From: Felipe Balbi <balbi@kernel.org>
To: "He\, Bo" <bo.he@intel.com>,
"linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-usb\@vger.kernel.org" <linux-usb@vger.kernel.org>
Cc: "gregkh\@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"peter.chen\@nxp.com" <peter.chen@nxp.com>,
"k.opasiak\@samsung.com" <k.opasiak@samsung.com>,
"stefan\@agner.ch" <stefan@agner.ch>,
"felixhaedicke\@web.de" <felixhaedicke@web.de>,
"colin.king\@canonical.com" <colin.king@canonical.com>,
"rogerq\@ti.com" <rogerq@ti.com>,
"f.fainelli\@gmail.com" <f.fainelli@gmail.com>, "Zhang\,
Yanmin" <yanmin.zhang@intel.com>
Subject: RE: [PATCH] usb: gadget: udc: fix the kernel NULL pointer in composite_setup
Date: Wed, 19 Jul 2017 10:50:58 +0300 [thread overview]
Message-ID: <87eftc6f19.fsf@linux.intel.com> (raw)
In-Reply-To: <CD6925E8781EFD4D8E11882D20FC406D5280D109@SHSMSX104.ccr.corp.intel.com>
[-- Attachment #1: Type: text/plain, Size: 1969 bytes --]
Hi,
(please don't top-post and also break your lines at 80-columns ;-)
"He, Bo" <bo.he@intel.com> writes:
> 1. the issue reproduced very rarely, we run reboot test
> reproduce the issue, it reproduced two times on two board after
> more than 1500 cycles reboot.
That's fine, we, somehow, got a use-after-free on the tracepoints. I'm
interested in fixing that without touching udc-core since that's a
dwc3-only bug.
> 2. the kernel version is 4.4, the test case is cold reboot, I think it's not android patches cause it, it's the interrupt thread run after the udc->driver->unbind.
Yeah, I need you to try v4.13-rc1. v4.4 is *really* old. I can't accept
your patch unless I'm certain the bug still exists.
> 3. I check more drivers, like amd5536_udc_stop, at91_stop,
> atmel_usba_stop, bcm63xx_udc_stop, s3c_hsudc_stop, all the
> interrupt disable will be in the udc_stop(), so we need
> guarantee to stop the interrupt then release the resource.
Right, we also disable the interrupt on ->udc_stop(). See below:
static void __dwc3_gadget_stop(struct dwc3 *dwc)
{
dwc3_gadget_disable_irq(dwc);
__dwc3_gadget_ep_disable(dwc->eps[0]);
__dwc3_gadget_ep_disable(dwc->eps[1]);
}
static int dwc3_gadget_stop(struct usb_gadget *g)
{
struct dwc3 *dwc = gadget_to_dwc(g);
unsigned long flags;
int epnum;
spin_lock_irqsave(&dwc->lock, flags);
if (pm_runtime_suspended(dwc->dev))
goto out;
__dwc3_gadget_stop(dwc);
for (epnum = 2; epnum < DWC3_ENDPOINTS_NUM; epnum++) {
struct dwc3_ep *dep = dwc->eps[epnum];
if (!dep)
continue;
if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING))
continue;
wait_event_lock_irq(dep->wait_end_transfer,
!(dep->flags & DWC3_EP_END_TRANSFER_PENDING),
dwc->lock);
}
out:
dwc->gadget_driver = NULL;
spin_unlock_irqrestore(&dwc->lock, flags);
free_irq(dwc->irq_gadget, dwc->ev_buf);
return 0;
}
--
balbi
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2017-07-19 7:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-18 9:19 [PATCH] usb: gadget: udc: fix the kernel NULL pointer in composite_setup He, Bo
2017-07-18 10:44 ` Felipe Balbi
2017-07-19 5:16 ` He, Bo
2017-07-19 7:50 ` Felipe Balbi [this message]
2017-07-19 8:13 ` He, Bo
2017-07-19 9:50 ` Felipe Balbi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87eftc6f19.fsf@linux.intel.com \
--to=balbi@kernel.org \
--cc=bo.he@intel.com \
--cc=colin.king@canonical.com \
--cc=f.fainelli@gmail.com \
--cc=felixhaedicke@web.de \
--cc=gregkh@linuxfoundation.org \
--cc=k.opasiak@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=peter.chen@nxp.com \
--cc=rogerq@ti.com \
--cc=stefan@agner.ch \
--cc=yanmin.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.