Commits
Peter Chen committed e4cf4944713
MA-13475 usb: cdns3: gadget: fix NULL pointer issue when switch functions Below oops is reproduced when switch between mtp and ptp function at Android, the interrupt occurs when the usb_ss->gadget_driver is already NULL. In this commit, we add NULL pointer check for it as well as protecting for clear usb_ss->gadget_driver. init: Sending signal 9 to service 'adbd' (pid 4644) process group... Mem abort info: Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgd = ffff800830e49000 [0000000000000020] *pgd=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: wlan CPU: 0 PID: 3226 Comm: surfaceflinger Not tainted 4.14.98 #1 init: Successfully killed process cgroup uid 0 pid 4644 in 11ms Hardware name: Freescale i.MX8QXP MEK (DT) task: ffff80083bf55400 task.stack: ffff00000ffe8000 PC is at cdns_get_setup_ret+0x38/0x64 LR is at cdns_get_setup_ret+0x24/0x64 pc : [<ffff0000089b0e88>] lr : [<ffff0000089b0e74>] pstate: 000001c5 sp : ffff000008003d10 x29: ffff000008003d10 x28: ffff80083bf55400 x27: ffff000009873018 x26: ffff000008004000 x25: ffff000009873018 x24: ffff000009c6a288 x23: ffff000008003f24 x22: ffff00000a85e000 x21: 0000000000000001 x20: ffff8008361c97b8 x19: ffff8008361c9000 x18: 0000000000000001 x17: 0000fe6e544aee34 x16: ffff0000082b54f0 x15: 0000ffffccae15f0 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000010000 x11: 0000000000000040 x10: 0000000000000040 x9 : ffff8008380ae238 x8 : ffff800838000248 x7 : 0000000000000000 x6 : ffff800838000248 init: Service 'adbd' (pid 4644) killed by signal 9 x5 : ffff80083ae40600 x4 : 0000000000000000 x3 : 00000000000001c0 x2 : 0000000000000000 x1 : ffff00000a85e000 x0 : ffff8008361c9300 X0: 0xffff8008361c9280: 9280 00000000 00000000 00000000 00000000 000f000f init: processing action (init.svc.adbd=stopped) from (/init.usb.configfs.rc:15) 00000000 3bf6ce00 ffff8008 92a0 3acd9a00 ffff8008 00000000 00000000 00000000 00000000 00000000 00000000 92c0 00000000 00000000 00000000 00000000 00000000 00000000 089b0e3c ffff0000 92e0 00000000 init: processing action (sys.usb.config=mtp,adb && sys.usb.configfs=1) from (/init.usb.configfs.rc:33) 00000000 00000000 00000000 read descriptors read strings init: starting service 'adbd'... 00000000 init: property_set("ro.boottime.adbd", "97804848500") failed: property already set init: Created socket '/dev/socket/adbd', mode 660, user 1000, group 1000 00000000 0e0f0000 ffff0000 9300 3ff21105 ffff8008 3ff1d120 ffff8008 2e15d4e0 ffff8008 089f9558 ffff0000 9320 3618ac00 ffff8008 091b7860 ffff0000 3bf6ce18 ffff8008 3bf6cd30 read descriptors read strings ffff8008 9340 3acd9a30 ffff8008 00000000 00000005 00000000 00000000 095c4e58 ffff0000 9360 361c9000 ffff8008 3acd9700 ffff8008 095be4c8 ffff0000 3618ac28 ffff8008 X5: 0xffff80083ae40580: 0580 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 05a0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 05c0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 05e0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0600 03440204 ffffffff 00000000 00000000 00000000 00000000 0000000f 00000000 0620 00000001 00000000 00000000 00000030 0000010f 00000000 3ae40600 ffff8008 0640 09d7aae0 ffff0000 3a088000 ffff8008 3aa22c80 ffff8008 00000000 00000000 0660 09886e24 ffff0000 081496ec ffff0000 3b444080 ffff8008 00000000 00000000 X6: 0xffff8008380001c8: 01c8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 01e8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0208 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0228 fffffc00 ffffffff 00000000 00000000 00000000 00000000 38000248 ffff8008 0248 003f0000 00000000 380af6c0 ffff8008 09c937f0 ffff0000 38000260 ffff8008 0268 38000260 ffff8008 00000000 00000000 3a007400 ffff8008 3a007600 ffff8008 0288 3a007800 ffff8008 3a007a00 ffff8008 3a007c00 ffff8008 3a6be600 ffff8008 02a8 3ab1da00 ffff8008 3ab1dc00 ffff8008 3ab1de00 ffff8008 3ac52000 ffff8008 X8: 0xffff8008380001c8: 01c8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 01e8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0208 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0228 fffffc00 ffffffff 00000000 00000000 00000000 00000000 