summaryrefslogtreecommitdiff
path: root/drivers/usb/host/xhci-tegra.c
diff options
context:
space:
mode:
authorJon Hunter <jonathanh@nvidia.com>2020-07-15 14:38:42 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2020-07-23 14:21:01 +0300
commit0b987032f8b58ef51cc8a042f46cc0cf1f277172 (patch)
tree45b6cecf124a1103365c0f1233cf00b4255dd773 /drivers/usb/host/xhci-tegra.c
parentdbb0897e805f2ab1b8bc358f6c3d878a376b8897 (diff)
downloadlinux-0b987032f8b58ef51cc8a042f46cc0cf1f277172.tar.xz
usb: tegra: Fix allocation for the FPCI context
Commit 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB context save/restore") is using the IPFS 'num_offsets' value when allocating memory for FPCI context instead of the FPCI 'num_offsets'. After commit cad064f1bd52 ("devres: handle zero size in devm_kmalloc()") was added system suspend started failing on Tegra186. The kernel log showed that the Tegra XHCI driver was crashing on entry to suspend when attempting the save the USB context. On Tegra186, the IPFS context has a zero length but the FPCI content has a non-zero length, and because of the bug in the Tegra XHCI driver we are incorrectly allocating a zero length array for the FPCI context. The crash seen on entering suspend when we attempt to save the FPCI context and following commit cad064f1bd52 ("devres: handle zero size in devm_kmalloc()") this now causes a NULL pointer deference when we access the memory. Fix this by correcting the amount of memory we are allocating for FPCI contexts. Cc: stable@vger.kernel.org Fixes: 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB context save/restore") Signed-off-by: Jon Hunter <jonathanh@nvidia.com> Acked-by: Thierry Reding <treding@nvidia.com> Link: https://lore.kernel.org/r/20200715113842.30680-1-jonathanh@nvidia.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/usb/host/xhci-tegra.c')
-rw-r--r--drivers/usb/host/xhci-tegra.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/usb/host/xhci-tegra.c b/drivers/usb/host/xhci-tegra.c
index 2eaf5c0af80c..ee6bf01775bb 100644
--- a/drivers/usb/host/xhci-tegra.c
+++ b/drivers/usb/host/xhci-tegra.c
@@ -856,7 +856,7 @@ static int tegra_xusb_init_context(struct tegra_xusb *tegra)
if (!tegra->context.ipfs)
return -ENOMEM;
- tegra->context.fpci = devm_kcalloc(tegra->dev, soc->ipfs.num_offsets,
+ tegra->context.fpci = devm_kcalloc(tegra->dev, soc->fpci.num_offsets,
sizeof(u32), GFP_KERNEL);
if (!tegra->context.fpci)
return -ENOMEM;