5b6e9bcdeb
Commit 4231d47e6fe69f061f96c98c30eaf9fb4c14b96d(net/usbnet: avoid recursive locking in usbnet_stop()) fixes the recursive locking problem by releasing the skb queue lock before unlink, but may cause skb traversing races: - after URB is unlinked and the queue lock is released, the refered skb and skb->next may be moved to done queue, even be released - in skb_queue_walk_safe, the next skb is still obtained by next pointer of the last skb - so maybe trigger oops or other problems This patch extends the usage of entry->state to describe 'start_unlink' state, so always holding the queue(rx/tx) lock to change the state if the referd skb is in rx or tx queue because we need to know if the refered urb has been started unlinking in unlink_urbs. The other part of this patch is based on Huajun's patch: always traverse from head of the tx/rx queue to get skb which is to be unlinked but not been started unlinking. Signed-off-by: Huajun Li <huajun.li.lee@gmail.com> Signed-off-by: Ming Lei <tom.leiming@gmail.com> Cc: Oliver Neukum <oneukum@suse.de> Cc: stable@kernel.org Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| association.h | ||
| atmel_usba_udc.h | ||
| audio-v2.h | ||
| audio.h | ||
| c67x00.h | ||
| cdc-wdm.h | ||
| cdc.h | ||
| ch9.h | ||
| ch11.h | ||
| composite.h | ||
| ehci_def.h | ||
| ehci_pdriver.h | ||
| functionfs.h | ||
| g_hid.h | ||
| g_printer.h | ||
| gadget.h | ||
| gadgetfs.h | ||
| gpio_vbus.h | ||
| hcd.h | ||
| input.h | ||
| intel_mid_otg.h | ||
| iowarrior.h | ||
| irda.h | ||
| isp116x.h | ||
| isp1362.h | ||
| isp1760.h | ||
| Kbuild | ||
| langwell_udc.h | ||
| m66592.h | ||
| midi.h | ||
| msm_hsusb_hw.h | ||
| msm_hsusb.h | ||
| musb.h | ||
| net2280.h | ||
| ohci_pdriver.h | ||
| otg.h | ||
| quirks.h | ||
| r8a66597.h | ||
| renesas_usbhs.h | ||
| rndis_host.h | ||
| serial.h | ||
| sl811.h | ||
| storage.h | ||
| tmc.h | ||
| uas.h | ||
| ulpi.h | ||
| usbnet.h | ||
| video.h | ||
| wusb-wa.h | ||
| wusb.h | ||