On Tue, May 14, 2019 at 10:58:05PM +0800, Jia-Ju Bai wrote:
> xhci_pci_setup() is assigned to hc_driver.reset;
> xhci_run() is assigned to hc_driver.start();
> xhci_stop() is assigned to hc_driver.stop().
>
> xhci_pci_setup() calls xhci_gen_setup, which calls xhci_init(). And
> xhci_init() calls xhci_mem_init() to allocate resources.
>
> xhci_stop() calls xhci_mem_cleanup(), to release the resources allocated in
> xhci_mem_init() (also namely xhci_pci_setup()).
>
> xhci_run() can fail, because xhci_try_enable_msi() or xhci_alloc_command()
> in this function can fail.
>
> In drivers/usb/core/hcd.c:
> retval = hcd->driver->reset(hcd);
> if (retval < 0) {
> ......
> goto err_hcd_driver_setup;
> }
> ......
> retval = hcd->driver->start(hcd);
> if (retval < 0) {
> ......
> goto err_hcd_driver_start;
> }
> .......
> hcd->driver->stop(hcd);
> hcd->state = HC_STATE_HALT;
> clear_bit(HCD_FLAG_POLL_RH, &hcd->flags);
> del_timer_sync(&hcd->rh_timer);
> err_hcd_driver_start:
> if (usb_hcd_is_primary_hcd(hcd) && hcd->irq > 0)
> free_irq(irqnum, hcd);
> err_request_irq:
> err_hcd_driver_setup:
> err_set_rh_speed:
> usb_put_invalidate_rhdev(hcd);
> err_allocate_root_hub:
> usb_deregister_bus(&hcd->self);
> err_register_bus:
> hcd_buffer_destroy(hcd);
> err_create_buf:
> usb_phy_roothub_power_off(hcd->phy_roothub);
> err_usb_phy_roothub_power_on:
> usb_phy_roothub_exit(hcd->phy_roothub);
>
> Thus, when hcd->driver->reset() succeeds and hcd->driver->start() fails,
> hcd->driver->stop() is not called.
>
> Namely, when xhci_pci_setup() successfully allocates resources, and
> xhci_run() fails, xhci_stop() is not called to release the resources.
> For this reason, resource leaks occur in this case.
>
> I check the code of the ehci driver, uhci driver and ohci driver, and find
> that they do not have such problem, because:
> In the ehci driver, ehci_run() (namely hcd->driver->start()) never fails.
> In the uhci driver, all the resources are allocated in uhci_start (namely
> hcd->driver->start()), and no resources are allocated in uhci_pci_init()
> (namely hcd->driver->reset()).
> In the ohci driver, ohci_setup() (namely hcd->driver->reset()) also
> allocates resources. But when ohci_start() (namely hcd->driver->start()) is
> going to fail, ohci_stop() is directly called to release the resources
> allocated by ohci_setup().
>
> Thus, there are two possible ways of fixing bugs:
> 1) Call xhci_stop() when xhci_run() is going to fail (like the ohci driver)
> 2) Move all resource-allocation operations into xhci_run() (like the uhci
> driver).
>
> I am not sure whether these ways are correct, so I only report bugs.
Can you create a patch to show how you would fix this potential issue?
Given that making this type of thing fail is pretty rare, it's not a
real high priority to get to, so it might be a while for anyone here to
look at it.
thanks,
greg k-h
