From 2f6dfb0d5b540eab31e2b1d707c5ae913e2fba14 Mon Sep 17 00:00:00 2001 From: Oliver Neukum Date: Feb 19 2024 15:04:01 +0000 Subject: usb: musb: dsps: Fix the probe error path (git-fixes). --- diff --git a/patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch b/patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch new file mode 100644 index 0000000..ea9a350 --- /dev/null +++ b/patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch @@ -0,0 +1,71 @@ +From c2115b2b16421d93d4993f3fe4c520e91d6fe801 Mon Sep 17 00:00:00 2001 +From: Miquel Raynal +Date: Wed, 6 Oct 2021 00:16:31 +0200 +Subject: [PATCH] usb: musb: dsps: Fix the probe error path +Git-commit: c2115b2b16421d93d4993f3fe4c520e91d6fe801 +References: git-fixes +Patch-mainline: v5.15-rc6 + +Commit 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() after +initializing musb") has inverted the calls to +dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() without +updating correctly the error path. dsps_create_musb_pdev() allocates and +registers a new platform device which must be unregistered and freed +with platform_device_unregister(), and this is missing upon +dsps_setup_optional_vbus_irq() error. + +While on the master branch it seems not to trigger any issue, I observed +a kernel crash because of a NULL pointer dereference with a v5.10.70 +stable kernel where the patch mentioned above was backported. With this +kernel version, -EPROBE_DEFER is returned the first time +dsps_setup_optional_vbus_irq() is called which triggers the probe to +error out without unregistering the platform device. Unfortunately, on +the Beagle Bone Black Wireless, the platform device still living in the +system is being used by the USB Ethernet gadget driver, which during the +boot phase triggers the crash. + +My limited knowledge of the musb world prevents me to revert this commit +which was sent to silence a robot warning which, as far as I understand, +does not make sense. The goal of this patch was to prevent an IRQ to +fire before the platform device being registered. I think this cannot +ever happen due to the fact that enabling the interrupts is done by the +->enable() callback of the platform musb device, and this platform +device must be already registered in order for the core or any other +user to use this callback. + +Hence, I decided to fix the error path, which might prevent future +errors on mainline kernels while also fixing older ones. + +Fixes: 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() after initializing musb") +Cc: stable@vger.kernel.org +Signed-off-by: Miquel Raynal +Link: https://lore.kernel.org/r/20211005221631.1529448-1-miquel.raynal@bootlin.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum + +--- + drivers/usb/musb/musb_dsps.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c +index ce9fc46c9266..b5935834f9d2 100644 +--- a/drivers/usb/musb/musb_dsps.c ++++ b/drivers/usb/musb/musb_dsps.c +@@ -899,11 +899,13 @@ static int dsps_probe(struct platform_device *pdev) + if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) { + ret = dsps_setup_optional_vbus_irq(pdev, glue); + if (ret) +- goto err; ++ goto unregister_pdev; + } + + return 0; + ++unregister_pdev: ++ platform_device_unregister(glue->musb); + err: + pm_runtime_disable(&pdev->dev); + iounmap(glue->usbss_base); +-- +2.43.0 + diff --git a/series.conf b/series.conf index 13a9dc7..5f4d90e 100644 --- a/series.conf +++ b/series.conf @@ -62310,6 +62310,7 @@ patches.suse/Input-xpad-add-support-for-another-USB-ID-of-Nacon-G.patch patches.suse/USB-xhci-dbc-fix-tty-registration-race.patch patches.suse/xhci-Enable-trust-tx-length-quirk-for-Fresco-FL11-US.patch + patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch patches.suse/USB-serial-option-add-Telit-LE910Cx-composition-0x12.patch patches.suse/USB-serial-option-add-prod.-id-for-Quectel-EG91.patch patches.suse/USB-serial-option-add-Quectel-EC200S-CN-module-suppo.patch