> -----Original Message----- > From: Sebastian Andrzej Siewior [mailto:sebastian@xxxxxxxxxxxxx] > Sent: terça-feira, 10 de Julho de 2012 16:37 > To: Mario Jorge Isidoro > Cc: Fabio Porcedda; Sebastian Andrzej Siewior; balbi@xxxxxx; gregkh@xxxxxxxxxxxxxxxxxxx; linux-usb@xxxxxxxxxxxxxxx; Nicolas Ferre; Ido Shayevitz; Jean-Christophe PLAGNIOL-VILLARD > Subject: Re: NULL pointer dereference in at91_udc on start of connection > > On Tue, Jul 10, 2012 at 03:54:06PM +0100, Mario Jorge Isidoro wrote: >> I've found that the following change also works, if someone doesn't want to simply eliminate the check >> diff --git a/drivers/usb/gadget/at91_udc.c b/drivers/usb/gadget/at91_udc.c >> index 7687ccd..33a6999 100644 >> --- a/drivers/usb/gadget/at91_udc.c >> +++ b/drivers/usb/gadget/at91_udc.c >> @@ -475,7 +475,7 @@ static int at91_ep_enable(struct usb_ep *_ep, >> unsigned long flags; >> >> if (!_ep || !ep >> - || !desc || ep->ep.desc >> + || !desc || !ep->ep.desc > > This check ensures that you do not try to enable an endpoint twice. Once > enabled, ep->ep.desc should be set. > >> || _ep->name == ep0name > ep.desc is always NULL for ep0 and this one should not be enabled. Therefore > you have this check here. > >> || desc->bDescriptorType != USB_DT_ENDPOINT >> || (maxpacket = usb_endpoint_maxp(desc)) == 0 > > That means with this change you should not get any endpoints enabled and it > should not work at all. Can you acknowledge this? After removing the check || ep->ep.desc the driver seems to work fine. I was able to successfully transfer a file using the tftp protocol. I try to summarize the results: 1) first case - latest HEAD without any modifications (v3.5-rc6-117-g918227b) when i connect the usb gadget cable i got: Unable to handle kernel paging request at virtual address 206d6365 pgd = c3ac8000 [206d6365] *pgd=00000000 Internal error: Oops: 1 [#1] ARM Modules linked in: CPU: 0 Not tainted (3.5.0-rc6+ #20) PC is at __dev_printk+0x20/0x198 LR is at dev_printk+0x2c/0x3c pc : [<c017a9a0>] lr : [<c017ad90>] psr: 20000093 sp : c0365de0 ip : c0309a0c fp : 00000001 r10: c0374c78 r9 : c038b900 r8 : c0365e9c r7 : c02e83c0 r6 : 00000005 r5 : c03877d8 r4 : c03098fc r3 : 206d6365 r2 : c0365e9c r1 : c03098fc r0 : c02e83c0 Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 0005317f Table: 23ac8000 DAC: 00000017 Process swapper (pid: 0, stack limit = 0xc0364270) Stack: (0xc0365de0 to 0xc0366000) 5de0: 00000000 00000001 c036c070 c03908d8 000000e6 00000000 c038c230 000000c9 5e00: c03908d8 00000007 c03908d8 c001f130 00000400 00000010 000000c9 00000000 5e20: 20000093 00000001 c038c230 0000000b c038c230 c037265c 00000006 00000007 5e40: 00000000 00000000 00000000 c001f4e8 00000000 00000000 00000000 00000000 5e60: c038cb3b 0000000b c004b15c 60000093 00000000 c0387ae4 c03877d8 00000005 5e80: 