projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ff9ca26)
MLK-22366-3 usb: cdns3: gadget: set request as NULL when it is freed
authorPeter Chen <peter.chen@nxp.com>
Thu, 1 Aug 2019 02:36:54 +0000 (10:36 +0800)
committerPeter Chen <peter.chen@nxp.com>
Fri, 30 Aug 2019 08:17:18 +0000 (16:17 +0800)
Meanwhile, the pending_setup_status work item needs to be flushed after
EP0 is dequeued. It fixed below oops:

[  292.766596] android_work: sent uevent USB_STATE=DISCONNECTED
[  292.769602] ------------[ cut here ]------------
[  292.769631] WARNING: CPU: 3 PID: 88 at /home/b29397/work/projects/linux-imx/drivers/usb/gadget/composite.c:1383 com
posite_setup_complete+0xc8/0xd0
[  292.769639] Modules linked in:
[  292.790493] audit: audit_lost=5519 audit_rate_limit=5 audit_backlog_limit=64
[  292.796604] audit: rate limit exceeded
[  292.803165] CPU: 3 PID: 88 Comm: kworker/3:1 Not tainted 4.14.98-07842-g3848d2f45363-dirty #51
[  292.803168] Hardware name: Freescale i.MX8QXP MEK (DT)
[  292.803183] Workqueue: events_freezable cdns3_pending_setup_status_handler
[  292.803188] task: ffff80083ac68e80 task.stack: ffff00000ada8000
[  292.803195] PC is at composite_setup_complete+0xc8/0xd0
[  292.803200] LR is at composite_setup_complete+0xc8/0xd0
[  292.803204] pc : [<ffff000008aa17c8>] lr : [<ffff000008aa17c8>] pstate: 000001c5
[  292.803206] sp : ffff00000adabd70
[  292.803208] x29: ffff00000adabd70 x28: 0000000000000000
[  292.803215] x27: ffff80083abf8c38 x26: ffff000009619518
[  292.803227] x25: 0000000000000000 x24: ffff00000a150cf8
[  292.870582] x23: 0000000000000000 x22: ffff80083ff6c100
[  292.875901] x21: 0000000000000140 x20: ffff800836342718
[  292.881216] x19: ffff8000706e5900 x18: 0000000000000010
[  292.886533] x17: 0000eb3821d31268 x16: ffff000008313fc8
[  292.891850] x15: ffffffffffffffff x14: ffff00000a12e008
[  292.897166] x13: ffff00008a4319d7 x12: ffff00000a4319df
[  292.902483] x11: ffff00000a157000 x10: ffff00000adaba90
[  292.907801] x9 : 00000000ffffffd0 x8 : ffff000008729658
[  292.913116] x7 : 75716572206e776f x6 : 0000000000000006
[  292.918433] x5 : 0000000000000000 x4 : 0000000000000000
[  292.923749] x3 : 0000000000000000 x2 : 13710ac2b6ac9b00
[  292.929067] x1 : 0000000000000000 x0 : 0000000000000020
[  292.934397]
[  292.934397] X19: 0xffff8000706e5880:
[  292.939448] 5880  00004ef4 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  292.947651] 58a0  00000000 00000000 00004ef5 00000000 00000000 00000000 00000000 00000000
[  292.955860] 58c0  00000000 00000000 00000000 00000000 00000000 00000000 71f24600 ffff8000
[  292.964070] 58e0  00000300 00000001 706e58e0 ffff8000 395101c0 ffff8008 00000000 00000000
[  292.972280] 5900  706e5000 ffff8000 00000000 00000000 f47ff000 00000000 00000000 00000000
[  292.980487] 5920  00000000 00000000 00000000 00000000 08aa1700 ffff0000 3bb36428 ffff8008
[  292.988697] 5940  706e5940 ffff8000 706e5940 ffff8000 00000000 00000000 36342718 ffff8008
[  292.996907] 5960  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.005121]
[  293.005121] X20: 0xffff800836342698:
[  293.010181] 2698  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.014718] using random self ethernet address
[  293.018391] 26b8  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.018413] 26d8  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.018435] 26f8  00000000 00000000 36342900 ffff8008 3ac7c880 ffff8008 087e56b0 ffff0000
[  293.018458] 2718  3bb36428 ffff8008 363427a8 ffff8008 092cbfa0
[  293.030136] using random host ethernet address
[  293.031092]  ffff0000 00000000 00000000
[  293.031101] 2738  00000000 00000000 00000031 02000000 00000200 00000004 0a286238 ffff0000
[  293.031136] 2758  00000000 00000000 36342760 ffff8008 36342760 ffff8008 36342770 ffff8008
[  293.077978] 2778  36342770 ffff8008 36342780 ffff8008 36342780 ffff8008 0ae25000 ffff0000
[  293.086193]
[  293.086193] X22: 0xffff80083ff6c080:
[  293.091253] c080  3ff6c080 ffff8008 3ff6c080 ffff8008 ffffffe0 0000000f 3ff6c098 ffff8008
[  293.099463] c0a0  3ff6c098 ffff8008 080fb2b0 ffff0000 00000000 00000000 00000000 00000000
[  293.107672] c0c0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.115882] c0e0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.124083] c100  3ff68000 ffff8008 3a00ce00 ffff8008 00000000 ffffffff 00000002 00000001
[  293.132293] c120  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.140494] c140  00000000 00000000 00000000 00000000 00000000 00000000 00000001 00000100
[  293.148695] c160  3ff6c160 ffff8008 3ff6c160 ffff8008 3ff53170 ffff8008 3a00ce00 ffff8008
[  293.156903]
[  293.156903] X27: 0xffff80083abf8bb8:
[  293.161961] 8bb8  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.170162] 8bd8  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.178371] 8bf8  00000000 00000000 00000000 00000000 643a725f 5f706368 3aafd100 ffff8008
[  293.186583] 8c18  00000000 73706d75 00000000 74706f5f 3abf8c28 ffff8008 3abf8c28 ffff8008
[  293.194791] 8c38  00000000 dead0000 00000000 ffff8008 3abf8c48 ffff8008 3abf8c48 ffff8008
[  293.203001] 8c58  00000050 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  293.211210] 8c78  00000000 00000000 00000001 ffff8008 3607ac00 ffff8008 00000002 00000000
[  293.219420] 8c98  3abf8c98 ffff8008 00000000 00000000 00000000 00000000 3ad74fb0 ffff8008
[  293.227625]
[  293.229119] Call trace:
[  293.231573] Exception stack(0xffff00000adabc30 to 0xffff00000adabd70)
[  293.238027] bc20:                                   0000000000000020 0000000000000000
[  293.245865] bc40: 13710ac2b6ac9b00 0000000000000000 0000000000000000 0000000000000000
[  293.253707] bc60: 0000000000000006 75716572206e776f ffff000008729658 00000000ffffffd0
[  293.261543] bc80: ffff00000adaba90 ffff00000a157000 ffff00000a4319df ffff00008a4319d7
[  293.269379] bca0: ffff00000a12e008 ffffffffffffffff ffff000008313fc8 0000eb3821d31268
[  293.277217] bcc0: 0000000000000010 ffff8000706e5900 ffff800836342718 0000000000000140
[  293.285051] bce0: ffff80083ff6c100 0000000000000000 ffff00000a150cf8 0000000000000000
[  293.292887] bd00: ffff000009619518 ffff80083abf8c38 0000000000000000 ffff00000adabd70
[  293.300723] bd20: ffff000008aa17c8 ffff00000adabd70 ffff000008aa17c8 00000000000001c5
[  293.308562] bd40: ffff000008aa1700 0000000000000000 ffffffffffffffff ffff800838000058
[  293.316406] bd60: ffff00000adabd70 ffff000008aa17c8
[  293.321303] [<ffff000008aa17c8>] composite_setup_complete+0xc8/0xd0
[  293.327584] [<ffff000008a56040>] cdns3_pending_setup_status_handler+0x70/0x98
[  293.334729] [<ffff0000080fe1e0>] process_one_work+0x1d8/0x470
[  293.340476] [<ffff0000080fe4c4>] worker_thread+0x4c/0x458
[  293.345885] [<ffff0000081052ec>] kthread+0x134/0x138
[  293.350862] [<ffff00000808525c>] ret_from_fork+0x10/0x1c
[  293.356175] ---[ end trace 9b2dcf754a0dbda5 ]---
[  293.392462] init: Service 'adbd' (pid 4743) received signal 9
[  293.399231] init: Sending signal 9 to service 'adbd' (pid 4743) process group...
[  293.412539] libprocessgroup: Successfully killed process cgroup uid 0 pid 4743 in 4ms
[  295.781315] init: Received control message 'start' for 'adbd' from pid: 3253 (system_server)
[  295.790279] init: starting service 'adbd'...
[  295.798116] init: Created socket '/dev/socket/adbd', mode 660, user 1000, group 1000

