On Wed, Apr 05, 2023 at 07:18:53PM +0100, Jon Hunter wrote:
> Commit ac82b56bda5f ("usb: gadget: tegra-xudc: Add vbus_draw support")
> populated the vbus_draw callback for the Tegra XUDC driver. The function
> tegra_xudc_gadget_vbus_draw(), that was added by this commit, assumes
> that the pointer 'curr_usbphy' has been initialised, which is not always
> the case because this is only initialised when the USB role is updated.
> Fix this crash, by checking that the 'curr_usbphy' is valid before
> dereferencing.
>
> Fixes: ac82b56bda5f ("usb: gadget: tegra-xudc: Add vbus_draw support")
> Signed-off-by: Jon Hunter <jonathanh@xxxxxxxxxx>
> ---
> drivers/usb/gadget/udc/tegra-xudc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/gadget/udc/tegra-xudc.c b/drivers/usb/gadget/udc/tegra-xudc.c
> index 2b71b33725f1..5bccd64847ff 100644
> --- a/drivers/usb/gadget/udc/tegra-xudc.c
> +++ b/drivers/usb/gadget/udc/tegra-xudc.c
> @@ -2167,7 +2167,7 @@ static int tegra_xudc_gadget_vbus_draw(struct usb_gadget *gadget,
>
> dev_dbg(xudc->dev, "%s: %u mA\n", __func__, m_a);
>
> - if (xudc->curr_usbphy->chg_type == SDP_TYPE)
> + if (xudc->curr_usbphy && xudc->curr_usbphy->chg_type == SDP_TYPE)
> ret = usb_phy_set_power(xudc->curr_usbphy, m_a);
>
> return ret;
Looking at tegra_xudc_probe(), that calls tegra_xudc_update_data_role()
for all PHYs, so shouldn't that be enough to get curr_usbphy set? Or is
there perhaps a race between ->vbus_draw() and the data role update? Is
->vbus_draw() perhaps called as part of usb_add_gadget_udc()? Should we
reorder those to make sure the role is properly updated before the
gadget is registered?
Thierry
Attachment:
signature.asc
Description: PGP signature
