[glsdk/meta-ti-glsdk.git] / recipes-kernel / linux / linux-ti33x-psp-3.2 / 3.2.21 / 0025-usb-musb_gadget-fix-crash-caused-by-dangling-pointer.patch
1 From cb8353a20faf8ec806f2e04848e1a8d2ba17194c Mon Sep 17 00:00:00 2001
2 From: Grazvydas Ignotas <notasas@gmail.com>
3 Date: Sat, 26 May 2012 00:21:33 +0300
4 Subject: [PATCH 25/67] usb: musb_gadget: fix crash caused by dangling pointer
6 commit 08f75bf14fadaa81fe362d5acda9b77b113dd0a2 upstream.
8 usb_ep_ops.disable must clear external copy of the endpoint descriptor,
9 otherwise musb crashes after loading/unloading several gadget modules
10 in a row:
12 Unable to handle kernel paging request at virtual address bf013730
13 pgd = c0004000
14 [bf013730] *pgd=8f26d811, *pte=00000000, *ppte=00000000
15 Internal error: Oops: 7 [#1]
16 Modules linked in: g_cdc [last unloaded: g_file_storage]
17 CPU: 0 Not tainted (3.2.17 #647)
18 PC is at musb_gadget_enable+0x4c/0x24c
19 LR is at _raw_spin_lock_irqsave+0x4c/0x58
20 [<c027c030>] (musb_gadget_enable+0x4c/0x24c) from [<bf01b760>] (gether_connect+0x3c/0x19c [g_cdc])
21 [<bf01b760>] (gether_connect+0x3c/0x19c [g_cdc]) from [<bf01ba1c>] (ecm_set_alt+0x15c/0x180 [g_cdc])
22 [<bf01ba1c>] (ecm_set_alt+0x15c/0x180 [g_cdc]) from [<bf01ecd4>] (composite_setup+0x85c/0xac4 [g_cdc])
23 [<bf01ecd4>] (composite_setup+0x85c/0xac4 [g_cdc]) from [<c027b744>] (musb_g_ep0_irq+0x844/0x924)
24 [<c027b744>] (musb_g_ep0_irq+0x844/0x924) from [<c027a97c>] (musb_interrupt+0x79c/0x864)
25 [<c027a97c>] (musb_interrupt+0x79c/0x864) from [<c027aaa8>] (generic_interrupt+0x64/0x7c)
26 [<c027aaa8>] (generic_interrupt+0x64/0x7c) from [<c00797cc>] (handle_irq_event_percpu+0x28/0x178)
27 ...
29 Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
30 Signed-off-by: Felipe Balbi <balbi@ti.com>
31 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
32 ---
33 drivers/usb/musb/musb_gadget.c | 1 +
34 1 file changed, 1 insertion(+)
36 diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
37 index 47349ca..28ea50c 100644
38 --- a/drivers/usb/musb/musb_gadget.c
39 +++ b/drivers/usb/musb/musb_gadget.c
40 @@ -1206,6 +1206,7 @@ static int musb_gadget_disable(struct usb_ep *ep)
41 }
43 musb_ep->desc = NULL;
44 + musb_ep->end_point.desc = NULL;
46 /* abort all pending DMA and requests */
47 nuke(musb_ep, -ESHUTDOWN);
48 --
49 1.7.9.5