Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
kernel-fxtec-pro1x/drivers
History
Ming Lei bd2e74d657 usb: musb: gadget: fix kernel panic if using out ep with FIFO_TXRX style 
For shared fifo hw endpoint(with FIFO_TXRX style), only ep_in
field of musb_hw_ep is intialized in musb_g_init_endpoints, and
ep_out is not initialized, but musb_g_rx and rxstate may access
ep_out field of musb_hw_ep by the method below:

	musb_ep = &musb->endpoints[epnum].ep_out

which can cause the kernel panic[1] below, this patch fixes the issue
by getting 'musb_ep' from '&musb->endpoints[epnum].ep_in' for shared fifo
endpoint.

[1], kernel panic
[root@OMAP3EVM /]# musb_interrupt 1583: ** IRQ peripheral usb0008 tx0000 rx4000
musb_stage0_irq 460: <== Power=f0, DevCtl=99, int_usb=0x8
musb_g_rx 772: <== (null), rxcsr 4007 ffffffe8
musb_g_rx 786:  iso overrun on ffffffe8
Unable to handle kernel NULL pointer dereference at virtual address 00000008
pgd = c0004000
[00000008] *pgd=00000000
Internal error: Oops: 17 [#1] PREEMPT
last sysfs file: /sys/devices/platform/musb_hdrc/usb1/usb_device/usbdev1.1/dev
Modules linked in: g_zero
CPU: 0    Tainted: G        W    (2.6.35-rc6-gkh-wl+ #92)
PC is at musb_g_rx+0xfc/0x2ec
LR is at vprintk+0x3f4/0x458
pc : [<c02c07a4>]    lr : [<c006ccb0>]    psr: 20000193
sp : c760bd78  ip : c03c9d70  fp : c760bdbc
r10: 00000000  r9 : fa0ab1e0  r8 : 0000000e
r7 : c7e80158  r6 : ffffffe8  r5 : 00000001  r4 : 00004003
r3 : 00010003  r2 : c760bcd8  r1 : c03cd030  r0 : 0000002e
Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 10c5387d  Table: 8778c019  DAC: 00000017
Process kmemleak (pid: 421, stack limit = 0xc760a2e8)
Stack: (0xc760bd78 to 0xc760c000)
bd60:                                                       ffffffe8 c04b1b58
bd80: ffffffe8 c7c01ac0 00000000 c7e80d24 c0084238 00000001 00000001 c7e80158
bda0: 0000000e 00000008 00000099 000000f0 c760be04 c760bdc0 c02bcd68 c02c06b4
bdc0: 00000099 00000008 00004000 c760bdd8 c03cc4f8 00000000 00000002 c7e80158
bde0: c7d2e300 60000193 c760a000 0000005c 00000000 00000000 c760be24 c760be08
be00: c02bcecc c02bc1ac c7d2e300 c7d2e300 0000005c c760a000 c760be54 c760be28
be20: c00ad698 c02bce6c 00000000 c7d2e300 c067c258 0000005c c067c294 00000001
be40: c760a000 00000000 c760be74 c760be58 c00af984 c00ad5fc 0000005c 00000000
be60: 00000000 00000002 c760be8c c760be78 c0039080 c00af8d0 ffffffff fa200000
be80: c760beec c760be90 c0039b6c c003900c 00000001 00000000 c7d1e240 00000000
bea0: 00000000 c068bae8 00000000 60000013 00000001 00000000 00000000 c760beec
bec0: c0064ecc c760bed8 c00ff7d0 c003a0a8 60000013 ffffffff 00000000 c068bae8
bee0: c760bf24 c760bef0 c00ff7d0 c0064ec4 00000001 00000000 c00ff700 00000000
bf00: c0087f00 00000000 60000013 c0d76a70 c0e23795 00000001 c760bf4c c760bf28
bf20: c00ffdd8 c00ff70c c068bb08 c068bae8 60000013 c0100938 c068bb30 00000000
bf40: c760bf84 c760bf50 c010014c c00ffd84 00000001 00000000 c010000c 00012c00
bf60: c7c33f04 00012c00 c7c33f04 00000000 c0100938 00000000 c760bf9c c760bf88
bf80: c01009a8 c0100018 c760bfa8 c7c33f04 c760bff4 c760bfa0 c0088000 c0100944
bfa0: c760bf98 00000000 00000000 00000001 dead4ead ffffffff ffffffff c08ba2bc
bfc0: 00000000 c049e7fa 00000000 c0087f70 c760bfd0 c760bfd0 c7c33f04 c0087f70
bfe0: c006f5e8 00000013 00000000 c760bff8 c006f5e8 c0087f7c 7f0004ff df2000ff
Backtrace:
[<c02c06a8>] (musb_g_rx+0x0/0x2ec) from [<c02bcd68>] (musb_interrupt+0xbc8/0xcc0)
[<c02bc1a0>] (musb_interrupt+0x0/0xcc0) from [<c02bcecc>] (generic_interrupt+0x6c/0x84)
[<c02bce60>] (generic_interrupt+0x0/0x84) from [<c00ad698>] (handle_IRQ_event+0xa8/0x1ec)
