dwc3-msm: Fix NULL pointer dereference issue

mdwc->dwc3 is seen NULL when dwc3_msm_notify_event() is getting called from dwc3 driver's probe context as mdwc->dwc3 is being initialized later. Actual call flow is as below: of_platform_populate() --> dwc3_probe() --> dwc3_gadget_core_init_mode() --> dwc3_gadget_init() --> usb_add_gadget() --> check_pending_gadget_drivers() --> udc_bind_to_driver() --> dwc3_gadget_pullup() --> __dwc3_gadget_start() --> entry___dwc3_gadget_start() --> dwc3_msm_notify_event(DWC3_CONTROLLER_SOFT_RESET) --> dwc3_device_core_soft_reset() As reference to dwc3 is already available, and there is no specific handling perform with dwc3_device_core_soft_reset() other than reconfiguring USB GSI endpoint related event buffers. Fix this issue by invoking dwc3_msm_notify_event() with DWC3_GSI_EVT_BUF_SETUP and remove usage of dwc3_device_core_soft_reset() API, and use passed dwc3 reference instead of trying to access mdwc->dwc3. Change-Id: I0b9dcc6148bebbcc3f8399c7ada4e3e298fb260f Signed-off-by: Mayank Rana <quic_mrana@quicinc.com>
2022-06-14 17:35:06 -07:00 · 2022-06-14 17:35:06 -07:00 · 7aefd1c107
commit 7aefd1c107
parent 8d95e23b2a
3 changed files with 5 additions and 14 deletions
--- a/drivers/usb/dwc3/dwc3-msm-core.c
+++ b/drivers/usb/dwc3/dwc3-msm-core.c
@ -3175,15 +3175,6 @@ static int is_diag_enabled(struct usb_composite_dev *cdev)
 	return 0;
 }

-static int dwc3_device_core_soft_reset(struct dwc3_msm *mdwc)
-{
-	struct dwc3 *dwc = platform_get_drvdata(mdwc->dwc3);
-
-	dwc3_msm_notify_event(dwc, DWC3_GSI_EVT_BUF_SETUP, 0);
-
-	return 0;
-}
-
 static void dwc3_msm_update_imem_pid(struct dwc3 *dwc)
 {
 	struct usb_composite_dev	*cdev = NULL;
@ -3443,9 +3434,6 @@ void dwc3_msm_notify_event(struct dwc3 *dwc,
 	case DWC3_IMEM_UPDATE_PID:
 		dwc3_msm_update_imem_pid(dwc);
 		break;
-	case DWC3_CONTROLLER_SOFT_RESET:
-		dwc3_device_core_soft_reset(mdwc);
-		break;
 	default:
 		dev_dbg(mdwc->dev, "unknown dwc3 event\n");
 		break;
--- a/drivers/usb/dwc3/dwc3-msm-ops.c
+++ b/drivers/usb/dwc3/dwc3-msm-ops.c
@ -135,7 +135,11 @@ static int entry___dwc3_gadget_start(struct kretprobe_instance *ri,
 {
 	struct dwc3 *dwc = (struct dwc3 *)regs->regs[0];

-	dwc3_msm_notify_event(dwc, DWC3_CONTROLLER_SOFT_RESET, 0);
+	/*
+	 * Setup USB GSI event buffer as controller soft reset has cleared
+	 * configured event buffer.
+	 */
+	dwc3_msm_notify_event(dwc, DWC3_GSI_EVT_BUF_SETUP, 0);

 	return 0;
 }
--- a/include/linux/usb/dwc3-msm.h
+++ b/include/linux/usb/dwc3-msm.h
@ -77,7 +77,6 @@ enum dwc3_notify_event {
 	DWC3_CONTROLLER_NOTIFY_DISABLE_UPDXFER,
 	DWC3_CONTROLLER_PULLUP_ENTER,
 	DWC3_CONTROLLER_PULLUP_EXIT,
-	DWC3_CONTROLLER_SOFT_RESET,

 	/* USB GSI event buffer related notification */
 	DWC3_GSI_EVT_BUF_ALLOC,