From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jim Lin <jilin@nvidia.com>,
Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH 3.14 12/35] usb: xhci: Fix panic if disconnect
Date: Mon, 5 Sep 2016 18:43:13 +0200 [thread overview]
Message-ID: <20160905163959.197115806@linuxfoundation.org> (raw)
In-Reply-To: <20160905163958.687259537@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jim Lin <jilin@nvidia.com>
commit 88716a93766b8f095cdef37a8e8f2c93aa233b21 upstream.
After a device is disconnected, xhci_stop_device() will be invoked
in xhci_bus_suspend().
Also the "disconnect" IRQ will have ISR to invoke
xhci_free_virt_device() in this sequence.
xhci_irq -> xhci_handle_event -> handle_cmd_completion ->
xhci_handle_cmd_disable_slot -> xhci_free_virt_device
If xhci->devs[slot_id] has been assigned to NULL in
xhci_free_virt_device(), then virt_dev->eps[i].ring in
xhci_stop_device() may point to an invlid address to cause kernel
panic.
virt_dev = xhci->devs[slot_id];
:
if (virt_dev->eps[i].ring && virt_dev->eps[i].ring->dequeue)
[] Unable to handle kernel paging request at virtual address 00001a68
[] pgd=ffffffc001430000
[] [00001a68] *pgd=000000013c807003, *pud=000000013c807003,
*pmd=000000013c808003, *pte=0000000000000000
[] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[] CPU: 0 PID: 39 Comm: kworker/0:1 Tainted: G U
[] Workqueue: pm pm_runtime_work
[] task: ffffffc0bc0e0bc0 ti: ffffffc0bc0ec000 task.ti:
ffffffc0bc0ec000
[] PC is at xhci_stop_device.constprop.11+0xb4/0x1a4
This issue is found when running with realtek ethernet device
(0bda:8153).
Signed-off-by: Jim Lin <jilin@nvidia.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-hub.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -276,6 +276,9 @@ static int xhci_stop_device(struct xhci_
ret = 0;
virt_dev = xhci->devs[slot_id];
+ if (!virt_dev)
+ return -ENODEV;
+
cmd = xhci_alloc_command(xhci, false, true, GFP_NOIO);
if (!cmd) {
xhci_dbg(xhci, "Couldn't allocate command structure.\n");
next prev parent reply other threads:[~2016-09-05 16:43 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20160905164355uscas1p23be7d550cc36b000adafac040c654cce@uscas1p2.samsung.com>
2016-09-05 16:43 ` [PATCH 3.14 00/35] 3.14.78-stable review Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 01/35] x86/mm: Disable preemption during CR3 read+write Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 02/35] arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 03/35] parisc: Fix order of EREFUSED define in errno.h Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 04/35] PCI: Support PCIe devices with short cfg_size Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 05/35] PCI: Add Netronome vendor and device IDs Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 06/35] PCI: Limit config space size for Netronome NFP6000 family Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 07/35] PCI: Add Netronome NFP4000 PF device ID Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 08/35] PCI: Limit config space size for Netronome NFP4000 Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 09/35] usb: dwc3: gadget: increment request->actual once Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 10/35] usb: define USB_SPEED_SUPER_PLUS speed for SuperSpeedPlus USB3.1 devices Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 11/35] USB: validate wMaxPacketValue entries in endpoint descriptors Greg Kroah-Hartman
2016-09-05 16:43 ` Greg Kroah-Hartman [this message]
2016-09-05 16:43 ` [PATCH 3.14 13/35] USB: serial: fix memleak in driver-registration error path Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 14/35] USB: serial: option: add D-Link DWM-156/A3 Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 15/35] USB: serial: option: add support for Telit LE920A4 Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 16/35] USB: serial: ftdi_sio: add device ID for WICED USB UART dev board Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 18/35] xhci: Make sure xhci handles USB_SPEED_SUPER_PLUS devices Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 19/35] EDAC: Increment correct counter in edac_inc_ue_error() Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 20/35] s390/dasd: fix hanging device after clear subchannel Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 21/35] mac80211: fix purging multicast PS buffer queue Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 22/35] aacraid: Check size values after double-fetch from user Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 23/35] cdc-acm: fix wrong pipe type on rx interrupt xfers Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 24/35] megaraid_sas: Fix probing cards without io port Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 25/35] gpio: Fix OF build problem on UM Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 26/35] fs/seq_file: fix out-of-bounds read Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 27/35] Input: tegra-kbc - fix inverted reset logic Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 28/35] Input: i8042 - break load dependency between atkbd/psmouse and i8042 Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 29/35] Input: i8042 - set up shared ps2_cmd_mutex for AUX ports Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 30/35] crypto: nx - off by one bug in nx_of_update_msc() Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 31/35] USB: fix typo in wMaxPacketSize validation Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 32/35] USB: serial: mos7720: fix non-atomic allocation in write path Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 33/35] USB: serial: mos7840: " Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 34/35] staging: comedi: daqboard2000: bug fix board type matching code Greg Kroah-Hartman
2016-09-05 16:43 ` [PATCH 3.14 35/35] ACPI / sysfs: fix error code in get_status() Greg Kroah-Hartman
2016-09-06 17:02 ` [PATCH 3.14 00/35] 3.14.78-stable review Guenter Roeck
2016-09-06 18:03 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160905163959.197115806@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jilin@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathias.nyman@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).