From: Mathias Nyman <mathias.nyman@linux.intel.com>
To: Chen Yu <chenyu56@huawei.com>, Greg KH <gregkh@linuxfoundation.org>
Cc: wangbinghui@hisilicon.com, mathias.nyman@intel.com,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
fanning4@hisilicon.com, lirui39@hisilicon.com,
yangdi10@hisilicon.com, groeck@google.com,
john.stultz@linaro.org
Subject: Re: [PATCH v2] usb:xhci fix panic in xhci_free_virt_devices_depth_first
Date: Mon, 6 Nov 2017 16:00:10 +0200 [thread overview]
Message-ID: <5A006AEA.7050907@linux.intel.com> (raw)
In-Reply-To: <ffd36f31-dbfc-1467-0ae5-e780972ce26e@huawei.com>
On 06.11.2017 14:36, Chen Yu wrote:
>
>
> On 2017/11/6 19:32, Greg KH wrote:
>>> A simple process is as below:
>>> xhci_plat_probe()
>>> |
>>> usb_add_hcd() xhci_plat_remove()
>>> | |
>>> find some device usb_remove_hcd()
>>> | |
>>> hub_port_connect() -> usb_alloc_dev() usb_disconnect()
>>> | |
>>> before hub_enable_device() xhci_stop()
>>> |
>>> xhci_mem_cleanup()
>>> |
>>> xhci_free_virt_devices_depth_first()
>>> |
>>> real_port is 0 access xhci->rh_bw[vdev->real_port-1]
>>>
>>> The problem came from https://bugs.96boards.org/show_bug.cgi?id=535
>>> Also look at crbug.com/700041
>>
>> Then the bug needs to be fixed, throwing a huge kernel trace message
>> into the kernel log is not "fixing" the problem at all, right?
>>
>> thanks,
>>
>> greg k-h
>>
>> .
>>
>
> You are right, the way that xhci_plat_remove() to be called needs to be fixed.
> But there is still possibility for this crash.
> What do you think if just add an "xhci_warn" instead of "WARN_ON"?
> + if (!vdev->real_port) {
> + xhci_warn(xhci, "Bad vdev->real_port\n");
> + goto out;
> + }
> +
>
This patch solves the issue, just drop all the error messages.
vdev->real_port is not set until the the device enable/address
stage, and we know it won't have any children yet then, so no need to
worry about a child having tt pointers to this device.
The "goto out" to xhci_free_virt_device() you do is fine here.
xhci_plat_remove() is the .remove callback for the xhci platform driver.
It might get called before a device is properly enabled/addressed.
Not really a error. A unlikely but possible situation.
xhci_free_tt_info() already has a similar check
Thanks
-Mathias
next prev parent reply other threads:[~2017-11-06 13:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-06 8:20 [PATCH v2] usb:xhci fix panic in xhci_free_virt_devices_depth_first Yu Chen
2017-11-06 8:31 ` Greg KH
2017-11-06 10:03 ` Chen Yu
2017-11-06 11:32 ` Greg KH
2017-11-06 12:36 ` Chen Yu
2017-11-06 14:00 ` Mathias Nyman [this message]
2017-11-06 14:00 ` Guenter Roeck
2017-11-07 1:55 ` Chen Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5A006AEA.7050907@linux.intel.com \
--to=mathias.nyman@linux.intel.com \
--cc=chenyu56@huawei.com \
--cc=fanning4@hisilicon.com \
--cc=gregkh@linuxfoundation.org \
--cc=groeck@google.com \
--cc=john.stultz@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=lirui39@hisilicon.com \
--cc=mathias.nyman@intel.com \
--cc=wangbinghui@hisilicon.com \
--cc=yangdi10@hisilicon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox