diff mbox series

USB: chaoskey: fix error case of a timeout

Message ID 20191107142856.16774-2-oneukum@suse.com (mailing list archive)
State Mainlined
Commit 92aa5986f4f7b5a8bf282ca0f50967f4326559f5
Headers show
Series USB: chaoskey: fix error case of a timeout | expand

Commit Message

Oliver Neukum Nov. 7, 2019, 2:28 p.m. UTC
In case of a timeout or if a signal aborts a read
communication with the device needs to be ended
lest we overwrite an active URB the next time we
do IO to the device, as the URB may still be active.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
---
 drivers/usb/misc/chaoskey.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

Comments

Greg Kroah-Hartman Nov. 7, 2019, 3:01 p.m. UTC | #1
On Thu, Nov 07, 2019 at 03:28:56PM +0100, Oliver Neukum wrote:
> In case of a timeout or if a signal aborts a read
> communication with the device needs to be ended
> lest we overwrite an active URB the next time we
> do IO to the device, as the URB may still be active.
> 
> Signed-off-by: Oliver Neukum <oneukum@suse.de>
> ---
>  drivers/usb/misc/chaoskey.c | 24 +++++++++++++++++++++---
>  1 file changed, 21 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/usb/misc/chaoskey.c b/drivers/usb/misc/chaoskey.c
> index 34e6cd6f40d3..87067c3d6109 100644
> --- a/drivers/usb/misc/chaoskey.c
> +++ b/drivers/usb/misc/chaoskey.c
> @@ -384,13 +384,17 @@ static int _chaoskey_fill(struct chaoskey *dev)
>  		!dev->reading,
>  		(started ? NAK_TIMEOUT : ALEA_FIRST_TIMEOUT) );
>  
> -	if (result < 0)
> +	if (result < 0) {
> +		usb_kill_urb(dev->urb);
>  		goto out;
> +	}
>  
> -	if (result == 0)
> +	if (result == 0) {
>  		result = -ETIMEDOUT;
> -	else
> +		usb_kill_urb(dev->urb);
> +	} else {
>  		result = dev->valid;
> +	}
>  out:
>  	/* Let the device go back to sleep eventually */
>  	usb_autopm_put_interface(dev->interface);
> @@ -526,7 +530,21 @@ static int chaoskey_suspend(struct usb_interface *interface,
>  
>  static int chaoskey_resume(struct usb_interface *interface)
>  {
> +	struct chaoskey *dev;
> +	struct usb_device *udev = interface_to_usbdev(interface);
> +
>  	usb_dbg(interface, "resume");
> +	dev = usb_get_intfdata(interface);
> +
> +	/*
> +	 * We may have lost power.
> +	 * In that case the device that needs a long time
> +	 * for the first requests needs an extended timeout
> +	 * again
> +	 */
> +	if (le16_to_cpu(udev->descriptor.idVendor) == ALEA_VENDOR_ID)

What is this helping with?

> +		dev->reads_started = false;
> +
>  	return 0;
>  }
>  #else
> -- 
> 2.16.4
> 

Why send this twice?

And did this pass the syzbot testing?

