From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753570AbbBTDGw (ORCPT <rfc822;w@1wt.eu>);
	Thu, 19 Feb 2015 22:06:52 -0500
Received: from comal.ext.ti.com ([198.47.26.152]:55638 "EHLO comal.ext.ti.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752018AbbBTDGu (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 19 Feb 2015 22:06:50 -0500
Date: Thu, 19 Feb 2015 21:06:11 -0600
From: Felipe Balbi <balbi@ti.com>
To: Pali =?iso-8859-1?Q?Roh=E1r?= <pali.rohar@gmail.com>
CC: <balbi@ti.com>, Linux USB Mailing List <linux-usb@vger.kernel.org>,
        Pavel Machek <pavel@ucw.cz>, Aaro Koskinen <aaro.koskinen@iki.fi>,
        Sebastian Reichel <sre@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/3] usb: gadget: function: phonet: balance
 usb_ep_disable calls
Message-ID: <20150220030611.GA19507@saruman.tx.rr.com>
Reply-To: <balbi@ti.com>
References: <1422918921-5472-1-git-send-email-balbi@ti.com>
 <201502032057.11166@pali>
 <201502051338.59040@pali>
 <201502200109.48793@pali>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG"
Content-Disposition: inline
In-Reply-To: <201502200109.48793@pali>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 20, 2015 at 01:09:48AM +0100, Pali Roh=E1r wrote:
> On Thursday 05 February 2015 13:38:58 Pali Roh=E1r wrote:
> > On Tuesday 03 February 2015 20:57:11 Pali Roh=E1r wrote:
> > > On Tuesday 03 February 2015 20:35:25 Felipe Balbi wrote:
> > > > On Tue, Feb 03, 2015 at 08:27:52PM +0100, Pali Roh=E1r wrote:
> > > > > On Tuesday 03 February 2015 20:18:59 Felipe Balbi wrote:
> > > > > > On Tue, Feb 03, 2015 at 05:17:28PM +0100, Pali Roh=E1r
> >=20
> > wrote:
> > > > > > > On Tuesday 03 February 2015 16:43:45 Felipe Balbi
> >=20
> > wrote:
> > > > > > > > Hi,
> > > > > > > >=20
> > > > > > > > On Tue, Feb 03, 2015 at 04:31:51PM +0100, Pali
> > > > > > > > Roh=E1r
> > >=20
> > > wrote:
> > > > > > > > > On Tuesday 03 February 2015 00:15:19 Felipe
> > > > > > > > > Balbi
> > >=20
> > > wrote:
> > > > > > > > > > f_phonet's ->set_alt() method will call
> > > > > > > > > > usb_ep_disable() potentially on an endpoint
> > > > > > > > > > which is already disabled. That's something
> > > > > > > > > > the gadget/function driver must guarantee
> > > > > > > > > > that it's always balanced.
> > > > > > > > > >=20
> > > > > > > > > > In order to balance the calls, just make sure
> > > > > > > > > > the endpoint was enabled before by means of
> > > > > > > > > > checking the validity of driver_data.
> > > > > > > > > >=20
> > > > > > > > > > Reported-by: Pali Roh=E1r <pali.rohar@gmail.com>
> > > > > > > > > > Signed-off-by: Felipe Balbi <balbi@ti.com>
> > > > > > > > > > ---
> > > > > > > > >=20
> > > > > > > > > Your patches cause that kernel does not print
> > > > > > > > > any error message to n900 screen anymore and
> > > > > > > > > reboot device in 10 seconds. I did not loaded
> > > > > > > > > any external modules.
> > > > > > > >=20
> > > > > > > > > In qemu I see this crash in early boot:
> > > > > > > > alright, so n900's working fine. I'll wait until
> > > > > > > > you debug qemu a little more, thank you
> > > > > > >=20
> > > > > > > NO! It does not working, see ^^^^. It break n900
> > > > > > > totally!
> > > > > >=20
> > > > > > settle down a bit more. I don't have the HW you have
> > > > > > and things are working fine on boards I _do_ have,
> > > > > > there's not much more I can do to help without you
> > > > > > doing your homework. Debug a bit more and bring more
> > > > > > information as to what's going on, until then you're
> > > > > > on your own.
> > > > >=20
> > > > > And what more do you need? It crash on my n900 and also
> > > > > in qemu. I sent you kernel crash dump from qemu which
> > > > > introduced *your* patches. Before applying your patches
> > > > > there was no crash in early boot stage.
> > > > >=20
> > > > > In current state I review all 3 patches as:
> > > > >=20
> > > > > Rejected-by: Pali Roh=E1r <pali.rohar@gmail.com>
> > > > > [It breaks booting Nokia N900 device]
> > > >=20
> > > > next step, figure why it's broken. Working just fine here
> > > > on AM335x which has the same musb IP.
> > >=20
> > > Why is broken? That is easy. You send 3 patches which broke
> > > it.
> >=20
> > Actually when I reverted only that patch which adds line:
> >=20
> > pm_runtime_irq_safe(musb->controller)
> >=20
> > then early boot crash disappeared.
