Question on MLK-9618-2

todd_blanchard · ‎08-12-2019

(commit f21e960aba9618c527650cfe3a69cc3ea583ac2a)

What is the purpose of the above commit? The details surrounding it are vague, and it is not in mainline. This commit contains a blatant use-after-free:

usb_remove_hcd(hcd);
usb_put_hcd(hcd); <-- FREE
if (ci->platdata->reg_vbus && !ci_otg_is_fsm_mode(ci) &&
(ci->platdata->flags & CI_HDRC_IMX_VBUS_EARLY_ON))
regulator_disable(ci->platdata->reg_vbus);
+ if (hcd->self.is_b_host)
+ hcd->self.is_b_host = 0; <-- use-after free

Enabling SLUB_DEBUG exposes the use-after-free, and I have confirmed this is causing corruption in other, random 1024 byte slabs.

I would just revert the commit, but would like to know the problem it is trying to solve.

Thx

jimmychan · ‎08-12-2019

MLK-9618-2 usb: chipidea: otg: update is_b_host flag when setup&stop host

This patch sets and clear is_b_host flag of usb_bus when start and stop host in chipidea host driver.

todd_blanchard · ‎08-13-2019

--> "This patch sets and clear is_b_host flag of usb_bus when start and stop host in chipidea host driver."

I gathered that. But why? What problem did it solve, and why is this not on mainline (other than the obvious reason that it corrupts random slab entries)?

jimmychan · ‎08-16-2019

Could you tell me more information of your issue?

Which BSP are you using? what is the version of BSP?

Which processor are you using?

What issue you met ? is there any error message or log message?