40000093 00000000 c038b900 c0374c78 00000001 c017ad90 c038b900 c0309a0c 5ea0: c0365ea4 c0365eb4 c03877d8 c01e0cdc c0309a0c c01e0cb4 c03877d8 00000100 5ec0: 00000005 c01ded98 00000000 00000001 00000001 00000000 00000065 c038b900 5ee0: c0377448 c396f6e0 0000000a 00000000 00000000 0000000a c038b900 c0374c78 5f00: 00000001 c0054c1c 41069265 2035cc2c 00000000 c0374c78 0000000a 00000000 5f20: c0365f94 20004000 41069265 2035cc2c 00000000 c0054dc0 c0374c78 c0056ee8 5f40: c037bde0 c0054598 000000c0 c000fe0c c000ff64 a0000013 fefff000 c000ebb8 5f60: 00000000 0005317f 0005217f a0000013 c0364000 c038ba48 c036ebbc c000ff40 5f80: 20004000 41069265 2035cc2c 00000000 a00000d3 c0365fa8 c000ff58 c000ff64 5fa0: a0000013 ffffffff 60000093 c001012c 00000000 c036c0a0 c038b9a0 c035e304 5fc0: c0422320 c034271c ffffffff ffffffff c0342278 00000000 00000000 c035e304 5fe0: 00000000 00053175 c036c01c c035e300 c036ebb4 20008040 00000000 00000000 [<c017a9a0>] (__dev_printk+0x20/0x198) from [<c017ad90>] (dev_printk+0x2c/0x3c) [<c017ad90>] (dev_printk+0x2c/0x3c) from [<c01e0cdc>] (composite_suspend+0x28/0xc8) [<c01e0cdc>] (composite_suspend+0x28/0xc8) from [<c01ded98>] (at91_udc_irq+0xbc/0x878) [<c01ded98>] (at91_udc_irq+0xbc/0x878) from [<c0054c1c>] (handle_irq_event_percpu+0x50/0x1cc) [<c0054c1c>] (handle_irq_event_percpu+0x50/0x1cc) from [<c0054dc0>] (handle_irq_event+0x28/0x38) [<c0054dc0>] (handle_irq_event+0x28/0x38) from [<c0056ee8>] (handle_level_irq+0x80/0xdc) [<c0056ee8>] (handle_level_irq+0x80/0xdc) from [<c0054598>] (generic_handle_irq+0x28/0x3c) [<c0054598>] (generic_handle_irq+0x28/0x3c) from [<c000fe0c>] (handle_IRQ+0x30/0x98) [<c000fe0c>] (handle_IRQ+0x30/0x98) from [<c000ebb8>] (__irq_svc+0x38/0x60) [<c000ebb8>] (__irq_svc+0x38/0x60) from [<c000ff64>] (default_idle+0x24/0x40) [<c000ff64>] (default_idle+0x24/0x40) from [<c001012c>] (cpu_idle+0x8c/0xcc) [<c001012c>] (cpu_idle+0x8c/0xcc) from [<c034271c>] (start_kernel+0x280/0x2d0) Code: e1a08002 0a00004f e59430c0 e3530000 (15936000) ---[ end trace d80a9f0f67ad16c0 ]--- Kernel panic - not syncing: Fatal exception in interrupt 2) second case - reverting the latest three commits on the at91_udc.c, git revert 5eaee54b1c52a83dc74445792cf49900a8050da8 f3d8bf34c2c925867322197096ed501ceab8085a 5a6506f00efa4b38b181152b69a072e766c7ce92 the driver seems to works fine, i was able to transfer a file using the tftp protocol dmesg (without USB_GADGET_DEBUG): g_ether gadget: full-speed config #1: CDC Ethernet (ECM) dmesg (with USB_GADGET_DEBUG) : udc: active g_ether gadget: suspend g_ether gadget: resume g_ether gadget: suspend g_ether gadget: full-speed config #1: CDC Ethernet (ECM) g_ether gadget: init ecm g_ether gadget: notify connect false g_ether gadget: notify speed 9728000 g_ether gadget: activate ecm usb0: qlen 2 g_ether gadget: ecm_close