-
Alan Stern authored
This patch (as1435) fixes an obscure and unlikely race in ehci-hcd. When an async URB is unlinked, the corresponding QH is removed from the async list. If the QH's endpoint is then disabled while the URB is being given back, ehci_endpoint_disable() won't find the QH on the async list, causing it to believe that the QH has been lost. This will lead to a memory leak at best and quite possibly to an oops. The solution is to trust usbcore not to lose track of endpoints. If the QH isn't on the async list then it doesn't need to be taken off the list, but the driver should still wait for the QH to become IDLE before disabling it. In theory this fixes Bugzilla #20182. In fact the race is so rare that it's not possible to tell whether the bug is still present. However, adding delays and making other changes to force the race seems to show that the patch works. Signed-off-by:
Alan Stern <stern@rowland.harvard.edu> Reported-by:
Stefan Richter <stefanr@s5r6.in-berlin.de> CC: David Brownell <david-b@pacbell.net> CC: stable <stable@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
02e2c51b
