usb: gadget: u_ether: Fix crash while enabling NCM composition
gether_setup_name_default() is called during NCM function driver init.
During NCM function driver unbind, gether_disconnect() is called which
purges the tx_skb queue. But tx_skb queue was never initialized.
Hence in some cases where adb is not running, performing a composition
switch will lead to calling of ncm unbind and ncm disable and resulting
in below crash:
ffs_function_bind_config: ffs_function_bind_config():
usb_add_function() fails (err:-19) for ffs
android_bind_enabled_functions:
android_bind_enabled_functions: ffs failed
------------[ cut here ]------------
Call trace:
[<ffffffc000088524>] dump_backtrace+0x0/0x270
[<ffffffc0000887a4>] show_stack+0x10/0x1c
[<ffffffc000bd4e94>] dump_stack+0x74/0xb8
[<ffffffc0000a0adc>] warn_slowpath_common+0x88/0xb0
[<ffffffc0000a0bc8>] warn_slowpath_null+0x14/0x20
[<ffffffc0000b4a58>] work_fixup_activate+0x64/0x94
[<ffffffc0003184d8>] debug_object_fixup+0x18/0x38
[<ffffffc000318d58>] debug_object_activate+0x13c/0x170
[<ffffffc0000b4bf4>] __queue_work+0x64/0x348
[<ffffffc0000b4f1c>] queue_work_on+0x44/0x64
[<ffffffc00064f400>] gether_disconnect+0x34/0x288
[<ffffffc000629c1c>] ncm_disable+0x5c/0x94
[<ffffffc00061e8c0>] usb_remove_function+0x20/0x58
[<ffffffc000650c34>] ncm_function_unbind_config+0x1c
[<ffffffc000651b50>] android_unbind_config+0x4c/0x70
[<ffffffc000652cc4>] android_bind_config+0xc0/0xf8
[<ffffffc00061f18c>] usb_add_config+0x78/0x24c
[<ffffffc000650628>] android_enable+0x70/0xf0
[<ffffffc000650914>] enable_store+0x138/0x250
[<ffffffc0004f715c>] dev_attr_store+0x1c/0x28
[<ffffffc0001fa7cc>] sysfs_kf_write+0x40/0x4c
[<ffffffc0001f9af4>] kernfs_fop_write+0xfc/0x144
[<ffffffc00019b984>] vfs_write+0xb8/0x194
---[ end trace e5e36033c2513f6a ]---
Fix this by initializing tx_skb queue and other necessary work queues
during ncm driver init.
Change-Id: Ib5cf0643a11107522dc4af8039dbece4a9db2991
Signed-off-by: 
Azhar Shaikh <azhars@codeaurora.org>
Loading
Please register or sign in to comment