38000248 ffff8008 0248 003f0000 00000000 380af6c0 ffff8008 09c937f0 ffff0000 38000260 ffff8008 0268 38000260 ffff8008 00000000 00000000 3a007400 ffff8008 3a007600 ffff8008 0288 3a007800 ffff8008 3a007a00 ffff8008 3a007c00 ffff8008 3a6be600 ffff8008 02a8 3ab1da00 ffff8008 3ab1dc00 ffff8008 3ab1de00 ffff8008 3ac52000 ffff8008 X9: 0xffff8008380ae1b8: e1b8 3ae1ddd0 ffff8008 3ae1de58 ffff8008 3ae1dee0 ffff8008 3ae1df68 ffff8008 e1d8 3aad9000 ffff8008 3aad9088 ffff8008 3aad9110 ffff8008 3aad9198 ffff8008 e1f8 3aad9220 ffff8008 3aad92a8 ffff8008 3aad9330 ffff8008 3aad93b8 ffff8008 e218 00000000 00000000 00000000 00000000 00000000 00000000 380ae238 ffff8008 e238 000b0400 00000000 3802c490 ffff8008 3a081060 ffff8008 380ae250 ffff8008 e258 380ae250 ffff8008 00000000 00000000 00000000 00000000 00000000 00000000 e278 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 e298 00000000 00000000 3aea2c28 ffff8008 3aea2e28 ffff8008 00000000 00000000 X19: 0xffff8008361c8f80: 8f80 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 8fa0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 8fc0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 8fe0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9000 3ab9f410 ffff8008 3bf6b000 ffff8008 095c4e48 ffff0000 361c9378 ffff8008 9020 360ed558 ffff8008 3ab9f420 ffff8008 3a7d5800 ffff8008 09d9fa00 ffff0000 9040 361b94c8 ffff8008 00000006 00000003 00000000 00000000 00000000 00000000 9060 00000000 00000000 00000000 00000000 361c9070 ffff8008 361c9070 ffff8008 X20: 0xffff8008361c9738: 9738 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9758 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9778 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9798 0000000e 00000000 71a71600 ffff8000 00000000 00000000 00000000 00000000 97b8 044c044c 00000002 00000000 00000000 00000001 00000000 3ab9f410 ffff8008 97d8 00000001 00000000 3bf6cc70 ffff8008 3bf6c170 ffff8008 00000000 00000000 97f8 00000000 00000000 361c9800 ffff8008 361c9800 ffff8008 089b1dc8 ffff0000 9818 71a71600 ffff8000 00000000 00000000 00000000 00000000 00000000 00000000 X28: 0xffff80083bf55380: 5380 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 53a0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 53c0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 53e0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5400 00000022 00000000 ffffffff ffffffff 00010001 00000000 00000000 00000000 5420 0ffe8000 ffff0000 00000006 00404100 00000000 00000000 00000000 00000000 5440 00000001 00000000 000000e6 00000000 ffff3a2d 00000000 30c10000 ffff8008 5460 00000000 00000001 00000062 00000070 00000062 00000001 09023e38 ffff0000 Process surfaceflinger (pid: 3226, stack limit = 0xffff00000ffe8000) Call trace: Exception stack(0xffff000008003bd0 to 0xffff000008003d10) 3bc0: ffff8008361c9300 ffff00000a85e000 3be0: 0000000000000000 00000000000001c0 0000000000000000 ffff80083ae40600 3c00: ffff800838000248 0000000000000000 ffff800838000248 ffff8008380ae238 3c20: 0000000000000040 0000000000000040 0000000000010000 0000000000000000 3c40: 0000000000000000 0000ffffccae15f0 ffff0000082b54f0 0000fe6e544aee34 3c60: 0000000000000001 ffff8008361c9000 ffff8008361c97b8 0000000000000001 3c80: ffff00000a85e000 ffff000008003f24 ffff000009c6a288 ffff000009873018 3ca0: ffff000008004000 ffff000009873018 ffff80083bf55400 ffff000008003d10 3cc0: ffff0000089b0e74 ffff000008003d10 ffff0000089b0e88 00000000000001c5 3ce0: 00000000000001c0 1a8824534cfb2000 0000ffffffffffff ffff0000080f87c8 3d00: ffff000008003d10 ffff0000089b0e88 [<ffff0000089b0e88>] cdns_get_setup_ret+0x38/0x64 [<ffff0000089b2a48>] cdns_check_ep0_interrupt_proceed+0xc0/0x8dc [<ffff0000089b3508>] cdns_irq_handler_thread+0x2a4/0x4e8 [<ffff0000089afd98>] cdns3_irq+0x44/0x94 [<ffff000008145994>] __handle_irq_event_percpu+0x60/0x24c [<ffff000008145c54>] handle_irq_event+0x58/0xc0 [<ffff000008149784>] handle_fasteoi_irq+0x98/0x180 [<ffff000008144a58>] generic_handle_irq+0x24/0x38 [<ffff0000081451b8>] __handle_domain_irq+0x60/0xac [<ffff0000080819c4>] gic_handle_irq+0xd4/0x17c Signed-off-by: Peter Chen <peter.chen@nxp.com> (cherry picked from commit 6ee6e32b0c3fcbea70117eaea3c315f0e220144c)