 r7:c760a000 r6:0000005c r5:c7d2e300 r4:c7d2e300
[<c00ad5f0>] (handle_IRQ_event+0x0/0x1ec) from [<c00af984>] (handle_level_irq+0xc0/0x13c)
[<c00af8c4>] (handle_level_irq+0x0/0x13c) from [<c0039080>] (asm_do_IRQ+0x80/0xa0)
 r7:00000002 r6:00000000 r5:00000000 r4:0000005c
[<c0039000>] (asm_do_IRQ+0x0/0xa0) from [<c0039b6c>] (__irq_svc+0x4c/0xb4)
Exception stack(0xc760be90 to 0xc760bed8)
be80:                                     00000001 00000000 c7d1e240 00000000
bea0: 00000000 c068bae8 00000000 60000013 00000001 00000000 00000000 c760beec
bec0: c0064ecc c760bed8 c00ff7d0 c003a0a8 60000013 ffffffff
 r5:fa200000 r4:ffffffff
[<c0064eb8>] (sub_preempt_count+0x0/0x100) from [<c00ff7d0>] (find_and_get_object+0xd0/0x110)
 r5:c068bae8 r4:00000000
[<c00ff700>] (find_and_get_object+0x0/0x110) from [<c00ffdd8>] (scan_block+0x60/0x104)
 r8:00000001 r7:c0e23795 r6:c0d76a70 r5:60000013 r4:00000000
[<c00ffd78>] (scan_block+0x0/0x104) from [<c010014c>] (kmemleak_scan+0x140/0x484)
[<c010000c>] (kmemleak_scan+0x0/0x484) from [<c01009a8>] (kmemleak_scan_thread+0x70/0xcc)
 r8:00000000 r7:c0100938 r6:00000000 r5:c7c33f04 r4:00012c00
[<c0100938>] (kmemleak_scan_thread+0x0/0xcc) from [<c0088000>] (kthread+0x90/0x98)
 r5:c7c33f04 r4:c760bfa8
[<c0087f70>] (kthread+0x0/0x98) from [<c006f5e8>] (do_exit+0x0/0x684)
 r7:00000013 r6:c006f5e8 r5:c0087f70 r4:c7c33f04
Code: e3002312 e58d6000 e2833e16 eb0422d5 (e5963020)
---[ end trace f3d5e96f75c297b7 ]---

Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Reviewed-by:   Sergei Shtylyov <sshtylyov@mvista.com>
Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Anand Gadiyar <gadiyar@ti.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-09-24 11:05:00 -07:00
..
accessibility
acpi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2010-09-07 16:00:17 -07:00
amba
ata libata-sff: Reenable Port Multiplier after libata-sff remodeling. 2010-09-09 22:31:55 -04:00
atm Merge branch 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6 2010-08-12 09:11:31 -07:00
auxdisplay
base PM: Prevent waiting forever on asynchronous resume after failing suspend 2010-09-09 00:49:43 +02:00
block cciss: freeing uninitialized data on error path 2010-09-21 11:49:17 +02:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2010-08-06 12:25:06 -07:00
cdrom block: push down BKL into .open and .release 2010-08-07 18:25:34 +02:00
char ipmi: fix hardcoded ipmi device exit path warning 2010-09-22 17:22:40 -07:00
clocksource
connector
cpufreq
cpuidle cpuidle: extend cpuidle and menu governor to handle dynamic states 2010-08-09 20:45:04 -07:00
crypto [S390] zcrypt: fix Kconfig dependencies 2010-08-13 10:06:54 +02:00
dca dca: disable dca on IOAT ver.3.0 multiple-IOH platforms 2010-09-17 20:08:21 -07:00
dio
dma Merge branch 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6 2010-08-12 09:11:31 -07:00
edac amd64_edac: Do not report error overflow as a separate error 2010-08-26 12:46:03 +02:00
eisa
firewire firewire: ohci: activate cycle timer register quirk on Ricoh chips 2010-09-08 21:25:55 +02:00
firmware Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2010-08-14 12:34:34 -07:00
gpio gpio: sx150x: correct and refine reset-on-probe behavior 2010-09-09 18:57:24 -07:00
gpu Merge remote branch 'linus' into drm-intel-fixes 2010-09-21 09:14:55 +01:00
hid HID: fix hiddev's use of usb_find_interface 2010-09-14 10:58:42 +02:00
hwmon hwmon: (lm95241) Replace rate sysfs attribute with update_interval 2010-09-17 17:24:15 +02:00
i2c i2c-omap: Make sure i2c bus is free before setting it to idle 2010-09-22 01:06:58 +01:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6 2010-09-19 11:06:34 -07:00
