linux/drivers/usb
Peter Chen 4fde6204df usb: gadget: f_uac1: access freed memory at f_audio_free_inst
At f_audio_free_inst, it tries to access struct gaudio *card which is
freed at f_audio_free, it causes below oops if the audio device is not
there (do unload module may trigger the same problem). The gaudio_cleanup
is related to function, so it is better move to f_audio_free.

root@freescale ~$ modprobe g_audio
[  751.968931] g_audio gadget: unable to open sound control device file: /dev/snd/controlC0
[  751.977134] g_audio gadget: we need at least one control device
[  751.988633] Unable to handle kernel paging request at virtual address 455f448e
[  751.995963] pgd = bd42c000
[  751.998681] [455f448e] *pgd=00000000
[  752.002383] Internal error: Oops: 5 [#1] SMP ARM
[  752.007008] Modules linked in: usb_f_uac1 g_audio(+) usb_f_mass_storage libcomposite configfs [last unloaded: g_mass_storage]
[  752.018427] CPU: 0 PID: 692 Comm: modprobe Not tainted 3.18.0-rc4-00345-g842f57b #10
[  752.026176] task: bdb3ba80 ti: bd41a000 task.ti: bd41a000
[  752.031590] PC is at filp_close+0xc/0x84
[  752.035530] LR is at gaudio_cleanup+0x28/0x54 [usb_f_uac1]
[  752.041023] pc : [<800ec94c>]    lr : [<7f03c63c>]    psr: 20000013
[  752.041023] sp : bd41bcc8  ip : bd41bce8  fp : bd41bce4
[  752.052504] r10: 7f036234  r9 : 7f036220  r8 : 7f036500
[  752.057732] r7 : bd456480  r6 : 7f036500  r5 : 7f03626c  r4 : bd441000
[  752.064264] r3 : 7f03b3dc  r2 : 7f03cab0  r1 : 00000000  r0 : 455f4456
[  752.070798] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[  752.077938] Control: 10c5387d  Table: bd42c04a  DAC: 00000015
[  752.083688] Process modprobe (pid: 692, stack limit = 0xbd41a240)
[  752.089786] Stack: (0xbd41bcc8 to 0xbd41c000)
[  752.094152] bcc0:                   7f03b3dc bd441000 7f03626c 7f036500 bd41bcfc bd41bce8
[  752.102337] bce0: 7f03c63c 800ec94c 7f03b3dc bdaa6b00 bd41bd14 bd41bd00 7f03b3f4 7f03c620
[  752.110521] bd00: 7f03b3dc 7f03cbd4 bd41bd2c bd41bd18 7f00f88c 7f03b3e8 00000000 fffffffe
[  752.118705] bd20: bd41bd5c bd41bd30 7f0380d8 7f00f874 7f038000 bd456480 7f036364 be392240
[  752.126889] bd40: 00000000 7f00f620 7f00f638 bd41a008 bd41bd94 bd41bd60 7f00f6d4 7f03800c
[  752.135073] bd60: 00000001 00000000 8047438c be3a4000 7f036364 7f036364 7f00db28 7f00f620
[  752.143257] bd80: 7f00f638 bd41a008 bd41bdb4 bd41bd98 804742ac 7f00f644 00000000 809adde0
[  752.151442] bda0: 7f036364 7f036364 bd41bdcc bd41bdb8 804743c8 80474284 7f03633c 7f036200
[  752.159626] bdc0: bd41bdf4 bd41bdd0 7f00d5b4 8047435c bd41a000 80974060 7f038158 00000000
[  752.167811] bde0: 80974060 bdaa9940 bd41be04 bd41bdf8 7f03816c 7f00d518 bd41be8c bd41be08
[  752.175995] be00: 80008a5c 7f038164 be001f00 7f0363c4 bd41bf48 00000000 bd41be54 bd41be28
[  752.184179] be20: 800e9498 800e8e74 00000002 00000003 bd4129c0 c0a07000 00000001 7f0363c4
[  752.192363] be40: bd41bf48 00000000 bd41be74 bd41be58 800de780 800e9320 bd41a000 7f0363d0
[  752.200547] be60: 00000000 bd41a000 7f0363d0 00000000 bd41beec 7f0363c4 bd41bf48 00000000
[  752.208731] be80: bd41bf44 bd41be90 80093e54 800089e0 ffff8000 00007fff 80091390 0000065f
[  752.216915] bea0: 00000000 c0a0834c bd41bf7c 00000086 bd41bf50 00000000 7f03651c 00000086
[  752.225099] bec0: bd41a010 00c28758 800ddcc4 800ddae0 000000d2 bd412a00 bd41bf24 00000000
