From: bugzilla-daemon@kernel.org
To: linux-usb@vger.kernel.org
Subject: [Bug 219532] Crash in RIP: 0010:xhci_handle_stopped_cmd_ring
Date: Sun, 01 Dec 2024 22:06:59 +0000 [thread overview]
Message-ID: <bug-219532-208809-lyTeBQmT3c@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-219532-208809@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=219532
--- Comment #7 from Michał Pecio (michal.pecio@gmail.com) ---
No sensible way to handle it and it should never happen. All we could do is
print an error and return immediately, but in any such case the xHCI driver is
likely already FUBAR anyway.
I *hope* that you are mistaken and your crash was caused by dereferencing
xhci->current_cmd in the next line, due to cur_cmd being NULL. This is not
supposed to happen either, because the check for (xhci->cmd_ring->dequeue !=
xhci->cmd_ring->enqueue) is there exactly to catch cases when no commands are
pending and cur_cmd is expected to be NULL.
But it doesn't work for one in 255 commands, namely when the aborted command
was the last one in its ring segment. Then enqueue points at the subsequent
link TRB, while dequeue is already in the next segment. Until recently, such
command abort would have failed due to a different bug (and caused different
problems), but that other bug has just been fixed and it looks like we may
start seeing those NULL dereferences now.
This patch should keep your system from crashing *if* this is the problem that
you are running into. The driver should print "cur_cmd bug detected, 0 fff" and
continue working normally. (Which means, keep printing more of those "setup
device timed out".)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
next prev parent reply other threads:[~2024-12-01 22:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-26 1:53 [Bug 219532] New: Crash in RIP: 0010:xhci_handle_stopped_cmd_ring bugzilla-daemon
2024-11-26 1:55 ` [Bug 219532] " bugzilla-daemon
2024-11-26 1:56 ` bugzilla-daemon
2024-11-26 2:00 ` bugzilla-daemon
2024-11-26 2:05 ` bugzilla-daemon
2024-11-26 23:09 ` bugzilla-daemon
2024-11-28 0:19 ` bugzilla-daemon
2024-12-01 22:06 ` bugzilla-daemon [this message]
2024-12-01 22:07 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-219532-208809-lyTeBQmT3c@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).