From 8a007748fbadb8317d0af289f3bca5694354d63a Mon Sep 17 00:00:00 2001 From: Sarah Sharp Date: Fri, 30 Apr 2010 15:37:56 -0700 Subject: [PATCH] USB: xhci: Avoid double free after streams are disabled. When a device is disconnected, xhci_free_virt_device() is called. Ramya found that if the device had streams enabled, and then the driver freed the streams with a call to usb_free_streams(), then about a minute after he had called this, his machine crashed with a Bad DMA error. It turns out that xhci_free_virt_device() would attempt to free the endpoint's stream_info data structure if it wasn't NULL, and the free streams function was not setting it to NULL after freeing it. Signed-off-by: Sarah Sharp Tested-by: Ramya Desai Signed-off-by: Greg Kroah-Hartman --- drivers/usb/host/xhci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 59f38a5f2fe..a9b836d4b29 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1746,6 +1746,7 @@ cleanup: for (i = 0; i < num_eps; i++) { ep_index = xhci_get_endpoint_index(&eps[i]->desc); xhci_free_stream_info(xhci, vdev->eps[ep_index].stream_info); + vdev->eps[ep_index].stream_info = NULL; /* FIXME Unset maxPstreams in endpoint context and * update deq ptr to point to normal string ring. */ @@ -1826,6 +1827,7 @@ int xhci_free_streams(struct usb_hcd *hcd, struct usb_device *udev, for (i = 0; i < num_eps; i++) { ep_index = xhci_get_endpoint_index(&eps[i]->desc); xhci_free_stream_info(xhci, vdev->eps[ep_index].stream_info); + vdev->eps[ep_index].stream_info = NULL; /* FIXME Unset maxPstreams in endpoint context and * update deq ptr to point to normal string ring. */ -- 2.11.4.GIT