From 9c06210b89e604aa75314d3d173a93292b0d2777 Mon Sep 17 00:00:00 2001 From: Robert Krakora Date: Sun, 25 Jan 2009 13:08:07 -0300 Subject: [PATCH] V4L/DVB (10325): em28xx: Fix for fail to submit URB with IRQs and Pre-emption Disabled Trace: (Provided by Douglas) BUG: sleeping function called from invalid context at drivers/usb/core/urb.c:558 in_atomic():0, irqs_disabled():1 Pid: 4918, comm: sox Not tainted 2.6.27.5 #1 [] __might_sleep+0xc6/0xcb [] usb_kill_urb+0x1a/0xd8 [] ? __kmalloc+0x9b/0xfc [] ? __kmalloc+0xb8/0xfc [] ? usb_alloc_urb+0xf/0x31 [] em28xx_isoc_audio_deinit+0x2f/0x6c [em28xx_alsa] [] em28xx_cmd+0x1aa/0x1c5 [em28xx_alsa] [] snd_em28xx_capture_trigger+0x53/0x68 [em28xx_alsa] [] snd_pcm_do_start+0x1c/0x23 [snd_pcm] [] snd_pcm_action_single+0x25/0x4b [snd_pcm] [] snd_pcm_action+0x6a/0x76 [snd_pcm] [] snd_pcm_start+0x14/0x16 [snd_pcm] [] snd_pcm_lib_read1+0x66/0x273 [snd_pcm] [] ? snd_pcm_kernel_ioctl+0x46/0x5f [snd_pcm] [] snd_pcm_lib_read+0xbf/0xcd [snd_pcm] [] ? snd_pcm_lib_read_transfer+0x0/0xaf [snd_pcm] [] snd_pcm_oss_read3+0x99/0xdc [snd_pcm_oss] [] snd_pcm_oss_read2+0xa3/0xbf [snd_pcm_oss] [] ? _cond_resched+0x8/0x32 [] snd_pcm_oss_read+0x106/0x150 [snd_pcm_oss] [] ? snd_pcm_oss_read+0x0/0x150 [snd_pcm_oss] [] vfs_read+0x81/0xdc [] sys_read+0x3b/0x60 [] sysenter_do_call+0x12/0x34 ======================= The culprit in the trace is snd_pcm_action() which invokes a spin lock which disables pre-emption which disables an IRQ which causes the __might_sleep() function to fail the irqs_disabled() test. Since pre-emption is enabled then it is safe to de-allocate the memory if you first unlink each URB. In this instance you are safe since pre-emption is disabled. If pre-emption and irqs are not disabled then call usb_kill_urb(), else call usb_unlink_urb(). Thanks to Douglas for tracking down this bug originally!!! [dougsland@redhat.com: Fixed codyingstyle] Signed-off-by: Robert Krakora Signed-off-by: Douglas Schilling Landgraf Signed-off-by: Mauro Carvalho Chehab --- drivers/media/video/em28xx/em28xx-audio.c | 9 ++++++--- drivers/media/video/em28xx/em28xx-core.c | 7 +++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/media/video/em28xx/em28xx-audio.c b/drivers/media/video/em28xx/em28xx-audio.c index fcc300c93995..5d882a44e3ee 100644 --- a/drivers/media/video/em28xx/em28xx-audio.c +++ b/drivers/media/video/em28xx/em28xx-audio.c @@ -62,12 +62,15 @@ static int em28xx_isoc_audio_deinit(struct em28xx *dev) dprintk("Stopping isoc\n"); for (i = 0; i < EM28XX_AUDIO_BUFS; i++) { - usb_kill_urb(dev->adev.urb[i]); + if (!irqs_disabled()) + usb_kill_urb(dev->adev.urb[i]); + else + usb_unlink_urb(dev->adev.urb[i]); usb_free_urb(dev->adev.urb[i]); dev->adev.urb[i] = NULL; - kfree(dev->adev.transfer_buffer[i]); - dev->adev.transfer_buffer[i] = NULL; + kfree(dev->adev.transfer_buffer[i]); + dev->adev.transfer_buffer[i] = NULL; } return 0; diff --git a/drivers/media/video/em28xx/em28xx-core.c b/drivers/media/video/em28xx/em28xx-core.c index 71ad35192c06..94fb1b639a2e 100644 --- a/drivers/media/video/em28xx/em28xx-core.c +++ b/drivers/media/video/em28xx/em28xx-core.c @@ -860,8 +860,11 @@ void em28xx_uninit_isoc(struct em28xx *dev) for (i = 0; i < dev->isoc_ctl.num_bufs; i++) { urb = dev->isoc_ctl.urb[i]; if (urb) { - usb_kill_urb(urb); - usb_unlink_urb(urb); + if (!irqs_disabled()) + usb_kill_urb(urb); + else + usb_unlink_urb(urb); + if (dev->isoc_ctl.transfer_buffer[i]) { usb_buffer_free(dev->udev, urb->transfer_buffer_length, -- 2.20.1