On Sat, Sep 10, 2016 at 12:53:21PM +0000, Stefan Wahren wrote:
> After commit b09b5224fe86 ("usb: chipidea: implement platform shutdown
> callback") and commit 43a404577a93 ("usb: chipidea: host: set host to
> be null after hcd is freed") a NULL pointer dereference is caused
> on i.MX23 during shutdown. So ensure that role is set to CI_ROLE_END and
> we finish interrupt handling before the hcd is deallocated. This avoids
> the NULL pointer dereference.
>
> Suggested-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Stefan Wahren <stefan.wahren@xxxxxxxx>
> Fixes: b09b5224fe86 ("usb: chipidea: implement platform shutdown callback")
> ---
> drivers/usb/chipidea/host.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c
> index 053bac9..887be34 100644
> --- a/drivers/usb/chipidea/host.c
> +++ b/drivers/usb/chipidea/host.c
> @@ -185,6 +185,8 @@ static void host_stop(struct ci_hdrc *ci)
>
> if (hcd) {
> usb_remove_hcd(hcd);
> + ci->role = CI_ROLE_END;
> + synchronize_irq(ci->irq);
> usb_put_hcd(hcd);
> if (ci->platdata->reg_vbus && !ci_otg_is_fsm_mode(ci) &&
> (ci->platdata->flags & CI_HDRC_TURN_VBUS_EARLY_ON))
> --
Thanks.
I will queue it. Since it affects not only reboot/shutdown, but also for
role switch and module load/unload. It needs several weeks to test, it
may be too late for v4.8, I will send it as bug-fix for v4.9 if test
results are ok.
--
Best Regards,
Peter Chen
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
