From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752702AbdKFMi6 (ORCPT <rfc822;w@1wt.eu>);
        Mon, 6 Nov 2017 07:38:58 -0500
Received: from szxga05-in.huawei.com ([45.249.212.191]:10015 "EHLO
        szxga05-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752135AbdKFMi5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 6 Nov 2017 07:38:57 -0500
Subject: Re: [PATCH v2] usb:xhci fix panic in
 xhci_free_virt_devices_depth_first
To: Greg KH <gregkh@linuxfoundation.org>
References: <20171106082023.116787-1-chenyu56@huawei.com>
 <20171106083152.GB7087@kroah.com>
 <4a9bb4fa-6e49-7d48-2127-2721bc806255@huawei.com>
 <20171106113244.GB20217@kroah.com>
CC: <wangbinghui@hisilicon.com>, <mathias.nyman@intel.com>,
        <linux-usb@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        <fanning4@hisilicon.com>, <lirui39@hisilicon.com>,
        <yangdi10@hisilicon.com>, <groeck@google.com>,
        <john.stultz@linaro.org>
From: Chen Yu <chenyu56@huawei.com>
Message-ID: <ffd36f31-dbfc-1467-0ae5-e780972ce26e@huawei.com>
Date: Mon, 6 Nov 2017 20:36:32 +0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <20171106113244.GB20217@kroah.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.142.63.192]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
        refid=str=0001.0A020202.5A0057DC.0106,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0,
        ip=0.0.0.0,
        so=2014-11-16 11:51:01,
        dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: d8f8b609eb133ec87fe8b7403a49ae0e
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 2017/11/6 19:32, Greg KH wrote:
>> A simple process is as below:
>> 	xhci_plat_probe()
>>                |
>> 	usb_add_hcd()					xhci_plat_remove()
>> 	       |						|
>> 	find some device				usb_remove_hcd()
>> 	       |						|
>> 	hub_port_connect() -> usb_alloc_dev()		usb_disconnect()
>> 	       |						|
>> 	before hub_enable_device()			xhci_stop()
>> 								|
>> 							xhci_mem_cleanup()
>> 								|
>> 							xhci_free_virt_devices_depth_first()
>> 								|
>> 							real_port is 0 access xhci->rh_bw[vdev->real_port-1]
>>
>> The problem came from https://bugs.96boards.org/show_bug.cgi?id=535
>> Also look at crbug.com/700041
> 
> Then the bug needs to be fixed, throwing a huge kernel trace message
> into the kernel log is not "fixing" the problem at all, right?
> 
> thanks,
> 
> greg k-h
> 
> .
> 

You are right, the way that xhci_plat_remove() to be called needs to be fixed.
But there is still possibility for this crash.
What do you think if just add an "xhci_warn" instead of "WARN_ON"?
+       if (!vdev->real_port) {
+               xhci_warn(xhci, "Bad vdev->real_port\n");
+               goto out;
+       }
+

Best regards
Yu Chen