| From a9e0202ef7ae0d795b4f1eef048844441b48e788 Mon Sep 17 00:00:00 2001 |
| From: Bill Kuzeja <William.Kuzeja@stratus.com> |
| Date: Fri, 4 Oct 2019 14:59:31 +0300 |
| Subject: [PATCH] xhci: Prevent deadlock when xhci adapter breaks during init |
| |
| commit 8de66b0e6a56ff10dd00d2b0f2ae52e300178587 upstream. |
| |
| The system can hit a deadlock if an xhci adapter breaks while initializing. |
| The deadlock is between two threads: thread 1 is tearing down the |
| adapter and is stuck in usb_unlocked_disable_lpm waiting to lock the |
| hcd->handwidth_mutex. Thread 2 is holding this mutex (while still trying |
| to add a usb device), but is stuck in xhci_endpoint_reset waiting for a |
| stop or config command to complete. A reboot is required to resolve. |
| |
| It turns out when calling xhci_queue_stop_endpoint and |
| xhci_queue_configure_endpoint in xhci_endpoint_reset, the return code is |
| not checked for errors. If the timing is right and the adapter dies just |
| before either of these commands get issued, we hang indefinitely waiting |
| for a completion on a command that didn't get issued. |
| |
| This wasn't a problem before the following fix because we didn't send |
| commands in xhci_endpoint_reset: |
| |
| commit f5249461b504 ("xhci: Clear the host side toggle manually when |
| endpoint is soft reset") |
| |
| With the patch I am submitting, a duration test which breaks adapters |
| during initialization (and which deadlocks with the standard kernel) runs |
| without issue. |
| |
| Fixes: f5249461b504 ("xhci: Clear the host side toggle manually when endpoint is soft reset") |
| Cc: <stable@vger.kernel.org> # v4.17+ |
| Cc: Torez Smith <torez@redhat.com> |
| Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com> |
| Signed-off-by: Torez Smith <torez@redhat.com> |
| Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> |
| Link: https://lore.kernel.org/r/1570190373-30684-7-git-send-email-mathias.nyman@linux.intel.com |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c |
| index bd4ff775a7e7..c35688bb1b9c 100644 |
| --- a/drivers/usb/host/xhci.c |
| +++ b/drivers/usb/host/xhci.c |
| @@ -3095,6 +3095,7 @@ static void xhci_endpoint_reset(struct usb_hcd *hcd, |
| unsigned int ep_index; |
| unsigned long flags; |
| u32 ep_flag; |
| + int err; |
| |
| xhci = hcd_to_xhci(hcd); |
| if (!host_ep->hcpriv) |
| @@ -3144,7 +3145,17 @@ static void xhci_endpoint_reset(struct usb_hcd *hcd, |
| xhci_free_command(xhci, cfg_cmd); |
| goto cleanup; |
| } |
| - xhci_queue_stop_endpoint(xhci, stop_cmd, udev->slot_id, ep_index, 0); |
| + |
| + err = xhci_queue_stop_endpoint(xhci, stop_cmd, udev->slot_id, |
| + ep_index, 0); |
| + if (err < 0) { |
| + spin_unlock_irqrestore(&xhci->lock, flags); |
| + xhci_free_command(xhci, cfg_cmd); |
| + xhci_dbg(xhci, "%s: Failed to queue stop ep command, %d ", |
| + __func__, err); |
| + goto cleanup; |
| + } |
| + |
| xhci_ring_cmd_db(xhci); |
| spin_unlock_irqrestore(&xhci->lock, flags); |
| |
| @@ -3158,8 +3169,16 @@ static void xhci_endpoint_reset(struct usb_hcd *hcd, |
| ctrl_ctx, ep_flag, ep_flag); |
| xhci_endpoint_copy(xhci, cfg_cmd->in_ctx, vdev->out_ctx, ep_index); |
| |
| - xhci_queue_configure_endpoint(xhci, cfg_cmd, cfg_cmd->in_ctx->dma, |
| + err = xhci_queue_configure_endpoint(xhci, cfg_cmd, cfg_cmd->in_ctx->dma, |
| udev->slot_id, false); |
| + if (err < 0) { |
| + spin_unlock_irqrestore(&xhci->lock, flags); |
| + xhci_free_command(xhci, cfg_cmd); |
| + xhci_dbg(xhci, "%s: Failed to queue config ep command, %d ", |
| + __func__, err); |
| + goto cleanup; |
| + } |
| + |
| xhci_ring_cmd_db(xhci); |
| spin_unlock_irqrestore(&xhci->lock, flags); |
| |
| -- |
| 2.7.4 |
| |
