From: Alan Stern <stern@rowland.harvard.edu>
Date: Tue, 13 Mar 2007 15:10:52 +0000 (-0400)
Subject: USB: fix race in HCD removal
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1b42ae6d4355328dc4406b6f0188adcf8c566435;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git

USB: fix race in HCD removal

This patch (as865) fixes a race in the HCD removal code discovered by
Milan Plzik.  Arrival of an interrupt after the root hub was
unregistered could cause the root-hub status timer to start up, even
after it was supposed to have been shut down.  The problem is fixed by
moving the del_timer_sync() call to after the HCD's stop() method, at
which time IRQ generation should be disabled.

Cc: Milan Plzik <milan.plzik@gmail.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index b26c19e8d19f..af7aed11398b 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -544,6 +544,8 @@ void usb_hcd_poll_rh_status(struct usb_hcd *hcd)
 	unsigned long	flags;
 	char		buffer[4];	/* Any root hubs with > 31 ports? */
 
+	if (unlikely(!hcd->rh_registered))
+		return;
 	if (!hcd->uses_new_polling && !hcd->status_urb)
 		return;
 
@@ -1670,12 +1672,12 @@ void usb_remove_hcd(struct usb_hcd *hcd)
 	usb_disconnect(&hcd->self.root_hub);
 	mutex_unlock(&usb_bus_list_lock);
 
-	hcd->poll_rh = 0;
-	del_timer_sync(&hcd->rh_timer);
-
 	hcd->driver->stop(hcd);
 	hcd->state = HC_STATE_HALT;
 
+	hcd->poll_rh = 0;
+	del_timer_sync(&hcd->rh_timer);
+
 	if (hcd->irq >= 0)
 		free_irq(hcd->irq, hcd);
 	usb_deregister_bus(&hcd->self);