[  752.233283] bee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  752.241467] bf00: 00000000 00000000 00000000 00000000 00000000 00000000 bd41bf44 000025b0
[  752.249651] bf20: 00c28a08 00c28758 00000080 8000edc4 bd41a000 00000000 bd41bfa4 bd41bf48
[  752.257835] bf40: 800943e4 800932ec c0a07000 000025b0 c0a07f8c c0a07ea4 c0a08e5c 0000051c
[  752.266019] bf60: 0000088c 00000000 00000000 00000000 00000018 00000019 00000010 0000000b
[  752.274203] bf80: 00000009 00000000 00000000 000025b0 00000000 00c28758 00000000 bd41bfa8
[  752.282387] bfa0: 8000ec00 8009430c 000025b0 00000000 00c28a08 000025b0 00c28758 00c28980
[  752.290571] bfc0: 000025b0 00000000 00c28758 00000080 000a6a78 00000007 00c28718 00c28980
[  752.298756] bfe0: 7ebc1af0 7ebc1ae0 0001a32c 76e9c490 60000010 00c28a08 22013510 ecebffff
[  752.306933] Backtrace:
[  752.309414] [<800ec940>] (filp_close) from [<7f03c63c>] (gaudio_cleanup+0x28/0x54 [usb_f_uac1])
[  752.318115]  r6:7f036500 r5:7f03626c r4:bd441000 r3:7f03b3dc
[  752.323851] [<7f03c614>] (gaudio_cleanup [usb_f_uac1]) from [<7f03b3f4>] (f_audio_free_inst+0x18/0x68 [usb_f_uac1])
[  752.334288]  r4:bdaa6b00 r3:7f03b3dc
[  752.337931] [<7f03b3dc>] (f_audio_free_inst [usb_f_uac1]) from [<7f00f88c>] (usb_put_function_instance+0x24/0x30 [libcomposite])
[  752.349498]  r4:7f03cbd4 r3:7f03b3dc
[  752.353127] [<7f00f868>] (usb_put_function_instance [libcomposite]) from [<7f0380d8>] (audio_bind+0xd8/0xfc [g_audio])
[  752.363824]  r4:fffffffe r3:00000000
[  752.367456] [<7f038000>] (audio_bind [g_audio]) from [<7f00f6d4>] (composite_bind+0x9c/0x1e8 [libcomposite])
[  752.377284]  r10:bd41a008 r9:7f00f638 r8:7f00f620 r7:00000000 r6:be392240 r5:7f036364
[  752.385193]  r4:bd456480 r3:7f038000
[  752.388825] [<7f00f638>] (composite_bind [libcomposite]) from [<804742ac>] (udc_bind_to_driver+0x34/0xd8)
[  752.398394]  r10:bd41a008 r9:7f00f638 r8:7f00f620 r7:7f00db28 r6:7f036364 r5:7f036364
[  752.406302]  r4:be3a4000
[  752.408860] [<80474278>] (udc_bind_to_driver) from [<804743c8>] (usb_gadget_probe_driver+0x78/0xa8)
[  752.417908]  r6:7f036364 r5:7f036364 r4:809adde0 r3:00000000
[  752.423649] [<80474350>] (usb_gadget_probe_driver) from [<7f00d5b4>] (usb_composite_probe+0xa8/0xd4 [libcomposite])
[  752.434086]  r5:7f036200 r4:7f03633c
[  752.437713] [<7f00d50c>] (usb_composite_probe [libcomposite]) from [<7f03816c>] (audio_driver_init+0x14/0x1c [g_audio])
[  752.448498]  r9:bdaa9940 r8:80974060 r7:00000000 r6:7f038158 r5:80974060 r4:bd41a000
[  752.456330] [<7f038158>] (audio_driver_init [g_audio]) from [<80008a5c>] (do_one_initcall+0x88/0x1d4)
[  752.465564] [<800089d4>] (do_one_initcall) from [<80093e54>] (load_module+0xb74/0x1020)
[  752.473571]  r10:00000000 r9:bd41bf48 r8:7f0363c4 r7:bd41beec r6:00000000 r5:7f0363d0
[  752.481478]  r4:bd41a000
[  752.484037] [<800932e0>] (load_module) from [<800943e4>] (SyS_init_module+0xe4/0xf8)
[  752.491781]  r10:00000000 r9:bd41a000 r8:8000edc4 r7:00000080 r6:00c28758 r5:00c28a08
[  752.499689]  r4:000025b0
[  752.502252] [<80094300>] (SyS_init_module) from [<8000ec00>] (ret_fast_syscall+0x0/0x48)
[  752.510345]  r6:00c28758 r5:00000000 r4:000025b0
[  752.515013] Code: 808475b4 e1a0c00d e92dd878 e24cb004 (e5904038)
[  752.521223] ---[ end trace 70babe34de4ab99b ]---
Segmentation fault

Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-12-22 10:26:04 -06:00
..
atm
c67x00 usb: c67x00: drop owner assignment from platform_drivers 2014-10-20 16:21:46 +02:00
chipidea Driver core patches for 3.19-rc1 2014-12-14 16:10:09 -08:00
class USB: cdc-acm: check for valid interfaces 2014-11-24 17:21:42 -08:00
common usb: move the OTG state from the USB PHY to the OTG structure 2014-11-03 10:01:25 -06:00
core More ACPI and power management updates for 3.19-rc1 2014-12-18 20:28:33 -08:00
dwc2 usb: patches for v3.19 merge window 2014-11-25 09:31:14 -08:00
dwc3 Merge 3.18-rc7 into usb-next 2014-11-30 19:21:03 -08:00
early
gadget usb: gadget: f_uac1: access freed memory at f_audio_free_inst 2014-12-22 10:26:04 -06:00
host PM: Eliminate CONFIG_PM_RUNTIME 2014-12-19 22:55:06 +01:00
image
misc Driver core patches for 3.19-rc1 2014-12-14 16:10:09 -08:00
mon
musb usb: musb: Fix a few off-by-one lengths 2014-12-22 10:25:37 -06:00
phy More ACPI and power management updates for 3.19-rc1 2014-12-18 20:28:33 -08:00
renesas_usbhs usb: renesas_usbhs: expand USB-DMAC channels for R-Car Gen2 2014-11-12 09:11:31 -06:00
serial USB patches for 3.19-rc1 2014-12-14 14:57:16 -08:00
storage More ACPI and power management updates for 3.19-rc1 2014-12-18 20:28:33 -08:00
usbip Driver core patches for 3.19-rc1 2014-12-14 16:10:09 -08:00
wusbcore wusb: replace memset by memzero_explicit 2014-12-02 16:15:02 -08:00
Kconfig usb: Add LED triggers for USB activity 2014-09-25 17:05:12 +02:00
Makefile usbip: move usbip kernel code out of staging 2014-08-25 10:40:06 -07:00
README usb: hub: rename khubd to hub_wq in documentation and comments 2014-09-23 22:33:19 -07:00
usb-skeleton.c

To understand all the Linux-USB framework, you'll use these resources:

    * This source code.  This is necessarily an evolving work, and
      includes kerneldoc that should help you get a current overview.
      ("make pdfdocs", and then look at "usb.pdf" for host side and
      "gadget.pdf" for peripheral side.)  Also, Documentation/usb has
      more information.

    * The USB 2.0 specification (from www.usb.org), with supplements
      such as those for USB OTG and the various device classes.
      The USB specification has a good overview chapter, and USB
      peripherals conform to the widely known "Chapter 9".

    * Chip specifications for USB controllers.  Examples include
      host controllers (on PCs, servers, and more); peripheral
      controllers (in devices with Linux firmware, like printers or
      cell phones); and hard-wired peripherals like Ethernet adapters.

    * Specifications for other protocols implemented by USB peripheral
      functions.  Some are vendor-specific; others are vendor-neutral
      but just standardized outside of the www.usb.org team.

Here is a list of what each subdirectory here is, and what is contained in
them.

core/		- This is for the core USB host code, including the
		  usbfs files and the hub class driver ("hub_wq").

host/		- This is for USB host controller drivers.  This
		  includes UHCI, OHCI, EHCI, and others that might
		  be used with more specialized "embedded" systems.

gadget/		- This is for USB peripheral controller drivers and
		  the various gadget drivers which talk to them.


Individual USB driver directories.  A new driver should be added to the
first subdirectory in the list below that it fits into.

image/		- This is for still image drivers, like scanners or
		  digital cameras.
../input/	- This is for any driver that uses the input subsystem,
		  like keyboard, mice, touchscreens, tablets, etc.
../media/	- This is for multimedia drivers, like video cameras,
		  radios, and any other drivers that talk to the v4l
		  subsystem.
../net/		- This is for network drivers.
serial/		- This is for USB to serial drivers.
storage/	- This is for USB mass-storage drivers.
class/		- This is for all USB device drivers that do not fit
		  into any of the above categories, and work for a range
		  of USB Class specified devices. 
misc/		- This is for all USB device drivers that do not fit
		  into any of the above categories.