Re: A potential bug in drivers/usb/gadget/udc/m66592-udc.ko

From: Felipe Balbi
Date: Thu Sep 08 2016 - 08:05:09 EST

Next message: Felipe Balbi: "Re: [PATCH V6 0/3] Integration of function trace with System Trace IP blocks"
Previous message: Wim Osterholt: "crash by cdc_acm driver in kernels 4.8-rc1/5"
In reply to: Pavel Andrianov: "A potential bug in drivers/usb/gadget/udc/m66592-udc.ko"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Pavel Andrianov <andrianov@xxxxxxxxx> writes:
> Hi!
>
> There is a potential bug in drivers/usb/gadget/udc/m66592-udc.ko.
> In m66592_probe interrupts are requested at line 1612. After that
> initialization of common resources is continued. For example, in
>
> -> usb_add_gadget_udc (line 1678)
> -> usb_add_gadget_udc_release
> -> udc_bind_to_driver
> -> usb_gadget_udc_start
> -> m66592_udc_start
>
> m66592->driver is set. In interrupt handler the data is used, thus if
> interrupt comes before udc_start is executed, null pointer dereference
> occurs.
> Should the call of request_irq be after complete initialization?

interrupts will only fire after we connect data pullups, that's done by
->pullup() method waaaaaaaay later ;-)

--
balbi

Attachment: signature.asc
Description: PGP signature

Next message: Felipe Balbi: "Re: [PATCH V6 0/3] Integration of function trace with System Trace IP blocks"
Previous message: Wim Osterholt: "crash by cdc_acm driver in kernels 4.8-rc1/5"
In reply to: Pavel Andrianov: "A potential bug in drivers/usb/gadget/udc/m66592-udc.ko"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]