GitLab has been upgraded to 13.3.6. If you encounter any issues mail code@riscosopen.org

Commit 841353e9 authored by Robert Sprowson's avatar Robert Sprowson Committed by ROOL

Fix for occasional NULL pointer read on timeout

The ordering of interrupts would sometimes mean the xfer was finished with while the timeout function was waiting to run, leading to an attempt to pass an empty queue (xfer->pipe->queue) to USBDriver via USBDriver_TransferComplete. This would lead to a NULL pointer read when in usbdi.c when it looked at the queue contents.
Adopt the fix from NetBSD xhci.c revision 1.96, so only do a timeout if the xfer wasn is progress.

Version 0.29. Tagged as 'XHCIDriver-0_29'
parent 239da27a
/* (0.28)
/* (0.29)
*
* This file is automatically maintained by srccommit, do not edit manually.
*
*/
#define Module_MajorVersion_CMHG 0.28
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 06 Mar 2020
#define Module_MajorVersion_CMHG 0.29
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 04 Jul 2020
#define Module_MajorVersion "0.28"
#define Module_Version 28
#define Module_MajorVersion "0.29"
#define Module_Version 29
#define Module_MinorVersion ""
#define Module_Date "06 Mar 2020"
#define Module_Date "04 Jul 2020"
#define Module_ApplicationDate "06-Mar-20"
#define Module_ApplicationDate "04-Jul-20"
#define Module_ComponentName "XHCIDriver"
#define Module_FullVersion "0.28"
#define Module_HelpVersion "0.28 (06 Mar 2020)"
#define Module_LibraryVersionInfo "0:28"
#define Module_FullVersion "0.29"
#define Module_HelpVersion "0.29 (04 Jul 2020)"
#define Module_LibraryVersionInfo "0:29"
......@@ -3711,18 +3711,18 @@ xhci_timeout(void *addr)
XHCIHIST_FUNC(); XHCIHIST_CALLED();
if (sc->sc_dying) {
return;
}
mutex_enter(&sc->sc_lock);
if (!sc->sc_dying && xfer->status == USBD_IN_PROGRESS) { /* NetBSD 1.96 */
#ifdef RISCOS
glue_abort_pipe(&xx->xx_abort_task, xhci_timeout_task, addr);
glue_abort_pipe(&xx->xx_abort_task, xhci_timeout_task, addr);
#else
usb_init_task(&xx->xx_abort_task, xhci_timeout_task, addr,
USB_TASKQ_MPSAFE);
usb_add_task(xx->xx_xfer.pipe->device, &xx->xx_abort_task,
USB_TASKQ_HC);
usb_init_task(&xx->xx_abort_task, xhci_timeout_task, addr,
USB_TASKQ_MPSAFE);
usb_add_task(xx->xx_xfer.pipe->device, &xx->xx_abort_task,
USB_TASKQ_HC);
#endif
}
mutex_exit(&sc->sc_lock);
}
static void
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment