From: Alan Stern Date: Tue, 13 Mar 2007 15:10:52 +0000 (-0400) Subject: USB: fix race in HCD removal X-Git-Tag: firefly_0821_release~30267^2~61 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=1b42ae6d4355328dc4406b6f0188adcf8c566435;p=firefly-linux-kernel-4.4.55.git USB: fix race in HCD removal This patch (as865) fixes a race in the HCD removal code discovered by Milan Plzik. Arrival of an interrupt after the root hub was unregistered could cause the root-hub status timer to start up, even after it was supposed to have been shut down. The problem is fixed by moving the del_timer_sync() call to after the HCD's stop() method, at which time IRQ generation should be disabled. Cc: Milan Plzik Signed-off-by: Alan Stern Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index b26c19e8d19f..af7aed11398b 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -544,6 +544,8 @@ void usb_hcd_poll_rh_status(struct usb_hcd *hcd) unsigned long flags; char buffer[4]; /* Any root hubs with > 31 ports? */ + if (unlikely(!hcd->rh_registered)) + return; if (!hcd->uses_new_polling && !hcd->status_urb) return; @@ -1670,12 +1672,12 @@ void usb_remove_hcd(struct usb_hcd *hcd) usb_disconnect(&hcd->self.root_hub); mutex_unlock(&usb_bus_list_lock); - hcd->poll_rh = 0; - del_timer_sync(&hcd->rh_timer); - hcd->driver->stop(hcd); hcd->state = HC_STATE_HALT; + hcd->poll_rh = 0; + del_timer_sync(&hcd->rh_timer); + if (hcd->irq >= 0) free_irq(hcd->irq, hcd); usb_deregister_bus(&hcd->self);