diff options
| author | Yauheni Kaliuta <yauheni.kaliuta@nokia.com> | 2011-10-13 14:19:05 +0300 |
|---|---|---|
| committer | Jason Liu <r64343@freescale.com> | 2012-01-09 21:07:49 +0800 |
| commit | 648a99167f3c6601b29841f11951394c105b0757 (patch) | |
| tree | c2af0e6696e843ffb0559bddf2bf8bf8ae07a2cb /drivers/usb/gadget | |
| parent | 90bdb0d612b0252f4da5111b8b6acedc9eaafc3c (diff) | |
usb: gadget: file_storage: fix race on unloading
There is a race, reproduced rarely if you unload the module
when host finishes mass storage device initialization (reading
partition table and so on): fsg_unbind() code first closes
lun files then waits for worker thread to finish its work, as
the result the thread may operate on already closed device
with an oops and backtrace:
[ 484.937225] [<b00e403c>] (touch_atime+0x4/0x140) from [<b00a1498>] (generic_file_aio_read+0x678/0x6f0)
[ 484.946563] [<b00a1498>] (generic_file_aio_read+0x678/0x6f0) from [<b00d08c4>] (do_sync_read+0xb0/0xf4)
[ 484.955963] [<b00d08c4>] (do_sync_read+0xb0/0xf4) from [<b00d1478>] (vfs_read+0xac/0x144)
[ 484.964172] [<b00d1478>] (vfs_read+0xac/0x144) from [<af24c6a8>] (fsg_setup+0x7f4/0x900 [g_file_storage])
[ 484.973785] [<af24c6a8>] (fsg_setup+0x7f4/0x900 [g_file_storage]) from [<af24da14>] (fsg_main_thread+0x85c/0x175c [g_file_storage])
[ 484.985626] [<af24da14>] (fsg_main_thread+0x85c/0x175c [g_file_storage]) from [<b0077c48>] (kthread+0x7c/0x84)
[ 484.995666] [<b0077c48>] (kthread+0x7c/0x84) from [<b002f950>] (kernel_thread_exit+0x0/0x8)
[ 485.004028] Code: eaffffd0 e28dd008 e8bd8df0 e92d40f7 (e591400c)
Change the order in unbind: wait for the thread first, then close
the files.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@nokia.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/gadget')
| -rw-r--r-- | drivers/usb/gadget/file_storage.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/drivers/usb/gadget/file_storage.c b/drivers/usb/gadget/file_storage.c index 594a8e3bd754..63f956dc36c1 100644 --- a/drivers/usb/gadget/file_storage.c +++ b/drivers/usb/gadget/file_storage.c @@ -3173,6 +3173,15 @@ static void /* __init_or_exit */ fsg_unbind(struct usb_gadget *gadget) DBG(fsg, "unbind\n"); clear_bit(REGISTERED, &fsg->atomic_bitflags); + /* If the thread isn't already dead, tell it to exit now */ + if (fsg->state != FSG_STATE_TERMINATED) { + raise_exception(fsg, FSG_STATE_EXIT); + wait_for_completion(&fsg->thread_notifier); + + /* The cleanup routine waits for this completion also */ + complete(&fsg->thread_notifier); + } + /* Unregister the sysfs attribute files and the LUNs */ for (i = 0; i < fsg->nluns; ++i) { curlun = &fsg->luns[i]; @@ -3186,15 +3195,6 @@ static void /* __init_or_exit */ fsg_unbind(struct usb_gadget *gadget) } } - /* If the thread isn't already dead, tell it to exit now */ - if (fsg->state != FSG_STATE_TERMINATED) { - raise_exception(fsg, FSG_STATE_EXIT); - wait_for_completion(&fsg->thread_notifier); - - /* The cleanup routine waits for this completion also */ - complete(&fsg->thread_notifier); - } - /* Free the data buffers */ for (i = 0; i < FSG_NUM_BUFFERS; ++i) kfree(fsg->buffhds[i].buf); |