usb0: eth_open usb0: eth_start g_ether gadget: ecm_open 3) third case - reverting only the f3d8bf34c2c925867322197096ed501ceab8085a commit dmesg: udc: active g_ether gadget: suspend g_ether gadget: resume g_ether gadget: suspend g_ether gadget: resume g_ether gadget: full-speed config #1: CDC Ethernet (ECM) udc: bad ep or descriptor g_ether gadget: init ecm g_ether gadget: notify connect false g_ether gadget: activate ecm udc: bad ep or descriptor usb0: enable ep1 --> -22 g_ether gadget: reset ecm ------------[ cut here ]------------ WARNING: at drivers/usb/gadget/u_ether.c:941 ecm_set_alt+0x60/0x1fc() Modules linked in: [<c00146e4>] (unwind_backtrace+0x0/0xf0) from [<c001d3a4>] (warn_slowpath_common+0x4c/0x64) [<c001d3a4>] (warn_slowpath_common+0x4c/0x64) from [<c001d3d8>] (warn_slowpath_null+0x1c/0x24) [<c001d3d8>] (warn_slowpath_null+0x1c/0x24) from [<c01e6694>] (ecm_set_alt+0x60/0x1fc) [<c01e6694>] (ecm_set_alt+0x60/0x1fc) from [<c01e34d4>] (composite_setup+0x198/0xc9c) [<c01e34d4>] (composite_setup+0x198/0xc9c) from [<c01df1d8>] (at91_udc_irq+0x4a0/0x878) [<c01df1d8>] (at91_udc_irq+0x4a0/0x878) from [<c0054c1c>] (handle_irq_event_percpu+0x50/0x1cc) [<c0054c1c>] (handle_irq_event_percpu+0x50/0x1cc) from [<c0054dc0>] (handle_irq_event+0x28/0x38) [<c0054dc0>] (handle_irq_event+0x28/0x38) from [<c0056ee8>] (handle_level_irq+0x80/0xdc) [<c0056ee8>] (handle_level_irq+0x80/0xdc) from [<c0054598>] (generic_handle_irq+0x28/0x3c) [<c0054598>] (generic_handle_irq+0x28/0x3c) from [<c000fe0c>] (handle_IRQ+0x30/0x98) [<c000fe0c>] (handle_IRQ+0x30/0x98) from [<c000ed3c>] (__irq_usr+0x3c/0x80) ---[ end trace 5c9310f6bfdf5d0d ]--- g_ether gadget: activate ecm udc: bad ep or descriptor usb0: enable ep1 --> -22 the driver doesn't work 4) forth case - reverting the commit f3d8bf34c2c925867322197096ed501ceab8085a and removing the check: diff --git a/drivers/usb/gadget/at91_udc.c b/drivers/usb/gadget/at91_udc.c index 7687ccd..c813ea7 100644 --- a/drivers/usb/gadget/at91_udc.c +++ b/drivers/usb/gadget/at91_udc.c @@ -475,7 +475,7 @@ static int at91_ep_enable(struct usb_ep *_ep, unsigned long flags; if (!_ep || !ep - || !desc || ep->ep.desc + || !desc || _ep->name == ep0name || desc->bDescriptorType != USB_DT_ENDPOINT || (maxpacket = usb_endpoint_maxp(desc)) == 0 dmesg: udc: active g_ether gadget: suspend g_ether gadget: resume g_ether gadget: suspend g_ether gadget: resume g_ether gadget: full-speed config #1: CDC Ethernet (ECM) g_ether gadget: init ecm g_ether gadget: notify connect false g_ether gadget: notify speed 9728000 g_ether gadget: activate ecm usb0: qlen 2 g_ether gadget: ecm_close g_ether gadget: notify connect false g_ether gadget: notify speed 9728000 usb0: eth_open usb0: eth_start g_ether gadget: ecm_open g_ether gadget: notify connect true g_ether gadget: notify speed 