On 03.02.2016 23:55, Greg Kroah-Hartman wrote:
On Wed, Feb 03, 2016 at 12:51:12PM -0500, Joe Lawrence wrote:xhci_find_next_ext_cap doesn't check for PCI hotplug removal and may use the PCI master abort bit pattern (~0) to calculate a new PCI address offset to read/write. The has lead to reproducable crashes when testing surprise removal during device initialization on a Stratus platform, at least after commit d5ddcdf4d672 ("xhci: rework xhci extended capability list parsing functions"). Signed-off-by: Joe Lawrence <joe.lawrence@xxxxxxxxxxx> --- Patch based on Mathias's for-usb-linus tree as it addresses a crashing bug present in the current release candidate. The crash is repeatable on a Stratus platform when injecting hardware faults to induce xHCI host controller hotplug during driver initialization. If a PCI read in xhci_find_next_ext_cap returns the master abort pattern, quirk_usb_handoff_xhci may start using a bogus ext_cap_offset to start searching more bogus PCI addresses. Tested over a few overnights (previously crash occurred on first test pass everytime). drivers/usb/host/xhci-ext-caps.h | 4 ++++ 1 file changed, 4 insertions(+)I need an ack from Mathias before I can take this...
Acked-by: Mathias Nyman <mathias.nyman@xxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
