RE: [PATCH] usb: cdnsp: Fixes issue with dequeuing not queued requests

[Pawel Laszczak]

>> >
>> >On 23-07-13 04:14:29, Pawel Laszczak wrote:
>> >> Gadget ACM while unloading module try to dequeue not queued usb
>> >> request which causes the kernel to crash.
>> >> Patch adds extra condition to check whether usb request is
>> >> processed by CDNSP driver.
>> >>
>> >
>> >Why ACM does that?
>
>Would you please explain which situation triggers it?

The sequence to trigger is simple:
- Load modules (u_serial, f_acm and udc driver)
- unload module

In my case the plug is attached to host.

While unloading in the gs_console_disconnect function is involved
which try dequeue the usb_request not queued.

Without fix controller driver during dequeuing trees to make operation
on not initialized field which causes the kernel to crash.

Regards,
Pawel

>> >
>> >> cc: <stable@xxxxxxxxxxxxxxx>
>> >> Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence
>> >> USBSSP DRD Driver")
>> >> Signed-off-by: Pawel Laszczak <pawell@xxxxxxxxxxx>
>> >> ---
>> >>  drivers/usb/cdns3/cdnsp-gadget.c | 3 +++
>> >>  1 file changed, 3 insertions(+)
>> >>
>> >> diff --git a/drivers/usb/cdns3/cdnsp-gadget.c
>> >> b/drivers/usb/cdns3/cdnsp-gadget.c
>> >> index fff9ec9c391f..3a30c2af0c00 100644
>> >> --- a/drivers/usb/cdns3/cdnsp-gadget.c
>> >> +++ b/drivers/usb/cdns3/cdnsp-gadget.c
>> >> @@ -1125,6 +1125,9 @@ static int cdnsp_gadget_ep_dequeue(struct
>> >usb_ep *ep,
>> >>  	unsigned long flags;
>> >>  	int ret;
>> >>
>> >> +	if (request->status != -EINPROGRESS)
>> >> +		return 0;
>> >> +
>> >
>> >Why not you use pending list which used at cdnsp_ep_enqueue to do this?
>>
>> It's just simpler and faster way - no other reasons.
>
>Okay, get it.
>
>--
>
>Thanks,
>Peter Chen