On 23/07/2020 12:19, Greg Kroah-Hartman wrote:
> On Wed, Jul 15, 2020 at 12:38:42PM +0100, Jon Hunter wrote:
>> Commit 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB
>> context save/restore") is using the IPFS 'num_offsets' value when
>> allocating memory for FPCI context instead of the FPCI 'num_offsets'.
>>
>> After commit cad064f1bd52 ("devres: handle zero size in devm_kmalloc()")
>> was added system suspend started failing on Tegra186. The kernel log
>> showed that the Tegra XHCI driver was crashing on entry to suspend when
>> attempting the save the USB context. On Tegra186, the IPFS context has a
>> zero length but the FPCI content has a non-zero length, and because of
>> the bug in the Tegra XHCI driver we are incorrectly allocating a zero
>> length array for the FPCI context. The crash seen on entering suspend
>> when we attempt to save the FPCI context and following commit
>> cad064f1bd52 ("devres: handle zero size in devm_kmalloc()") this now
>> causes a NULL pointer deference when we access the memory. Fix this by
>> correcting the amount of memory we are allocating for FPCI contexts.
>>
>> Cc: stable@xxxxxxxxxxxxxxx
>>
>> Fixes: 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB context save/restore")
>>
>> Signed-off-by: Jon Hunter <jonathanh@xxxxxxxxxx>
>> Acked-by: Thierry Reding <treding@xxxxxxxxxx>
>> ---
>>
>> Changes since V1:
>> - Corrected commit message
>> - Added Thierry's ACK
>>
>> drivers/usb/host/xhci-tegra.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> No cc: to linux-usb@vger? :(
>
> I'll go queue this up, but I would have caught it sooner if you had done
> so...
Sorry about that. Thanks for queuing up!
Jon
--
nvpublic
