Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25a232e4 authored by Udipto Goswami's avatar Udipto Goswami
Browse files

usb: f_qdss: Avoid wait_for_completion if qdss_disable is called 



Commit 3741fb2c ("coresight: byte-cntr: Free USB requests when
disconnected") introduced a regression which leads qdss_disable &
qdss_close paths to race between them.
If qdss_disable path is processing, it would queue disconnect_work
which will notify the bypass notifier of USB_DISCONNECT and it will
call free_req. Within same time frame if qdss_close is called,
it will try to go ahead dequeue the request and wait_for_completion.
But since free_req got called, it will free the qreq instance which
wait_for_completion uses resulting in kernel panic.

Fix this by checking for ep_dequeue status if dequeue was success
then only wait_for_completion. Also taking the list operation under
qdss->lock in order to avoid any races between qdss_write as well.

Change-Id: I7bf9eab4296a509f5b459fa7768987c4a1f1287f
Signed-off-by: default avatarUdipto Goswami <ugoswami@codeaurora.org>
parent 9ddceddf

drivers/usb/gadget/function/f_qdss.c

+7 −3
Original line number Diff line number Diff line
@@ -2,7 +2,7 @@ 
/*

 * f_qdss.c -- QDSS function Driver

 *

 * Copyright (c) 2012-2020, The Linux Foundation. All rights reserved.

 * Copyright (c) 2012-2021, The Linux Foundation. All rights reserved.

 */



#include <linux/init.h>
@@ -899,16 +899,20 @@ void usb_qdss_close(struct usb_qdss_ch *ch) 
	qdss_log("channel:%s\n", ch->name);

	qdss = ch->priv_usb;

	qdss->qdss_close = true;

	spin_lock(&qdss->lock);

	while (!list_empty(&qdss->queued_data_pool)) {

		qreq = list_first_entry(&qdss->queued_data_pool,

				struct qdss_req, list);

		spin_unlock(&qdss->lock);

		spin_unlock_irqrestore(&channel_lock, flags);

		qdss_log("dequeue req:%pK\n", qreq->usb_req);

		usb_ep_dequeue(qdss->port.data, qreq->usb_req);

		if (!usb_ep_dequeue(qdss->port.data, qreq->usb_req))

			wait_for_completion(&qreq->write_done);

		spin_lock_irqsave(&channel_lock, flags);

		spin_lock(&qdss->lock);

	}



	spin_unlock(&qdss->lock);

	spin_unlock_irqrestore(&channel_lock, flags);

	usb_qdss_free_req(ch);

	spin_lock_irqsave(&channel_lock, flags);