Dear Lothar Waßmann,
> Hi,
>
> Marek Vasut writes:
> > This driver handles claiming of clocks and memory areas. These are later
> > properly delegated to it's child devices, the USB Host (ehci-mxs) and
> > USB Gadget (ci13xxx-mxs).
>
> [...]
>
> There is a conceptual bug in the following code. Did you ever run it?
Of course, but let's see the problem.
> > + INIT_WORK(&priv->work, imx_otg_work);
> > +
>
> [...]
>
> > + if (pdata->gadget_mode) {
> > + data->pdev_gadget = add_platform_device("ci13xxx-mxs", -1,
> > + data, sizeof(*data),
> > + DMA_BIT_MASK(32));
>
> This will blow up due to 'BUG_ON(!list_empty(&work->entry));'
> in kernel/workqueue.c when schedule_work() is called in
> imx_otg_set_host() or imx_otg_set_peripheral().
>
> platform_add_data() (called from add_platform_device()) will make a
> copy of the data structure which contains the initialized work queue.
> INIT_WORK() will have initialized a list_head embedded in the work
> queue (making 'next' and 'prev' member pointing to the list_head
> itself).
> The copied list_head will thus have its members pointing to the
> original data structure rather than the respective copies and thus
> fail the 'list_empty()' check.
Very nice, good catch, thanks! It never manifested to me, but I'll look into it
and fix it in V7. How did you notice this please?
>
> Lothar Waßmann
Best regards,
Marek Vasut
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