idle Merge branch 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6 2010-08-15 11:17:52 -07:00
ieee1394 ieee1394: Adjust confusing if indentation 2010-08-05 23:26:30 +02:00
ieee802154
infiniband Merge branches 'cxgb3' and 'nes' into for-linus 2010-09-08 14:43:28 -07:00
input Input: i8042 - fix device removal on unload 2010-08-31 18:28:15 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-08-23 18:30:30 -07:00
leds Merge branch 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6 2010-08-12 09:11:31 -07:00
lguest
macintosh via-pmu: Add compat_pmu_ioctl 2010-08-24 15:28:28 +10:00
mca
md md: fix v1.x metadata update when a disk is missing. 2010-09-17 13:53:28 +10:00
media V4L/DVB: mantis: Fix IR_CORE dependency 2010-08-24 10:42:08 -07:00
memstick memstick: fix hangs on unexpected device removal in mspro_blk 2010-08-12 08:43:31 -07:00
message fusion: add function parameter names to kernel-doc 2010-08-14 16:21:00 -07:00
mfd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6 2010-08-12 10:01:30 -07:00
misc vmware balloon: rename module 2010-09-22 17:22:38 -07:00
mmc drivers/mmc/host/imxmmc.c: adjust confusing if indentation 2010-09-09 18:57:23 -07:00
mtd Merge git://git.infradead.org/mtd-2.6 2010-09-14 17:05:39 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-19 11:05:50 -07:00
nubus
of of/device: Replace struct of_device with struct platform_device 2010-08-06 09:25:50 -06:00
oprofile oprofile: fix crash when accessing freed task structs 2010-08-25 09:09:09 +02:00
parisc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-08-04 15:31:02 -07:00
parport Merge branch 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6 2010-08-12 09:11:31 -07:00
pci drivers/pci/intel-iommu.c: fix build with older gcc's 2010-09-22 17:22:39 -07:00
pcmcia pcmcia: per-device, not per-socket debug messages 2010-09-15 17:57:09 +02:00
platform thinkpad-acpi: avoid keymap pitfall 2010-09-23 15:42:04 -04:00
pnp
power apm_power: Add missing break statement 2010-09-08 14:35:10 +04:00
pps
ps3
rapidio
regulator regulator: wm8350-regulator - fix the logic of checking REGULATOR_MODE_STANDBY mode 2010-09-06 11:14:47 +01:00
rtc rtc: s3c: balance state changes of wakeup flag 2010-09-22 17:22:40 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block 2010-09-10 07:26:27 -07:00
sbus of/device: Replace struct of_device with struct platform_device 2010-08-06 09:25:50 -06:00
scsi [SCSI] fix use-after-free in scsi_init_io() 2010-09-09 09:58:18 -05:00
serial serial: mfd: fix bug in serial_hsu_remove() 2010-09-20 16:30:00 -07:00
sfi
sh sh: add a reparent function to DIV6 clocks 2010-08-04 16:12:01 +09:00
sn
spi spi/pl022: move probe call to subsys_initcall() 2010-09-08 22:50:10 -06:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2010-08-06 12:25:06 -07:00
staging Staging: vt6655: fix buffer overflow 2010-09-20 16:31:54 -07:00
tc
telephony
thermal
uio uio: Remove IRQF_DISABLED flag from uio_cif.c 2010-08-05 13:53:33 -07:00
usb usb: musb: gadget: fix kernel panic if using out ep with FIFO_TXRX style 2010-09-24 11:05:00 -07:00
uwb
vhost vhost: error handling fix 2010-09-06 09:49:39 +03:00
video drivers/video/sis/sis_main.c: prevent reading uninitialized stack memory 2010-09-22 17:22:39 -07:00
virtio
vlynq
w1
watchdog watchdog: Enable NXP LPC32XX support in Kconfig (resend) 2010-09-15 18:43:58 +00:00
xen Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-08-28 13:55:31 -07:00
zorro zorro: Fix reading of proc/bus/zorro/* in small chunks 2010-08-09 21:14:08 +02:00
Kconfig
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2010-09-17 10:23:08 -07:00