Commit 7bc80cd9 authored by Linus Torvalds's avatar Linus Torvalds

usbfs: fix deadlock on 'usbfs_mutex', clean up poll

The caller of usbfs_conn_disc_event() in some cases (but not always)
already holds usbfs_mutex, so trying to protect the event counter with
that lock causes nasty deadlocks.

The problem was introduced by commit 554f7696 ("USB: Remove BKL from
poll()") when the BLK protection was turned into using the mutex instead.

So fix this by using an atomic variable instead.  And while we're at it,
get rid of the atrocious naming of said variable and the waitqueue it is
associated with.

This also cleans up the unnecessary locking in the poll routine, since
the whole point of how the pollwait table works is that you can just add
yourself to the waiting list, and then check the condition you're
waiting for afterwards - avoiding all races.

It also gets rid of the unnecessary dynamic allocation of the device
status that just contained a single word.  We should use f_version for
this, as Dmitry Torokhov points out.  That simplifies everything
further.
Reported-and-tested-by: default avatarJeff Chua <jeff.chua.linux@gmail.com>
Acked-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
Cc: Oliver Neukum <oliver@neukum.org>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 66b89159
...@@ -117,9 +117,21 @@ static const char *format_endpt = ...@@ -117,9 +117,21 @@ static const char *format_endpt =
* However, these will come from functions that return ptrs to each of them. * However, these will come from functions that return ptrs to each of them.
*/ */
static DECLARE_WAIT_QUEUE_HEAD(deviceconndiscwq); /*
/* guarded by usbfs_mutex */ * Wait for an connect/disconnect event to happen. We initialize
static unsigned int conndiscevcnt; * the event counter with an odd number, and each event will increment
* the event counter by two, so it will always _stay_ odd. That means
* that it will never be zero, so "event 0" will never match a current
* event, and thus 'poll' will always trigger as readable for the first
* time it gets called.
*/
static struct device_connect_event {
atomic_t count;
wait_queue_head_t wait;
} device_event = {
.count = ATOMIC_INIT(1),
.wait = __WAIT_QUEUE_HEAD_INITIALIZER(device_event.wait)
};
/* this struct stores the poll state for <mountpoint>/devices pollers */ /* this struct stores the poll state for <mountpoint>/devices pollers */
struct usb_device_status { struct usb_device_status {
...@@ -157,10 +169,8 @@ static const struct class_info clas_info[] = ...@@ -157,10 +169,8 @@ static const struct class_info clas_info[] =
void usbfs_conn_disc_event(void) void usbfs_conn_disc_event(void)
{ {
mutex_lock(&usbfs_mutex); atomic_add(2, &device_event.count);
conndiscevcnt++; wake_up(&device_event.wait);
mutex_unlock(&usbfs_mutex);
wake_up(&deviceconndiscwq);
} }
static const char *class_decode(const int class) static const char *class_decode(const int class)
...@@ -632,42 +642,16 @@ static ssize_t usb_device_read(struct file *file, char __user *buf, ...@@ -632,42 +642,16 @@ static ssize_t usb_device_read(struct file *file, char __user *buf,
static unsigned int usb_device_poll(struct file *file, static unsigned int usb_device_poll(struct file *file,
struct poll_table_struct *wait) struct poll_table_struct *wait)
{ {
struct usb_device_status *st; unsigned int event_count;
unsigned int mask = 0;
mutex_lock(&usbfs_mutex);
st = file->private_data;
if (!st) {
st = kmalloc(sizeof(struct usb_device_status), GFP_KERNEL);
if (!st) {
mutex_unlock(&usbfs_mutex);
return POLLIN;
}
st->lastev = conndiscevcnt;
file->private_data = st;
mask = POLLIN;
}
if (file->f_mode & FMODE_READ) poll_wait(file, &device_event.wait, wait);
poll_wait(file, &deviceconndiscwq, wait);
if (st->lastev != conndiscevcnt)
mask |= POLLIN;
st->lastev = conndiscevcnt;
mutex_unlock(&usbfs_mutex);
return mask;
}
static int usb_device_open(struct inode *inode, struct file *file) event_count = atomic_read(&device_event.count);
{ if (file->f_version != event_count) {
file->private_data = NULL; file->f_version = event_count;
return 0; return POLLIN | POLLRDNORM;
} }
static int usb_device_release(struct inode *inode, struct file *file)
{
kfree(file->private_data);
file->private_data = NULL;
return 0; return 0;
} }
...@@ -699,6 +683,4 @@ const struct file_operations usbfs_devices_fops = { ...@@ -699,6 +683,4 @@ const struct file_operations usbfs_devices_fops = {
.llseek = usb_device_lseek, .llseek = usb_device_lseek,
.read = usb_device_read, .read = usb_device_read,
.poll = usb_device_poll, .poll = usb_device_poll,
.open = usb_device_open,
.release = usb_device_release,
}; };
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment