mirros/rockchip-kernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ANDROID: usb: host: Use old init scheme when hook unavailable

Browse Source 
In cases where the new xhci hooks are unimplemented, ctx->bytes may
never be initialized, leading to null pointer crashes. Fix this by only
calling xhci_vendor_alloc/free_container_ctx when the corresponding hook
is present.

Bug: 185191548
Signed-off-by: J. Avila <elavila@google.com>
Change-Id: Ia77b0815ddc8bc340a286731558c754c779e883a
This commit is contained in:
J. Avila
2021-04-13 19:24:57 +00:00
parent 6aee238019
commit 01a0d1ea31
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
drivers/usb/host/xhci-mem.c
View File

@@ -528,6 +528,7 @@ struct xhci_container_ctx *xhci_alloc_container_ctx(struct xhci_hcd *xhci,
{ {
struct xhci_container_ctx *ctx; struct xhci_container_ctx *ctx;
struct device *dev = xhci_to_hcd(xhci)->self.sysdev; struct device *dev = xhci_to_hcd(xhci)->self.sysdev;
struct xhci_vendor_ops *ops = xhci_vendor_get_ops(xhci);
if ((type != XHCI_CTX_TYPE_DEVICE) && (type != XHCI_CTX_TYPE_INPUT)) if ((type != XHCI_CTX_TYPE_DEVICE) && (type != XHCI_CTX_TYPE_INPUT))
return NULL; return NULL;
@@ -541,7 +542,8 @@ struct xhci_container_ctx *xhci_alloc_container_ctx(struct xhci_hcd *xhci,
if (type == XHCI_CTX_TYPE_INPUT) if (type == XHCI_CTX_TYPE_INPUT)
ctx->size += CTX_SIZE(xhci->hcc_params); ctx->size += CTX_SIZE(xhci->hcc_params);
if (xhci_vendor_is_usb_offload_enabled(xhci, NULL, 0)) if (xhci_vendor_is_usb_offload_enabled(xhci, NULL, 0) &&
(ops && ops->alloc_container_ctx))
xhci_vendor_alloc_container_ctx(xhci, ctx, type, flags); xhci_vendor_alloc_container_ctx(xhci, ctx, type, flags);
else else
ctx->bytes = dma_pool_zalloc(xhci->device_pool, flags, &ctx->dma); ctx->bytes = dma_pool_zalloc(xhci->device_pool, flags, &ctx->dma);
@@ -556,9 +558,12 @@ struct xhci_container_ctx *xhci_alloc_container_ctx(struct xhci_hcd *xhci,
void xhci_free_container_ctx(struct xhci_hcd *xhci, void xhci_free_container_ctx(struct xhci_hcd *xhci,
struct xhci_container_ctx *ctx) struct xhci_container_ctx *ctx)
{ {
struct xhci_vendor_ops *ops = xhci_vendor_get_ops(xhci);
if (!ctx) if (!ctx)
return; return;
if (xhci_vendor_is_usb_offload_enabled(xhci, NULL, 0)) if (xhci_vendor_is_usb_offload_enabled(xhci, NULL, 0) &&
(ops && ops->free_container_ctx))
xhci_vendor_free_container_ctx(xhci, ctx); xhci_vendor_free_container_ctx(xhci, ctx);
else else
dma_pool_free(xhci->device_pool, ctx->bytes, ctx->dma); dma_pool_free(xhci->device_pool, ctx->bytes, ctx->dma);