Fix USB storage hang on command abort

Okay, I found the cause of the hang.  It is a simple bug in the USB
scatter-gather library, caused by changes added in response to the S-G
chaining modification.

This patch (as1125) fixes a bug in the USB scatter-gather library.
Early exit from the S-G initialization loop does not reset the count of
outstanding URBs.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Matthew Dharm <mdharm-usb@one-eyed-alien.net>
Cc: David Brownell <david-b@pacbell.net>
Cc: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index 2fcc06e..586d6f1 100644 (file)
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -389,7 +389,6 @@ int usb_sg_init(struct usb_sg_request *io, struct usb_device *dev,
        if (io->entries <= 0)
                return io->entries;
 
-       io->count = io->entries;
        io->urbs = kmalloc(io->entries * sizeof *io->urbs, mem_flags);
        if (!io->urbs)
                goto nomem;
@@ -458,6 +457,7 @@ int usb_sg_init(struct usb_sg_request *io, struct usb_device *dev,
        io->urbs[--i]->transfer_flags &= ~URB_NO_INTERRUPT;
 
        /* transaction state */
+       io->count = io->entries;
        io->status = 0;
        io->bytes = 0;
        init_completion(&io->complete);