Reviewed-by: Jun Li <jun.li@nxp.com>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
drivers/usb/cdns3/gadget.c patch | blob | history

diff --git a/drivers/usb/cdns3/gadget.c b/drivers/usb/cdns3/gadget.c
index 733c8e3..4a3cb26 100644 (file)
--- a/drivers/usb/cdns3/gadget.c
+++ b/drivers/usb/cdns3/gadget.c
@@ -1419,6 +1419,7 @@ void cdns3_gadget_ep_free_request(struct usb_ep *ep,
                priv_req->aligned_buf->in_use = 0;
 
        trace_cdns3_free_request(priv_req);
+       request = NULL;
        kfree(priv_req);
 }
 
@@ -1573,11 +1574,10 @@ static int cdns3_gadget_ep_disable(struct usb_ep *ep)
 
        while (!list_empty(&priv_ep->descmiss_req_list)) {
                priv_req = cdns3_next_priv_request(&priv_ep->descmiss_req_list);
-
                kfree(priv_req->request.buf);
+               list_del_init(&priv_req->list);
                cdns3_gadget_ep_free_request(&priv_ep->endpoint,
                                             &priv_req->request);
-               list_del_init(&priv_req->list);
        }
 
        while (!list_empty(&priv_ep->deferred_req_list)) {
@@ -1802,6 +1802,9 @@ found:
 
 not_found:
        spin_unlock_irqrestore(&priv_dev->lock, flags);
+       if (ep == priv_dev->gadget.ep0)
+               flush_work(&priv_dev->pending_status_wq);
+
        return ret;
 }
 
@@ -1986,6 +1989,7 @@ static int cdns3_gadget_udc_stop(struct usb_gadget *gadget)
        spin_lock_irqsave(&priv_dev->lock, flags);
        priv_dev->gadget_driver = NULL;
 
+       priv_dev->status_completion_no_call = 0;
        priv_dev->onchip_mem_allocated_size = 0;
        priv_dev->out_mem_is_allocated = 0;
        priv_dev->gadget.speed = USB_SPEED_UNKNOWN;