Commit 8a007748 authored by Sarah Sharp's avatar Sarah Sharp Committed by Greg Kroah-Hartman

USB: xhci: Avoid double free after streams are disabled.

When a device is disconnected, xhci_free_virt_device() is called.  Ramya
found that if the device had streams enabled, and then the driver freed
the streams with a call to usb_free_streams(), then about a minute after
he had called this, his machine crashed with a Bad DMA error.  It turns
out that xhci_free_virt_device() would attempt to free the endpoint's
stream_info data structure if it wasn't NULL, and the free streams
function was not setting it to NULL after freeing it.
Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
Tested-by: default avatarRamya Desai <ramya.desai@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 85bcb5ee
...@@ -1746,6 +1746,7 @@ int xhci_alloc_streams(struct usb_hcd *hcd, struct usb_device *udev, ...@@ -1746,6 +1746,7 @@ int xhci_alloc_streams(struct usb_hcd *hcd, struct usb_device *udev,
for (i = 0; i < num_eps; i++) { for (i = 0; i < num_eps; i++) {
ep_index = xhci_get_endpoint_index(&eps[i]->desc); ep_index = xhci_get_endpoint_index(&eps[i]->desc);
xhci_free_stream_info(xhci, vdev->eps[ep_index].stream_info); xhci_free_stream_info(xhci, vdev->eps[ep_index].stream_info);
vdev->eps[ep_index].stream_info = NULL;
/* FIXME Unset maxPstreams in endpoint context and /* FIXME Unset maxPstreams in endpoint context and
* update deq ptr to point to normal string ring. * update deq ptr to point to normal string ring.
*/ */
...@@ -1826,6 +1827,7 @@ int xhci_free_streams(struct usb_hcd *hcd, struct usb_device *udev, ...@@ -1826,6 +1827,7 @@ int xhci_free_streams(struct usb_hcd *hcd, struct usb_device *udev,
for (i = 0; i < num_eps; i++) { for (i = 0; i < num_eps; i++) {
ep_index = xhci_get_endpoint_index(&eps[i]->desc); ep_index = xhci_get_endpoint_index(&eps[i]->desc);
xhci_free_stream_info(xhci, vdev->eps[ep_index].stream_info); xhci_free_stream_info(xhci, vdev->eps[ep_index].stream_info);
vdev->eps[ep_index].stream_info = NULL;
/* FIXME Unset maxPstreams in endpoint context and /* FIXME Unset maxPstreams in endpoint context and
* update deq ptr to point to normal string ring. * update deq ptr to point to normal string ring.
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment