Potential bugs found in usb_storage

2014-11-23 Thread Jia-Ju Bai
is failed. [7] The same situation with [1] will happen, when scsi_add_host in usb_stor_probe2 is failed. Could you help me check these findings? Thank you very much, and I'm looking forward to your reply. -- Best wishes! Jia-Ju Bai -- To unsubscribe from this list: send the line unsubscribe linux-usb

[PATCH v2] ehci-hcd: Cleanup memory resources when ehci_halt fails

2016-01-04 Thread Jia-Ju Bai
The driver calls ehci_mem_init to allocate memory resources. But these resources are not freed when ehci_halt fails. This patch adds "ehci_mem_cleanup" in error handling code to fix this problem. Signed-off-by: Jia-Ju Bai <baijiaju1...@163.com> --- drivers/usb/host/ehci-hcd.

[PATCH v2] ehci-hcd: Disable memory-write-invalidate when the driver is removed

2016-01-04 Thread Jia-Ju Bai
to remove the pci driver. This function calls pci_clear_mwi and usb_hcd_pci_remove, which can fix the problem. Signed-off-by: Jia-Ju Bai <baijiaju1...@163.com> --- drivers/usb/host/ehci-pci.c |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/ehci

[PATCH] ehci-hcd: Disable memory-write-invalidate when the driver is removed

2015-12-28 Thread Jia-Ju Bai
Signed-off-by: Jia-Ju Bai <baijiaju1...@163.com> --- drivers/usb/host/ehci-hcd.c |2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c index 48c92bf..c02ec42 100644 --- a/drivers/usb/host/ehci-hcd.c +++ b/drivers/usb/host/ehci

[PATCH] ehci-hcd: Cleanup memory resources when ehci_halt fails

2015-12-28 Thread Jia-Ju Bai
Signed-off-by: Jia-Ju Bai <baijiaju1...@163.com> --- drivers/usb/host/ehci-hcd.c |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c index 48c92bf..015b411 100644 --- a/drivers/usb/host/ehci-hcd.c +++ b/drive

Re: [PATCH] ehci-hcd: Cleanup memory resources when ehci_halt fails

2015-12-29 Thread Jia-Ju Bai
On 12/29/2015 12:04 AM, Alan Stern wrote: On Mon, 28 Dec 2015, Jia-Ju Bai wrote: Please add a changelog. Signed-off-by: Jia-Ju Bai<baijiaju1...@163.com> --- drivers/usb/host/ehci-hcd.c |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/ehci-h

[PATCH] ehci-hcd: Cleanup memory resources when ehci_halt fails

2015-12-29 Thread Jia-Ju Bai
The driver calls ehci_mem_init to allocate memory resources. But these resources are not freed when ehci_halt fails. This patch adds "ehci_mem_cleanup" in error handling code to fix this problem. Signed-off-by: Jia-Ju Bai <baijiaju1...@163.com> --- drivers/usb/host/ehci-hcd.

[PATCH v2] ehci-hcd: Disable memory-write-invalidate when the driver is removed

2015-12-29 Thread Jia-Ju Bai
to remove the pci driver. This function calls pci_clear_mwi and usb_hcd_pci_remove, which can fix the problem. Signed-off-by: Jia-Ju Bai <baijiaju1...@163.com> --- drivers/usb/host/ehci-pci.c |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/ehci

[PATCH] gadget: Fix a sleep-in-atomic bug

2017-05-30 Thread Jia-Ju Bai
The driver may sleep under a spin lock, and the function call path is: ffs_epfile_io (acquire the lock by spin_lock_irq) usb_ep_alloc_request(GFP_KERNEL) --> may sleep To fix it, the "GFP_KERNEL" is replaced with "GFP_ATOMIC". Signed-off-by: Jia-Ju Bai <baijiaju1...

[BUG] kaweth: a possible sleep-in-atomic bug in kaweth_start_xmit

2017-12-13 Thread Jia-Ju Bai
eep usb_kill_urb --> may sleep I do not find a good way to fix it, so I only report. This possible bug is found by my static analysis tool (DSAC) and checked by my code review. Thanks, Jia-Ju Bai -- To unsubscribe from this list: send the line "unsubscribe linux-usb&q

[PATCH] usb/io_edgeport: Fix a possible sleep-in-atomic bug in edge_bulk_in_callback

2017-12-13 Thread Jia-Ju Bai
usb_kill_urb --> may sleep To fix it, usb_kill_urb() is removed from the error path after usb_submit_urb() fails. This possible bug is found by my static analysis tool (DSAC) and checked by my code review. Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com> --- drivers/usb/serial/io_e

Re: [BUG] usb/io_edgeport: a possible sleep-in-atomic bug in edge_bulk_in_callback

2017-12-13 Thread Jia-Ju Bai
Okay, I had submitted a patch yesterday. You can have a look :) Thanks, Jia-Ju Bai On 2017/12/13 19:38, Johan Hovold wrote: [ +CC: linux-usb] On Wed, Dec 13, 2017 at 06:22:26PM +0800, Jia-Ju Bai wrote: According to drivers/usb/serial/io_edgeport.c, the driver may sleep under a spinlock

[BUG] drivers/usb/host/isp116x-hcd: a possible sleep-in-atomic bug in isp116x_start

2017-12-11 Thread Jia-Ju Bai
may sleep I do not find a good way to fix it, so I only report. This possible bug is found by my static analysis tool (DSAC) and checked by my code review. Thanks, Jia-Ju Bai -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a mess

[PATCH] usb: storage: Fix a possible data race in uas_queuecommand_lck

2018-05-08 Thread Jia-Ju Bai
uot;cmnd->scsi_done". To fix this data race, the write operations on line 634-635 should be also protected by the lock. Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com> --- drivers/usb/storage/uas.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/usb/st

Re: [usb-storage] [PATCH] usb: storage: Fix a possible data race in uas_queuecommand_lck

2018-05-08 Thread Jia-Ju Bai
On 2018/5/8 16:27, Oliver Neukum wrote: Am Dienstag, den 08.05.2018, 15:47 +0800 schrieb Jia-Ju Bai: The write operations to "cmnd->result" and "cmnd->scsi_done" are protected by the lock on line 642-643, but the write operations to these data on line 634-635 are

[PATCH] net: usb: hso: Replace GFP_ATOMIC with GFP_KERNEL in hso_create_device

2018-04-10 Thread Jia-Ju Bai
MIC is not necessary and can be replaced with GFP_KERNEL, which can sleep and improve the possibility of sucessful allocation. This is found by a static analysis tool named DCNS written by myself. And I also manually check it. Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com> --- drivers/net/u

[PATCH] usb: storage: Replace mdelay with msleep in init_freecom

2018-04-09 Thread Jia-Ju Bai
msleep() to avoid busy waiting. This is found by a static analysis tool named DCNS written by myself. And I also manually check it. Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com> --- drivers/usb/storage/freecom.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/

[PATCH 1/2] usb: isp1760: Replace mdelay with msleep in isp1760_init_core

2018-04-10 Thread Jia-Ju Bai
replaced with msleep() to avoid busy waiting. This is found by a static analysis tool named DCNS written by myself. And I also manually check it. Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com> --- drivers/usb/isp1760/isp1760-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) di

[PATCH 2/2] usb: isp1760: Replace mdelay with msleep in isp1760_stop

2018-04-10 Thread Jia-Ju Bai
ly check it Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com> --- drivers/usb/isp1760/isp1760-hcd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/isp1760/isp1760-hcd.c b/drivers/usb/isp1760/isp1760-hcd.c index 8e59e0c..5599310 100644 --- a/drivers/usb/isp1760/is