projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c22eb93)
usblp: poison URBs upon disconnect
authorOliver Neukum <oneukum@suse.com>
Thu, 7 May 2020 08:58:06 +0000 (10:58 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 13 May 2020 12:20:00 +0000 (14:20 +0200)
syzkaller reported an URB that should have been killed to be active.
We do not understand it, but this should fix the issue if it is real.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-by: syzbot+be5b5f86a162a6c281e6@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20200507085806.5793-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/class/usblp.c patch | blob | history

diff --git a/drivers/usb/class/usblp.c b/drivers/usb/class/usblp.c
index 0d8e3f3..084c48c 100644 (file)
--- a/drivers/usb/class/usblp.c
+++ b/drivers/usb/class/usblp.c
@@ -468,7 +468,8 @@ static int usblp_release(struct inode *inode, struct file *file)
        usb_autopm_put_interface(usblp->intf);
 
        if (!usblp->present)            /* finish cleanup from disconnect */
-               usblp_cleanup(usblp);
+               usblp_cleanup(usblp);   /* any URBs must be dead */
+
        mutex_unlock(&usblp_mutex);
        return 0;
 }
@@ -1375,9 +1376,11 @@ static void usblp_disconnect(struct usb_interface *intf)
 
        usblp_unlink_urbs(usblp);
        mutex_unlock(&usblp->mut);
+       usb_poison_anchored_urbs(&usblp->urbs);
 
        if (!usblp->used)
                usblp_cleanup(usblp);
+
        mutex_unlock(&usblp_mutex);
 }
 
Domain: System / Kernel;