On 22.03.2016 08:05, Lipengcheng wrote:
Hi,
Why is that function failing? That seems suspicious.
According to the analysis, in list_for_each_entry_safe(tt, n,
&xhci->rh_bw[i].tts, tt_list) function, (tt->tt_list).prev=0x0. When
list_del(&tt->tt_list) causing to core dump.
Looks like you end up calling xhci_mem_cleanup() twice, once after a failed
resume (or resume from hibernate),
and a second time when allocating dma memory in xhci_mem_init() fails.
This change should help for the xhci part of thee oops:
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index fbf75e5..406c872 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -1856,6 +1856,7 @@ no_bw:
kfree(xhci->usb3_ports);
kfree(xhci->port_array);
kfree(xhci->rh_bw);
+ xhci->rh_bw = NULL;
xhci->page_size = 0;
xhci->page_shift = 0;
3.10 also had some other similar issues when xhci_mem_init() called
xhci_mem_cleanup() failed mid initialization.
make sure you have the following patches included:
commit 5dc2808c4729bf080487e61b80ee04e0fdb12a37
xhci: delete endpoints from bandwidth list before freeing whole device
commit c207e7c50f31113c24a9f536fcab1e8a256985d7
xhci: Fix null pointer dereference if xhci initialization fails
commit 0eda06c7c17ae48d7db69beef57f6e2b20bc3c72
usb: xhci: Fix OOPS in xhci error handling code
As Oliver said, the other thing that needs to be fixed is the interruptible
sleep somewhere in
dma_alloc_coherent().
-Mathias
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
