Hello,
my kernel running on imx6 was crashing on USB gadgetfs because my
kernel was using wait_event API instead of completion (I was convinced
it is due to wrong HW setup).
During research gadgetfs inode.c function ep_io was not clear for me:
we are submiting USB request here
value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
then we are waiting for completion here:
value = wait_for_completion_interruptible(&done);
but if completion is interrupted we end up here:
spin_unlock_irq (&epdata->dev->lock);
DBG (epdata->dev, "endpoint gone\n");
epdata->status = -ENODEV;
At this point ep_io is terminated and stack is not valid. Later on
epio_complete might be called from IRQ and it calls complete ((struct
completion *)req->context) but stack is no longer valid;
Shouldn't we put req->context = NULL; before spin_unlock_irq
(&epdata->dev->lock); ?
req->context = NULL;
spin_unlock_irq (&epdata->dev->lock);
DBG (epdata->dev, "endpoint gone\n");
epdata->status = -ENODEV;
Thanks,
Jozef
