From: Felipe Balbi <balbi@kernel.org>
To: "He\, Bo" <bo.he@intel.com>,
"linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-usb\@vger.kernel.org" <linux-usb@vger.kernel.org>
Cc: "gregkh\@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"peter.chen\@nxp.com" <peter.chen@nxp.com>,
"k.opasiak\@samsung.com" <k.opasiak@samsung.com>,
"stefan\@agner.ch" <stefan@agner.ch>,
"felixhaedicke\@web.de" <felixhaedicke@web.de>,
"colin.king\@canonical.com" <colin.king@canonical.com>,
"rogerq\@ti.com" <rogerq@ti.com>,
"f.fainelli\@gmail.com" <f.fainelli@gmail.com>, "Zhang\,
Yanmin" <yanmin.zhang@intel.com>
Subject: RE: [PATCH] usb: gadget: udc: fix the kernel NULL pointer in composite_setup
Date: Wed, 19 Jul 2017 10:50:58 +0300 [thread overview]
Message-ID: <87eftc6f19.fsf@linux.intel.com> (raw)
In-Reply-To: <CD6925E8781EFD4D8E11882D20FC406D5280D109@SHSMSX104.ccr.corp.intel.com>
[-- Attachment #1: Type: text/plain, Size: 1969 bytes --]
Hi,
(please don't top-post and also break your lines at 80-columns ;-)
"He, Bo" <bo.he@intel.com> writes:
> 1. the issue reproduced very rarely, we run reboot test
> reproduce the issue, it reproduced two times on two board after
> more than 1500 cycles reboot.
That's fine, we, somehow, got a use-after-free on the tracepoints. I'm
interested in fixing that without touching udc-core since that's a
dwc3-only bug.
> 2. the kernel version is 4.4, the test case is cold reboot, I think it's not android patches cause it, it's the interrupt thread run after the udc->driver->unbind.
Yeah, I need you to try v4.13-rc1. v4.4 is *really* old. I can't accept
your patch unless I'm certain the bug still exists.
> 3. I check more drivers, like amd5536_udc_stop, at91_stop,
> atmel_usba_stop, bcm63xx_udc_stop, s3c_hsudc_stop, all the
> interrupt disable will be in the udc_stop(), so we need
> guarantee to stop the interrupt then release the resource.
Right, we also disable the interrupt on ->udc_stop(). See below:
static void __dwc3_gadget_stop(struct dwc3 *dwc)
{
dwc3_gadget_disable_irq(dwc);
__dwc3_gadget_ep_disable(dwc->eps[0]);
__dwc3_gadget_ep_disable(dwc->eps[1]);
}
static int dwc3_gadget_stop(struct usb_gadget *g)
{
struct dwc3 *dwc = gadget_to_dwc(g);
unsigned long flags;
int epnum;
spin_lock_irqsave(&dwc->lock, flags);
if (pm_runtime_suspended(dwc->dev))
goto out;
__dwc3_gadget_stop(dwc);
for (epnum = 2; epnum < DWC3_ENDPOINTS_NUM; epnum++) {
struct dwc3_ep *dep = dwc->eps[epnum];
if (!dep)
continue;
if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING))
continue;
wait_event_lock_irq(dep->wait_end_transfer,
!(dep->flags & DWC3_EP_END_TRANSFER_PENDING),
dwc->lock);
}
out:
dwc->gadget_driver = NULL;
spin_unlock_irqrestore(&dwc->lock, flags);
free_irq(dwc->irq_gadget, dwc->ev_buf);
return 0;
}
--
balbi
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2017-07-19 7:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-18 9:19 [PATCH] usb: gadget: udc: fix the kernel NULL pointer in composite_setup He, Bo
2017-07-18 10:44 ` Felipe Balbi
2017-07-19 5:16 ` He, Bo
2017-07-19 7:50 ` Felipe Balbi [this message]
2017-07-19 8:13 ` He, Bo
2017-07-19 9:50 ` Felipe Balbi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87eftc6f19.fsf@linux.intel.com \
--to=balbi@kernel.org \
--cc=bo.he@intel.com \
--cc=colin.king@canonical.com \
--cc=f.fainelli@gmail.com \
--cc=felixhaedicke@web.de \
--cc=gregkh@linuxfoundation.org \
--cc=k.opasiak@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=peter.chen@nxp.com \
--cc=rogerq@ti.com \
--cc=stefan@agner.ch \
--cc=yanmin.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox