From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jim Lin <jilin@nvidia.com>,
Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH 3.14 12/35] usb: xhci: Fix panic if disconnect
Date: Mon, 5 Sep 2016 18:43:13 +0200 [thread overview]
Message-ID: <20160905163959.197115806@linuxfoundation.org> (raw)
In-Reply-To: <20160905163958.687259537@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jim Lin <jilin@nvidia.com>
commit 88716a93766b8f095cdef37a8e8f2c93aa233b21 upstream.
After a device is disconnected, xhci_stop_device() will be invoked
in xhci_bus_suspend().
Also the "disconnect" IRQ will have ISR to invoke
xhci_free_virt_device() in this sequence.
xhci_irq -> xhci_handle_event -> handle_cmd_completion ->
xhci_handle_cmd_disable_slot -> xhci_free_virt_device
If xhci->devs[slot_id] has been assigned to NULL in
xhci_free_virt_device(), then virt_dev->eps[i].ring in
xhci_stop_device() may point to an invlid address to cause kernel
panic.
virt_dev = xhci->devs[slot_id];
:
if (virt_dev->eps[i].ring && virt_dev->eps[i].ring->dequeue)
[] Unable to handle kernel paging request at virtual address 00001a68
[] pgd=ffffffc001430000
[] [00001a68] *pgd=000000013c807003, *pud=000000013c807003,
*pmd=000000013c808003, *pte=0000000000000000
[] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[] CPU: 0 PID: 39 Comm: kworker/0:1 Tainted: G U
[] Workqueue: pm pm_runtime_work
[] task: ffffffc0bc0e0bc0 ti: ffffffc0bc0ec000 task.ti:
ffffffc0bc0ec000
[] PC is at xhci_stop_device.constprop.11+0xb4/0x1a4
This issue is found when running with realtek ethernet device
(0bda:8153).
Signed-off-by: Jim Lin <jilin@nvidia.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-hub.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -276,6 +276,9 @@ static int xhci_stop_device(struct xhci_
ret = 0;
virt_dev = xhci->devs[slot_id];
+ if (!virt_dev)
+ return -ENODEV;
+
cmd = xhci_alloc_command(xhci, false, true, GFP_NOIO);
if (!cmd) {
xhci_dbg(xhci, "Couldn't allocate command structure.\n");
next prev parent reply other threads:[~2016-09-05 17:49 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20160905164355uscas1p23be7d550cc36b000adafac040c654cce@uscas1p2.samsung.com>
2016-09-05 16:43 ` [PATCH 3.14 00/35] 3.14.78-stable review Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 01/35] x86/mm: Disable preemption during CR3 read+write Greg Kroah-Hartman
2016-09-05 16:43 ` Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 02/35] arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO Greg Kroah-Hartman
2016-09-05 16:43 ` Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 03/35] parisc: Fix order of EREFUSED define in errno.h Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 04/35] PCI: Support PCIe devices with short cfg_size Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 05/35] PCI: Add Netronome vendor and device IDs Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 06/35] PCI: Limit config space size for Netronome NFP6000 family Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 07/35] PCI: Add Netronome NFP4000 PF device ID Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 08/35] PCI: Limit config space size for Netronome NFP4000 Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 09/35] usb: dwc3: gadget: increment request->actual once Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 10/35] usb: define USB_SPEED_SUPER_PLUS speed for SuperSpeedPlus USB3.1 devices Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 11/35] USB: validate wMaxPacketValue entries in endpoint descriptors Greg Kroah-Hartman
2016-09-05 16:43 ` Greg Kroah-Hartman [this message]
2016-09-05 16:43 ` [PATCH 3.14 13/35] USB: serial: fix memleak in driver-registration error path Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 14/35] USB: serial: option: add D-Link DWM-156/A3 Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 15/35] USB: serial: option: add support for Telit LE920A4 Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 16/35] USB: serial: ftdi_sio: add device ID for WICED USB UART dev board Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 18/35] xhci: Make sure xhci handles USB_SPEED_SUPER_PLUS devices Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 19/35] EDAC: Increment correct counter in edac_inc_ue_error() Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 20/35] s390/dasd: fix hanging device after clear subchannel Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 21/35] mac80211: fix purging multicast PS buffer queue Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 22/35] aacraid: Check size values after double-fetch from user Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 23/35] cdc-acm: fix wrong pipe type on rx interrupt xfers Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 24/35] megaraid_sas: Fix probing cards without io port Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 25/35] gpio: Fix OF build problem on UM Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 26/35] fs/seq_file: fix out-of-bounds read Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 27/35] Input: tegra-kbc - fix inverted reset logic Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 28/35] Input: i8042 - break load dependency between atkbd/psmouse and i8042 Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 29/35] Input: i8042 - set up shared ps2_cmd_mutex for AUX ports Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 30/35] crypto: nx - off by one bug in nx_of_update_msc() Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 31/35] USB: fix typo in wMaxPacketSize validation Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 32/35] USB: serial: mos7720: fix non-atomic allocation in write path Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 33/35] USB: serial: mos7840: " Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 34/35] staging: comedi: daqboard2000: bug fix board type matching code Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 35/35] ACPI / sysfs: fix error code in get_status() Greg Kroah-Hartman
2016-09-06 17:02 ` [PATCH 3.14 00/35] 3.14.78-stable review Guenter Roeck
2016-09-06 18:03 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160905163959.197115806@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jilin@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathias.nyman@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.