On Tue, Apr 27, 2010 at 08:02:59PM +0530, Ramya Desai wrote:
> Dear Sarah,
>
> Thanks for the information.
>
> >> The driver seems to be working fine and there is no system crash when
> >> I comment the API named, xhci_free_streams_info(), in the
> >> xhci_free_streams() routine which is defined in the xhci.c file.
> >
> > What version of the code are you working with? My xhci-streams branch
> > does not have a function named xhci_free_streams_info().
>
> It is xhci_free_stream_info(), but NOT xhci_free_streams_info(). Sorry
> for the TYPO.
>
> >> This
> >> is because, the same API is called from xhci_free_virt_device()
> >> routine which is defined in xhci-mem.c file. When it is called twice,
> >> I saw the following messages (3 times) in the kernel log.
Ramya,
Can you try this patch? It's also on the xhci-streams branch (which
should become obsolete soon, since Greg KH queued the streams patches
and the streams patches are now on the master branch). Please let me
know if this fixes the crash you saw.
Sarah Sharp
>From a4136735a2ab4ff53daff91d1f66911b0da3e3b4 Mon Sep 17 00:00:00 2001
From: Sarah Sharp <sarah.a.sharp@xxxxxxxxxxxxxxx>
Date: Thu, 29 Apr 2010 16:14:51 -0700
Subject: [PATCH] xhci: Avoid double free after streams are disabled.
When a device is disconnected, xhci_free_virt_device() is called. Ramya
found that if the device had streams enabled, and then the driver freed
the streams with a call to usb_free_streams(), then about a minute after
he had called this, his machine crashed with a Bad DMA error. It turns
out that xhci_free_virt_device() would attempt to free the endpoint's
stream_info data structure if it wasn't NULL, and the free streams
function was not setting it to NULL after freeing it.
Signed-off-by: Sarah Sharp <sarah.a.sharp@xxxxxxxxxxxxxxx>
Cc: Ramya Desai <ramya.desai@xxxxxxxxx>
---
drivers/usb/host/xhci.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index a22a1e6..958cb1c 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1751,6 +1751,7 @@ cleanup:
for (i = 0; i < num_eps; i++) {
ep_index = xhci_get_endpoint_index(&eps[i]->desc);
xhci_free_stream_info(xhci, vdev->eps[ep_index].stream_info);
+ vdev->eps[ep_index].stream_info = NULL;
/* FIXME Unset maxPstreams in endpoint context and
* update deq ptr to point to normal string ring.
*/
@@ -1831,6 +1832,7 @@ int xhci_free_streams(struct usb_hcd *hcd, struct usb_device *udev,
for (i = 0; i < num_eps; i++) {
ep_index = xhci_get_endpoint_index(&eps[i]->desc);
xhci_free_stream_info(xhci, vdev->eps[ep_index].stream_info);
+ vdev->eps[ep_index].stream_info = NULL;
/* FIXME Unset maxPstreams in endpoint context and
* update deq ptr to point to normal string ring.
*/
--
1.6.3.3
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