thanks,

greg k-h
Oliver Neukum Nov. 7, 2019, 5:06 p.m. UTC | #2
Am Donnerstag, den 07.11.2019, 16:01 +0100 schrieb Greg KH:
> On Thu, Nov 07, 2019 at 03:28:56PM +0100, Oliver Neukum wrote:
> > In case of a timeout or if a signal aborts a read
> > communication with the device needs to be ended
> > lest we overwrite an active URB the next time we
> > do IO to the device, as the URB may still be active.
> > 
> > Signed-off-by: Oliver Neukum <oneukum@suse.de>
> > ---
> >  drivers/usb/misc/chaoskey.c | 24 +++++++++++++++++++++---
> >  1 file changed, 21 insertions(+), 3 deletions(-)
> > 
> > diff --git a/drivers/usb/misc/chaoskey.c b/drivers/usb/misc/chaoskey.c
> > index 34e6cd6f40d3..87067c3d6109 100644
> > --- a/drivers/usb/misc/chaoskey.c
> > +++ b/drivers/usb/misc/chaoskey.c
> > @@ -384,13 +384,17 @@ static int _chaoskey_fill(struct chaoskey *dev)
> >  		!dev->reading,
> >  		(started ? NAK_TIMEOUT : ALEA_FIRST_TIMEOUT) );
> >  
> > -	if (result < 0)
> > +	if (result < 0) {
> > +		usb_kill_urb(dev->urb);
> >  		goto out;
> > +	}
> >  
> > -	if (result == 0)
> > +	if (result == 0) {
> >  		result = -ETIMEDOUT;
> > -	else
> > +		usb_kill_urb(dev->urb);
> > +	} else {
> >  		result = dev->valid;
> > +	}
> >  out:
> >  	/* Let the device go back to sleep eventually */
> >  	usb_autopm_put_interface(dev->interface);
> > @@ -526,7 +530,21 @@ static int chaoskey_suspend(struct usb_interface *interface,
> >  
> >  static int chaoskey_resume(struct usb_interface *interface)
> >  {
> > +	struct chaoskey *dev;
> > +	struct usb_device *udev = interface_to_usbdev(interface);
> > +
> >  	usb_dbg(interface, "resume");
> > +	dev = usb_get_intfdata(interface);
> > +
> > +	/*
> > +	 * We may have lost power.
> > +	 * In that case the device that needs a long time
> > +	 * for the first requests needs an extended timeout
> > +	 * again
> > +	 */
> > +	if (le16_to_cpu(udev->descriptor.idVendor) == ALEA_VENDOR_ID)
> 
> What is this helping with?

THe quirk is specific for this model. The others do
not need it.

> > +		dev->reads_started = false;
> > +
> >  	return 0;
> >  }
> >  #else
> > -- 
> > 2.16.4
> > 
> 
> Why send this twice?

There must be an issue in my scripts. Investigating.

> And did this pass the syzbot testing?

Inconclusive. The test crashed but in another place.
I cannot claim that fix.

	Regards
		Oliver
diff mbox series

Patch

diff --git a/drivers/usb/misc/chaoskey.c b/drivers/usb/misc/chaoskey.c
index 34e6cd6f40d3..87067c3d6109 100644
--- a/drivers/usb/misc/chaoskey.c
+++ b/drivers/usb/misc/chaoskey.c
@@ -384,13 +384,17 @@  static int _chaoskey_fill(struct chaoskey *dev)
 		!dev->reading,
 		(started ? NAK_TIMEOUT : ALEA_FIRST_TIMEOUT) );
 
-	if (result < 0)
+	if (result < 0) {
+		usb_kill_urb(dev->urb);
 		goto out;
+	}
 
-	if (result == 0)
+	if (result == 0) {
 		result = -ETIMEDOUT;
-	else
+		usb_kill_urb(dev->urb);
+	} else {
 		result = dev->valid;
+	}
 out:
 	/* Let the device go back to sleep eventually */
 	usb_autopm_put_interface(dev->interface);
@@ -526,7 +530,21 @@  static int chaoskey_suspend(struct usb_interface *interface,
 
 static int chaoskey_resume(struct usb_interface *interface)
 {
+	struct chaoskey *dev;
+	struct usb_device *udev = interface_to_usbdev(interface);
+
 	usb_dbg(interface, "resume");
+	dev = usb_get_intfdata(interface);
+
+	/*
+	 * We may have lost power.
+	 * In that case the device that needs a long time
+	 * for the first requests needs an extended timeout
+	 * again
+	 */
+	if (le16_to_cpu(udev->descriptor.idVendor) == ALEA_VENDOR_ID)
+		dev->reads_started = false;
+
 	return 0;
 }
 #else