From: Matthias Kaehlcke <mka@chromium.org>
To: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: hkallweit1@gmail.com, gregkh@linuxfoundation.org,
stern@rowland.harvard.edu, linux-usb@vger.kernel.org,
quic_jackp@quicinc.com, tunguyen@apm.com,
linux-amlogic@lists.infradead.org
Subject: Re: [RFT PATCH] xhci: Fix null pointer dereference in resume if xhci has only one roothub
Date: Thu, 9 Jun 2022 08:41:36 -0700 [thread overview]
Message-ID: <YqIUsP437G8g75YS@google.com> (raw)
In-Reply-To: <20220609120336.831533-1-mathias.nyman@linux.intel.com>
On Thu, Jun 09, 2022 at 03:03:36PM +0300, Mathias Nyman wrote:
> In the re-init path xhci_resume() passes 'hcd->primary_hcd' to hci_init(),
> however this field isn't initialized by __usb_create_hcd() for a HCD
> without secondary controller.
>
> xhci_resume() is called once per xHC device, not per hcd, so the extra
> checking for primary hcd can be removed.
>
> Fixes: e0fe986972f5 ("usb: host: xhci-plat: prepare operation w/o shared hcd")
> Reported-by: Matthias Kaehlcke <mka@chromium.org>
> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
> ---
> drivers/usb/host/xhci.c | 15 +++++----------
> 1 file changed, 5 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
> index f0ab63138016..9ac56e9ffc64 100644
> --- a/drivers/usb/host/xhci.c
> +++ b/drivers/usb/host/xhci.c
> @@ -1107,7 +1107,6 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
> {
> u32 command, temp = 0;
> struct usb_hcd *hcd = xhci_to_hcd(xhci);
> - struct usb_hcd *secondary_hcd;
> int retval = 0;
> bool comp_timer_running = false;
> bool pending_portevent = false;
> @@ -1214,23 +1213,19 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
> * first with the primary HCD, and then with the secondary HCD.
> * If we don't do the same, the host will never be started.
> */
> - if (!usb_hcd_is_primary_hcd(hcd))
> - secondary_hcd = hcd;
> - else
> - secondary_hcd = xhci->shared_hcd;
> -
> xhci_dbg(xhci, "Initialize the xhci_hcd\n");
> - retval = xhci_init(hcd->primary_hcd);
> + retval = xhci_init(hcd);
> if (retval)
> return retval;
> comp_timer_running = true;
>
> xhci_dbg(xhci, "Start the primary HCD\n");
Is the log still correct? IIUC this now isn't necessarily the primary HCD.
> - retval = xhci_run(hcd->primary_hcd);
> - if (!retval && secondary_hcd) {
> + retval = xhci_run(hcd);
> + if (!retval && xhci->shared_hcd) {
> xhci_dbg(xhci, "Start the secondary HCD\n");
ditto
> - retval = xhci_run(secondary_hcd);
> + retval = xhci_run(xhci->shared_hcd);
> }
> +
> hcd->state = HC_STATE_SUSPENDED;
> if (xhci->shared_hcd)
> xhci->shared_hcd->state = HC_STATE_SUSPENDED;
Tested-by: Matthias Kaehlcke <mka@chromium.org>
_______________________________________________
linux-amlogic mailing list
linux-amlogic@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-amlogic
WARNING: multiple messages have this Message-ID (diff)
From: Matthias Kaehlcke <mka@chromium.org>
To: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: hkallweit1@gmail.com, gregkh@linuxfoundation.org,
stern@rowland.harvard.edu, linux-usb@vger.kernel.org,
quic_jackp@quicinc.com, tunguyen@apm.com,
linux-amlogic@lists.infradead.org
Subject: Re: [RFT PATCH] xhci: Fix null pointer dereference in resume if xhci has only one roothub
Date: Thu, 9 Jun 2022 08:41:36 -0700 [thread overview]
Message-ID: <YqIUsP437G8g75YS@google.com> (raw)
In-Reply-To: <20220609120336.831533-1-mathias.nyman@linux.intel.com>
On Thu, Jun 09, 2022 at 03:03:36PM +0300, Mathias Nyman wrote:
> In the re-init path xhci_resume() passes 'hcd->primary_hcd' to hci_init(),
> however this field isn't initialized by __usb_create_hcd() for a HCD
> without secondary controller.
>
> xhci_resume() is called once per xHC device, not per hcd, so the extra
> checking for primary hcd can be removed.
