• Grazvydas Ignotas's avatar
    usb: musb_gadget: fix crash caused by dangling pointer · 08f75bf1
    Grazvydas Ignotas authored
    usb_ep_ops.disable must clear external copy of the endpoint descriptor,
    otherwise musb crashes after loading/unloading several gadget modules
    in a row:
    
    Unable to handle kernel paging request at virtual address bf013730
    pgd = c0004000
    [bf013730] *pgd=8f26d811, *pte=00000000, *ppte=00000000
    Internal error: Oops: 7 [#1]
    Modules linked in: g_cdc [last unloaded: g_file_storage]
    CPU: 0    Not tainted  (3.2.17 #647)
    PC is at musb_gadget_enable+0x4c/0x24c
    LR is at _raw_spin_lock_irqsave+0x4c/0x58
    [<c027c030>] (musb_gadget_enable+0x4c/0x24c) from [<bf01b760>] (gether_connect+0x3c/0x19c [g_cdc])
    [<bf01b760>] (gether_connect+0x3c/0x19c [g_cdc]) from [<bf01ba1c>] (ecm_set_alt+0x15c/0x180 [g_cdc])
    [<bf01ba1c>] (ecm_set_alt+0x15c/0x180 [g_cdc]) from [<bf01ecd4>] (composite_setup+0x85c/0xac4 [g_cdc])
    [<bf01ecd4>] (composite_setup+0x85c/0xac4 [g_cdc]) from [<c027b744>] (musb_g_ep0_irq+0x844/0x924)
    [<c027b744>] (musb_g_ep0_irq+0x844/0x924) from [<c027a97c>] (musb_interrupt+0x79c/0x864)
    [<c027a97c>] (musb_interrupt+0x79c/0x864) from [<c027aaa8>] (generic_interrupt+0x64/0x7c)
    [<c027aaa8>] (generic_interrupt+0x64/0x7c) from [<c00797cc>] (handle_irq_event_percpu+0x28/0x178)
    ...
    
    Cc: stable@vger.kernel.org # v3.1+
    Signed-off-by: default avatarGrazvydas Ignotas <notasas@gmail.com>
    Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
    08f75bf1
musb_gadget.c 58.8 KB