linux/drivers/usb/gadget
Alan Stern fc834e607a USB: dummy-hcd: Fix failure to give back unlinked URBs
The syzkaller USB fuzzer identified a failure mode in which dummy-hcd
would never give back an unlinked URB.  This causes usb_kill_urb() to
hang, leading to WARNINGs and unkillable threads.

In dummy-hcd, all URBs are given back by the dummy_timer() routine as
it scans through the list of pending URBS.  Failure to give back URBs
can be caused by failure to start or early exit from the scanning
loop.  The code currently has two such pathways: One is triggered when
an unsupported bus transfer speed is encountered, and the other by
exhausting the simulated bandwidth for USB transfers during a frame.

This patch removes those two paths, thereby allowing all unlinked URBs
to be given back in a timely manner.  It adds a check for the bus
speed when the gadget first starts running, so that dummy_timer() will
never thereafter encounter an unsupported speed.  And it prevents the
loop from exiting as soon as the total bandwidth has been used up (the
scanning loop continues, giving back unlinked URBs as they are found,
but not transferring any more data).

Thanks to Andrey Konovalov for manually running the syzkaller fuzzer
to help track down the source of the bug.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+d919b0f29d7b5a4994b9@syzkaller.appspotmail.com
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-19 14:15:26 +02:00
..
function USB: gadget: f_hid: fix deadlock in f_hidg_write() 2019-03-20 10:58:48 +02:00
legacy USB: changes for v5.1 merge window 2019-02-15 09:08:57 +01:00
udc USB: dummy-hcd: Fix failure to give back unlinked URBs 2019-04-19 14:15:26 +02:00
composite.c usb: gadget: Fix OS descriptors support 2018-07-17 10:12:51 +03:00
config.c USB: gadget: Remove redundant license text 2017-11-07 15:45:02 +01:00
configfs.c usb: gadget: configfs: avoid spaces for indentation 2018-07-26 13:49:49 +03:00
configfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
epautoconf.c usb: gadget: move non-super speed code out of usb_ep_autoconfig_ss() 2019-02-07 13:14:51 +02:00
functions.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
Kconfig USB: add missing SPDX lines to Kconfig and Makefiles 2019-01-22 09:08:17 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
u_f.c usb: gadget: Change Andrzej Pietrasiewicz's e-mail address 2019-02-11 11:12:29 +02:00
u_f.h usb: gadget: Change Andrzej Pietrasiewicz's e-mail address 2019-02-11 11:12:29 +02:00
u_os_desc.h usb: gadget: Change Andrzej Pietrasiewicz's e-mail address 2019-02-11 11:12:29 +02:00
usbstring.c usb/gadget: Constify usb_gadget_get_string "table" argument 2018-05-15 10:06:49 +03:00