[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <bcd6d6ff-2b62-c73d-03ea-ed103d01d026@synopsys.com>
Date: Thu, 24 Oct 2019 09:48:20 +0000
From: Minas Harutyunyan <Minas.Harutyunyan@...opsys.com>
To: Douglas Anderson <dianders@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Felipe Balbi <felipe.balbi@...ux.intel.com>
CC: "linux-rockchip@...ts.infradead.org"
<linux-rockchip@...ts.infradead.org>,
"stefan.wahren@...e.com" <stefan.wahren@...e.com>,
"mka@...omium.org" <mka@...omium.org>,
Alexandru M Stan <amstan@...omium.org>,
"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] usb: dwc2: Fix NULL qh in dwc2_queue_transaction
On 10/24/2019 1:06 AM, Douglas Anderson wrote:
> From: Alexandru M Stan <amstan@...omium.org>
>
> When a usb device disconnects in a certain way, dwc2_queue_transaction
> still gets called after dwc2_hcd_cleanup_channels.
>
> dwc2_hcd_cleanup_channels does "channel->qh = NULL;" but
> dwc2_queue_transaction still wants to dereference qh.
> This adds a check for a null qh.
>
> Signed-off-by: Alexandru M Stan <amstan@...omium.org>
> [dianders: rebased to mainline]
> Signed-off-by: Douglas Anderson <dianders@...omium.org>
Acked-by: Minas Harutyunyan <hminas@...opsys.com>
> ---
> While testing a newer version of the Linux kernel on rk3288-veyron
> devices we saw a bunch of crashes reported in dwc2_queue_transaction()
> where chan->qh was NULL [1]. I don't know how to reproduce those
> crashes myself, but I noticed that in our 3.14 kernel we had a patch
> that probably fixed it. That patch was sent upstream ages ago [2] but
> never landed. Here I've rebased the patch. While I haven't
> reproduced the crash myself, it seems fairly likely that this will fix
> the problem.
>
> [1] https://urldefense.proofpoint.com/v2/url?u=https-3A__crbug.com_1017388&d=DwIDAQ&c=DPL6_X_6JkXFx7AXWqB0tg&r=cQBKt4q-qzNVC53rNAwuwplH23V61rHQhhULvdLA0U8&m=cnozTly1DtI01pZ4wbwEGSQW3TtCsiwaNUy5sn5vg0w&s=7bOW1FTelQEJnZerIWHWosIBiYT6dvwbsmYTrYyzKfA&e=
> [2] https://urldefense.proofpoint.com/v2/url?u=https-3A__lore.kernel.org_r_1442952651-2D4341-2D2-2Dgit-2Dsend-2Demail-2Damstan-40chromium.org&d=DwIDAQ&c=DPL6_X_6JkXFx7AXWqB0tg&r=cQBKt4q-qzNVC53rNAwuwplH23V61rHQhhULvdLA0U8&m=cnozTly1DtI01pZ4wbwEGSQW3TtCsiwaNUy5sn5vg0w&s=vmZjFVWnsFPU6Sgxw5IpJ-NYIAbDqyW0itJy00MLYSs&e=
>
> Changes in v2:
> - Rebased to mainline
>
> drivers/usb/dwc2/hcd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
> index 81afe553aa66..b90f858af960 100644
> --- a/drivers/usb/dwc2/hcd.c
> +++ b/drivers/usb/dwc2/hcd.c
> @@ -2824,7 +2824,7 @@ static int dwc2_queue_transaction(struct dwc2_hsotg *hsotg,
> list_move_tail(&chan->split_order_list_entry,
> &hsotg->split_order);
>
> - if (hsotg->params.host_dma) {
> + if (hsotg->params.host_dma && chan->qh) {
> if (hsotg->params.dma_desc_enable) {
> if (!chan->xfer_started ||
> chan->ep_type == USB_ENDPOINT_XFER_ISOC) {
>
Powered by blists - more mailing lists