9728000 the driver seems to work fine, i was able to successfully tranfser a file using the tftp protocol. My defconfig: CONFIG_EXPERIMENTAL=y # CONFIG_LOCALVERSION_AUTO is not set # CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_LOG_BUF_SHIFT=14 CONFIG_BLK_DEV_INITRD=y CONFIG_SLAB=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_IOSCHED_DEADLINE is not set # CONFIG_IOSCHED_CFQ is not set CONFIG_ARCH_AT91=y CONFIG_ARCH_AT91SAM9260=y CONFIG_MACH_AT91SAM9260EK=y CONFIG_MACH_CAM60=y CONFIG_MACH_SAM9_L9260=y CONFIG_MACH_AFEB9260=y CONFIG_MACH_USB_A9260=y CONFIG_MACH_QIL_A9260=y CONFIG_MACH_CPU9260=y CONFIG_MACH_FLEXIBITY=y CONFIG_MACH_SNAPPER_9260=y CONFIG_MACH_AT91SAM_DT=y CONFIG_AT91_PROGRAMMABLE_CLOCKS=y # CONFIG_ARM_THUMB is not set CONFIG_AEABI=y CONFIG_ZBOOT_ROM_TEXT=0x0 CONFIG_ZBOOT_ROM_BSS=0x0 CONFIG_ARM_APPENDED_DTB=y CONFIG_ARM_ATAG_DTB_COMPAT=y CONFIG_CMDLINE="mem=64M console=ttyS0,115200 initrd=0x21100000,3145728 root=/dev/ram0 rw" CONFIG_FPE_NWFPE=y CONFIG_NET=y CONFIG_PACKET=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IP_PNP=y CONFIG_IP_PNP_BOOTP=y # CONFIG_INET_XFRM_MODE_TRANSPORT is not set # CONFIG_INET_XFRM_MODE_TUNNEL is not set # CONFIG_INET_XFRM_MODE_BEET is not set # CONFIG_INET_LRO is not set # CONFIG_IPV6 is not set CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_MTD=y CONFIG_MTD_CMDLINE_PARTS=y # CONFIG_MTD_OF_PARTS is not set CONFIG_MTD_BLOCK=y CONFIG_MTD_NAND=y CONFIG_MTD_NAND_ATMEL=y CONFIG_MTD_NAND_ATMEL_ECC_SOFT=y CONFIG_MTD_UBI=y CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_SIZE=8192 CONFIG_SCSI=y CONFIG_BLK_DEV_SD=y CONFIG_SCSI_MULTI_LUN=y CONFIG_NETDEVICES=y CONFIG_MII=y CONFIG_MACB=y # CONFIG_INPUT_MOUSEDEV_PSAUX is not set # CONFIG_INPUT_KEYBOARD is not set # CONFIG_INPUT_MOUSE is not set # CONFIG_SERIO is not set CONFIG_SERIAL_ATMEL=y CONFIG_SERIAL_ATMEL_CONSOLE=y # CONFIG_HW_RANDOM is not set CONFIG_I2C=y CONFIG_I2C_CHARDEV=y CONFIG_I2C_GPIO=y # CONFIG_HWMON is not set CONFIG_WATCHDOG=y CONFIG_WATCHDOG_NOWAYOUT=y CONFIG_AT91SAM9X_WATCHDOG=y # CONFIG_USB_HID is not set CONFIG_USB=y CONFIG_USB_MON=y CONFIG_USB_OHCI_HCD=y CONFIG_USB_STORAGE=y CONFIG_USB_STORAGE_DEBUG=y CONFIG_USB_GADGET=y CONFIG_USB_GADGET_DEBUG=y CONFIG_USB_AT91=y CONFIG_USB_ETH=y CONFIG_RTC_CLASS=y CONFIG_RTC_DRV_AT91SAM9=y CONFIG_EXT2_FS=y CONFIG_VFAT_FS=y CONFIG_TMPFS=y CONFIG_UBIFS_FS=y CONFIG_CRAMFS=y CONFIG_NLS_CODEPAGE_437=y CONFIG_NLS_CODEPAGE_850=y CONFIG_NLS_ISO8859_1=y CONFIG_DEFAULT_MESSAGE_LOGLEVEL=1 CONFIG_DEBUG_KERNEL=y CONFIG_DEBUG_USER=y CONFIG_DEBUG_LL=y The only working solutions are the second and fourth, IMHO if there isn't any better idea i propose the second solution, reverting the latest three commits of the at91_udc.c driver. Best regards -- Fabio Porcedda -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