> >=20
> > But other two patches did not fixed support for external .ko
> > gadget modules. State is same -- crash after modprobe.
>=20
> Here is crash from qemu when musb is compiled into kernel:
>=20
> [    0.641662] Unable to handle kernel NULL pointer dereference at virtua=
l address 00000000
> [    0.642211] pgd =3D c0004000
> [    0.642425] [00000000] *pgd=3D00000000
> [    0.642913] Internal error: Oops: 80000005 [#1] PREEMPT ARM
> [    0.643371] Modules linked in:
> [    0.643737] CPU: 0 PID: 1 Comm: swapper Not tainted 3.19.0-rc5+ #329
> [    0.644195] Hardware name: Nokia RX-51 board
> [    0.644531] task: cf8a8000 ti: cf8ac000 task.ti: cf8ac000
> [    0.644958] PC is at 0x0
> [    0.645263] LR is at omap2430_runtime_resume+0x80/0x100
> [    0.645660] pc : [<00000000>]    lr : [<c02ccebc>]    psr: 60000113
> [    0.645660] sp : cf8adda0  ip : 00000001  fp : c0059c64
> [    0.646423] r10: cf8adde8  r9 : cf9b5884  r8 : cf9b58cc
> [    0.646789] r7 : 00000004  r6 : cf93ee10  r5 : c06ac84c  r4 : cf83a010
> [    0.647216] r3 : 00000000  r2 : c0565716  r1 : 00000414  r0 : fa0ab000
> [    0.647735] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segme=
nt kernel
> [    0.648254] Control: 10c53c7d  Table: 80004059  DAC: 00000015
> [    0.648651] Process swapper (pid: 1, stack limit =3D 0xcf8ac238)
> [    0.649078] Stack: (0xcf8adda0 to 0xcf8ae000)
> [    0.649444] dda0: c0022428 cf9b5810 cf93ee10 c026bb44 00000001 c026d3e=
0 00000000 cf9b5810
> [    0.650085] ddc0: 00000000 c026d4a0 cf9b5810 cf9b5810 00000000 c026e9a=
4 c0441790 cfa29410
> [    0.650634] dde0: cfb33800 c0441790 cfa29410 cfa2b700 00000000 6000011=
3 cfa2b6c0 cfa29410
> [    0.651153] de00: c0660c80 0000006c c06210c4 c05de6d4 00000000 c026ee7=
4 cfa2c180 cfa29410
> [    0.651702] de20: cfa2b6c0 c026eed4 cf83a010 c02c53f8 cfa29410 0000006=
c fa0ab000 ffffffed
> [    0.652252] de40: cfa29410 c0660c80 c0660c80 c062cfe0 c06210c4 c05de6d=
4 00000000 c0267ad8
> [    0.652770] de60: 00000000 cfa29410 00000000 c026624c 00000000 cfa2941=
0 c0660c80 c0660c80
> [    0.653320] de80: 00000000 c0266478 00000000 cfa29410 cfa29444 c02664f=
0 c0660c80 cf8adea8
> [    0.653839] dea0: c0266490 c0264dd0 cf88cb8c cfa2c2b0 c0660c80 c0660c8=
0 cfb32b80 c065aad0
> [    0.654388] dec0: 00000000 c0265b80 c044162c c044162d 00000000 c0660c8=
0 cfb37580 00000000
> [    0.654937] dee0: c062cfe0 c0266e28 c0267a38 c0605a5c cfb37580 c00088f=
c c05de6d4 c004ae84
> [    0.655517] df00: c05acdcc cfcb6cd3 00000000 c0566a48 a0000113 c05acdc=
c 00000006 00000075
> [    0.656036] df20: 00000006 c004af28 00000075 00000006 00000006 c05de6d=
4 cfcb6cc3 cfcb6cd2
> [    0.656585] df40: 00000000 00000006 c0614670 00000006 c0614674 c061465=
4 c0670680 00000075
> [    0.657104] df60: c06210c4 c05decfc 00000006 00000006 c05de6d4 c06488d=
8 c0620c8c c0620c8c
> [    0.657653] df80: 00000000 00000000 00000000 00000000 00000000 c05ded9=
4 cf8ac000 00000000
> [    0.658172] dfa0: c03f9ff0 c03f9ff8 00000000 c000ddd8 00000000 0000000=
0 00000000 00000000
> [    0.658721] dfc0: 00000000 00000000 00000000 00000000 00000000 0000000=
0 00000000 00000000
> [    0.659271] dfe0: 00000000 00000000 00000000 00000000 00000013 0000000=
0 00000000 00000000
> [    0.660186] [<c02ccebc>] (omap2430_runtime_resume) from [<c026bb44>]=
=20
> (pm_generic_runtime_resume+0x2c/0x40)
> [    0.660919] [<c026bb44>] (pm_generic_runtime_resume) from [<c026d3e0>]=
 (__rpm_callback+0x8c/0xdc)
> [    0.661529] [<c026d3e0>] (__rpm_callback) from [<c026d4a0>] (rpm_callb=
ack+0x70/0x88)
> [    0.662048] [<c026d4a0>] (rpm_callback) from [<c026e9a4>] (rpm_resume+=
0x514/0x704)
> [    0.662567] [<c026e9a4>] (rpm_resume) from [<c026ee74>] (__pm_runtime_=
resume+0x4c/0x90)
> [    0.663116] [<c026ee74>] (__pm_runtime_resume) from [<c026eed4>] (pm_r=
untime_irq_safe+0x1c/0x74)
> [    0.663757] [<c026eed4>] (pm_runtime_irq_safe) from [<c02c53f8>] (musb=
_init_controller+0x50/0x60c)
> [    0.664367] [<c02c53f8>] (musb_init_controller) from [<c0267ad8>] (pla=
tform_drv_probe+0x48/0x90)
> [    0.664947] [<c0267ad8>] (platform_drv_probe) from [<c026624c>] (reall=
y_probe+0xac/0x1e0)
> [    0.665496] [<c026624c>] (really_probe) from [<c0266478>] (driver_prob=
e_device+0x30/0x48)
> [    0.666046] [<c0266478>] (driver_probe_device) from [<c02664f0>] (__dr=
iver_attach+0x60/0x84)
> [    0.666595] [<c02664f0>] (__driver_attach) from [<c0264dd0>] (bus_for_=
each_dev+0x50/0x84)
> [    0.667144] [<c0264dd0>] (bus_for_each_dev) from [<c0265b80>] (bus_add=
_driver+0xac/0x1bc)
> [    0.667694] [<c0265b80>] (bus_add_driver) from [<c0266e28>] (driver_re=
gister+0x9c/0xe0)
> [    0.668212] [<c0266e28>] (driver_register) from [<c00088fc>] (do_one_i=
nitcall+0x100/0x1b0)
> [    0.668762] [<c00088fc>] (do_one_initcall) from [<c05decfc>] (do_basic=
_setup+0x88/0xc0)
> [    0.669311] [<c05decfc>] (do_basic_setup) from [<c05ded94>] (kernel_in=
it_freeable+0x60/0xfc)
> [    0.669891] [<c05ded94>] (kernel_init_freeable) from [<c03f9ff8>] (ker=
nel_init+0x8/0xe4)
> [    0.670410] [<c03f9ff8>] (kernel_init) from [<c000ddd8>] (ret_from_for=
k+0x14/0x3c)
> [    0.670989] Code: bad PC value
> [    0.671752] ---[ end trace 087e5b16cf36deef ]---
> [    0.672210] Kernel panic - not syncing: Attempted to kill init! exitco=
de=3D0x0000000b
> [    0.672210]=20
> [    0.672882] ---[ end Kernel panic - not syncing: Attempted to kill ini=
t! exitcode=3D0x0000000b
> [    0.672882]
>=20
> Reason why it crashes is because when function
> omap2430_runtime_resume() is called pointer to functions=20
> musb_readl and musb_writel are both NULL. And so NULL pointer
> dereference.

https://git.kernel.org/cgit/linux/kernel/git/balbi/usb.git/commit/?h=3Dtest=
ing/next&id=3D1861a2c60351a390272b3395f4d88480cdfd9e58

--=20
balbi

--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU5qSjAAoJEIaOsuA1yqREqLIP/0IcIROJPheq18mE6ZfHGLBf
xbU6PWnBd/4EnKK9/WoJX75mTAkOZO7CHXy7jXNDaaC5hcvX4M8jIdnmS+dJczB7
3MOVao3WAQTBUWXPjFJ0GEm/S61kmavqez9O2lbpbG2f822/ZVPYbqP/iIyiTjNO
RCCvGAbLLs78XQwSSDjrXgVkJ2RsY6ICJ5fxU0ep7PrblGiizAsoqdt0c5kwJqso
zfwMzVjEbC/6W0cRUu4mrLihiAMLOWWDkQjAf1HtnB8mnQfEPD/cc6FzJgmPkcTA
UBMaNkhJCa1amN8IJMLCulAoTicZfZP8dUwfo7qwMpEDeIObTdrnstM2XM4IClGp
XqnXMNEJ8ZtkwJV+XFathOggs1SPPK0PXfwWiT0xKMOs8zUHk4S+qcXEMOYzl/zu
d0y4e8I7eAbxgK6vU2FCmKdSYYqlAaeKEyNlr/xo7T0tdmB0IR33wn+fd1UBV3hV
f/FtlVsyfapsYr0fVB9LeE3dXiY6xcWDt0sgQLbAlgci5oS5RNuko6TTtrAuOIBv
AOdlFk2b618/RD+CW9DShPvKoU1TErWrjDpce+SEtt7C4QTcTBXpc8pOFp2h8p+U
D09vzylRVRuUGBupqYpzznhDZFqDagJvqoqTYVnvkFaP2uhjI8ri/h8oNL71IzT0
gS88/JDLy4eMb+IXCNNH
=GPV0
-----END PGP SIGNATURE-----

--OgqxwSJOaUobr8KG--