Project

General

Profile

Actions

Bug #9806

closed

ehci_take_control() can infinite loop due to PCI invalid reads

Added by Robert Mustacchi almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Category:
driver - device drivers
Start date:
2018-09-09
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

As part of testing the recent ACPI changes, a user hit an issue where we found an infinite loop in ehci_take_contrl().

The purpose of this function is to try and prod the BIOS to take control of the USB stack and devices. As part of trying to find this it looks through the pci configuration space in the classic PCI extension fashion. Unfortunately, if we hit an invalid read, we end up infinite looping as a result as we'll pretty much always have another capability which is the same invalid read.

The fix is simple, when we read PCI_EINAVL32, we should break out of the loop.

--

I tested this in a few ways: I worked with the user who was seeing this in the context of the new ACPI bits and verified that they no longer saw the hang. I also tested this on some other systems with EHCI and made sure that we still correctly found the capability and worked through it correctly.


Related issues

Related to illumos gate - Bug #4225: ehci can hang interminably trying to read PCI capabilitiesIn ProgressGarrett D'Amore2013-10-17

Actions
Actions

Also available in: Atom PDF