait indefinitely
>>>>> for that urb to be given back. syzbot has reported a hung task issue [1]
>>>>> for this.
>>>>>
>>>>> To fix this, give back the urbs corresponding to unsent unlink requests
>>>>> (unlink_tx list) similar to how urbs corresponding to unanswered unlink
>>>>> requests (unlink_rx list) are given back.
>>>>>
>>>>> [1]: https://syzkaller.appspot.com/bug?id=08f12df95ae7da69814e64eb5515d5a85ed06b76
>>>>>
>>>>> Reported-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
>>>>> Tested-by: syzbot+74d6ef051d3d2eacf428@syzkaller.appspotmail.com
>>>>> Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
>>>>> ---
>>>>> drivers/usb/usbip/vhci_hcd.c | 26 ++++++++++++++++++++++++++
>>>>> 1 file changed, 26 insertions(+)
>>>>>
>>>>> diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
>>>>> index 4ba6bcdaa8e9..6f3f374d4bbc 100644
>>>>> --- a/drivers/usb/usbip/vhci_hcd.c
>>>>> +++ b/drivers/usb/usbip/vhci_hcd.c
>>>>> @@ -957,8 +957,34 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev)
>>>>> spin_lock(&vdev->priv_lock);
>>>>> list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) {
>>>>> + struct urb *urb;
>>>>> +
>>>>> + /* give back URB of unsent unlink request */
>>>>> pr_info("unlink cleanup tx %lu\n", unlink->unlink_seqnum);
>>>>
>>>> I know this is an exiting one.
>>>> Let's make this pr_debug or remove it all together.
>>>>
>>>>> +
>>>>> + urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
>>>>> + if (!urb) {
>>>>> + pr_info("the urb (seqnum %lu) was already given back\n",
>>>>> + unlink->unlink_seqnum);
>>>>
>>>> Let's make this pr_debug or remove it all together.
>>>
>>> As you have a struct device for all of these, please use dev_dbg() and
>>> friends, not pr_*(), for all of these.
>>>
>>
>> Yes. Makes perfect sense.
>
> Perhaps we should use usbip_dbg_vhci_hc() instead of dev_dbg()? It is
> one of the custom macros defined by the usbip driver for printing debug
> logs.
>
Yes that macro could be used. However, let's just get rid of the messages.
I don't see much use for them.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-08-19 18:49 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-13 18:25 [PATCH v3 0/2] Fix syzkaller bug: hung task in hub_port_init Anirudh Rayabharam
2021-08-13 18:25 ` [PATCH v3 1/2] usbip: give back URBs for unsent unlink requests during cleanup Anirudh Rayabharam
2021-08-17 23:16 ` Shuah Khan
2021-08-18 5:39 ` Greg KH
2021-08-18 18:36 ` Shuah Khan
2021-08-19 18:09 ` Anirudh Rayabharam
2021-08-19 18:49 ` Shuah Khan
2021-08-13 18:25 ` [PATCH v3 2/2] usbip: eliminate duplicate code in vhci_device_unlink_cleanup Anirudh Rayabharam
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).