On 23-07-13 04:14:29, Pawel Laszczak wrote:
Gadget ACM while unloading module try to dequeue not queued usb request which causes the kernel to crash. Patch adds extra condition to check whether usb request is processed by CDNSP driver.
Why ACM does that?
Would you please explain which situation triggers it?
The sequence to trigger is simple: - Load modules (u_serial, f_acm and udc driver) - unload module
In my case the plug is attached to host.
While unloading in the gs_console_disconnect function is involved which try dequeue the usb_request not queued.
Without fix controller driver during dequeuing trees to make operation on not initialized field which causes the kernel to crash.
Regards, Pawel
cc: stable@vger.kernel.org Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Signed-off-by: Pawel Laszczak pawell@cadence.com
drivers/usb/cdns3/cdnsp-gadget.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index fff9ec9c391f..3a30c2af0c00 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -1125,6 +1125,9 @@ static int cdnsp_gadget_ep_dequeue(struct
usb_ep *ep,
unsigned long flags; int ret;
- if (request->status != -EINPROGRESS)
return 0;Why not you use pending list which used at cdnsp_ep_enqueue to do this?
It's just simpler and faster way - no other reasons.
Okay, get it.
--
Thanks, Peter Chen