>
> Fixes: e0fe986972f5 ("usb: host: xhci-plat: prepare operation w/o shared hcd")
> Reported-by: Matthias Kaehlcke <mka@chromium.org>
> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
> ---
> drivers/usb/host/xhci.c | 15 +++++----------
> 1 file changed, 5 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
> index f0ab63138016..9ac56e9ffc64 100644
> --- a/drivers/usb/host/xhci.c
> +++ b/drivers/usb/host/xhci.c
> @@ -1107,7 +1107,6 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
> {
> u32 command, temp = 0;
> struct usb_hcd *hcd = xhci_to_hcd(xhci);
> - struct usb_hcd *secondary_hcd;
> int retval = 0;
> bool comp_timer_running = false;
> bool pending_portevent = false;
> @@ -1214,23 +1213,19 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
> * first with the primary HCD, and then with the secondary HCD.
> * If we don't do the same, the host will never be started.
> */
> - if (!usb_hcd_is_primary_hcd(hcd))
> - secondary_hcd = hcd;
> - else
> - secondary_hcd = xhci->shared_hcd;
> -
> xhci_dbg(xhci, "Initialize the xhci_hcd\n");
> - retval = xhci_init(hcd->primary_hcd);
> + retval = xhci_init(hcd);
> if (retval)
> return retval;
> comp_timer_running = true;
>
> xhci_dbg(xhci, "Start the primary HCD\n");
Is the log still correct? IIUC this now isn't necessarily the primary HCD.
> - retval = xhci_run(hcd->primary_hcd);
> - if (!retval && secondary_hcd) {
> + retval = xhci_run(hcd);
> + if (!retval && xhci->shared_hcd) {
> xhci_dbg(xhci, "Start the secondary HCD\n");
ditto
> - retval = xhci_run(secondary_hcd);
> + retval = xhci_run(xhci->shared_hcd);
> }
> +
> hcd->state = HC_STATE_SUSPENDED;
> if (xhci->shared_hcd)
> xhci->shared_hcd->state = HC_STATE_SUSPENDED;
Tested-by: Matthias Kaehlcke <mka@chromium.org>
next prev parent reply other threads:[~2022-06-09 15:41 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-16 22:08 [PATCH v2 0/5] usb: host: xhci-plat: omit shared hcd if either of the root hubs has no ports Heiner Kallweit
2022-03-16 22:08 ` Heiner Kallweit
2022-03-16 22:09 ` [PATCH v2 1/5] xhci: factor out parts of xhci_gen_setup() Heiner Kallweit
2022-03-16 22:09 ` Heiner Kallweit
2022-03-16 22:09 ` [PATCH v2 2/5] xhci: prepare for operation w/o shared hcd Heiner Kallweit
2022-03-16 22:09 ` Heiner Kallweit
2022-03-16 22:10 ` [PATCH v2 3/5] usb: host: xhci-plat: create shared hcd after having added main hcd Heiner Kallweit
2022-03-16 22:10 ` Heiner Kallweit
2022-03-16 22:11 ` [PATCH v2 4/5] usb: host: xhci-plat: prepare operation w/o shared hcd Heiner Kallweit
2022-03-16 22:11 ` Heiner Kallweit
2022-06-08 20:55 ` Matthias Kaehlcke
2022-06-08 20:55 ` Matthias Kaehlcke
2022-06-09 11:38 ` Mathias Nyman
2022-06-09 11:38 ` Mathias Nyman
2022-06-09 12:03 ` [RFT PATCH] xhci: Fix null pointer dereference in resume if xhci has only one roothub Mathias Nyman
2022-06-09 12:03 ` Mathias Nyman
2022-06-09 15:41 ` Matthias Kaehlcke [this message]
2022-06-09 15:41 ` Matthias Kaehlcke
2022-06-10 8:17 ` Mathias Nyman
2022-06-10 8:17 ` Mathias Nyman
2022-06-09 15:10 ` [PATCH v2 4/5] usb: host: xhci-plat: prepare operation w/o shared hcd Matthias Kaehlcke
2022-06-09 15:10 ` Matthias Kaehlcke
2022-03-16 22:12 ` [PATCH v2 5/5] usb: host: xhci-plat: omit shared hcd if either root hub has no ports Heiner Kallweit
2022-03-16 22:12 ` Heiner Kallweit
2022-03-24 9:23 ` [PATCH v2 0/5] usb: host: xhci-plat: omit shared hcd if either of the root hubs " Mathias Nyman
2022-03-24 9:23 ` Mathias Nyman
2022-03-24 19:38 ` Heiner Kallweit
2022-03-24 19:38 ` Heiner Kallweit
2022-03-24 20:46 ` Mathias Nyman
2022-03-24 20:46 ` Mathias Nyman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YqIUsP437G8g75YS@google.com \
--to=mka@chromium.org \
--cc=gregkh@linuxfoundation.org \
--cc=hkallweit1@gmail.com \
--cc=linux-amlogic@lists.infradead.org \
--cc=linux-usb@vger.kernel.org \
--cc=mathias.nyman@linux.intel.com \
--cc=quic_jackp@quicinc.com \
--cc=stern@rowland.harvard.edu \
--cc=tunguyen@apm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.