Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp407005ybh;
        Wed, 15 Jul 2020 05:18:48 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyoLzcEMt+FVO5ODXMuNJKyqZYZ7ULRzm32G9gI4lAAyw+OfQQnjjwYGmz4NV8GmFWuHEeR
X-Received: by 2002:a17:906:c007:: with SMTP id e7mr8883396ejz.481.1594815528188;
        Wed, 15 Jul 2020 05:18:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594815528; cv=none;
        d=google.com; s=arc-20160816;
        b=VVrLBgnIb/77UO4v07w3Lgw6MO9EeWgLthjz5s8OAvDlivZPlp/d6c0YSS4sh6qYj5
         lf8EKUAGIlecno4KvCq0+zEQvHsAz1Xa3vKS2XMoFu1RusCe8+/t8qDDUxp1txLiUIBu
         Vs5EIw3KaWcqF4kBOvIfgUcA0l/Jz9Tfhv2rB6KNvdFNUs1QEAkhAaoPA3rY3Y3ae7Sy
         xer5cEpBoEV1E3PGxOkWlUljF0KdB4JE1A6tGzUOUHUgXN8xRvu6Y9blUJUNURMRLQp3
         O00rV6o+NJVB2M+k/eR0OkwIMXMIUAxf4rvpgQ+knZQUuVM8Wom4JbIVz/ku601y7Nd0
         RCvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:dkim-signature:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from;
        bh=uuPzFrd79X6snwWrV1rXcJChGJVyio56NAiQtRIpVMc=;
        b=pppNm1+IxfyBFcHGYwlXkxl7HcIbgp9HpV8B/jqnzTpnThwp/qZo5e+iMILfA9pekp
         WPSn+w8KYfT7U9J0iiTNBU8MYYS871QRZlWXQZHkbz3VfiWWHdF3utrF6KzfxPAjsdXi
         lc+Fc2zJgMSXTnYU1v4N3fGLccEZibXQoWp1lgXeg1MMb9EJh7+kOMy7Ul1fnOfjuJxk
         M96WPu/96wEIWbGdPzNIVJo4ie7T06KXPvyvc7OQyjBa+EtYNPqG8e34KHHxIZ1Bynlz
         w4/PdGqj0j2/APTukcdt7tYWnqFVPK5rmMlQTFuLbQ7+P8vCpel0X6jNIDxy98tjSJIV
         WFdg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@nvidia.com header.s=n1 header.b=KMonAL2N;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id s24si1115704ejd.704.2020.07.15.05.18.24;
        Wed, 15 Jul 2020 05:18:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@nvidia.com header.s=n1 header.b=KMonAL2N;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729336AbgGOLjR (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 15 Jul 2020 07:39:17 -0400
Received: from hqnvemgate24.nvidia.com ([216.228.121.143]:15656 "EHLO
        hqnvemgate24.nvidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725924AbgGOLjR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 15 Jul 2020 07:39:17 -0400
Received: from hqpgpgate102.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate24.nvidia.com (using TLS: TLSv1.2, DES-CBC3-SHA)
        id <B5f0eea730001>; Wed, 15 Jul 2020 04:37:23 -0700
Received: from hqmail.nvidia.com ([172.20.161.6])
  by hqpgpgate102.nvidia.com (PGP Universal service);
  Wed, 15 Jul 2020 04:39:17 -0700
X-PGP-Universal: processed;
        by hqpgpgate102.nvidia.com on Wed, 15 Jul 2020 04:39:17 -0700
Received: from HQMAIL107.nvidia.com (172.20.187.13) by HQMAIL109.nvidia.com
 (172.20.187.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 15 Jul
 2020 11:39:12 +0000
Received: from rnnvemgw01.nvidia.com (10.128.109.123) by HQMAIL107.nvidia.com
 (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend
 Transport; Wed, 15 Jul 2020 11:39:12 +0000
Received: from moonraker.nvidia.com (Not Verified[10.26.73.219]) by rnnvemgw01.nvidia.com with Trustwave SEG (v7,5,8,10121)
        id <B5f0eeade0000>; Wed, 15 Jul 2020 04:39:11 -0700
From:   Jon Hunter <jonathanh@nvidia.com>
To:     Mathias Nyman <mathias.nyman@intel.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Thierry Reding <thierry.reding@gmail.com>
CC:     <linux-tegra@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        Jon Hunter <jonathanh@nvidia.com>, <stable@vger.kernel.org>
Subject: [PATCH V2] usb: tegra: Fix allocation for the FPCI context
Date:   Wed, 15 Jul 2020 12:38:42 +0100
Message-ID: <20200715113842.30680-1-jonathanh@nvidia.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200712102837.24340-1-jonathanh@nvidia.com>
References: <20200712102837.24340-1-jonathanh@nvidia.com>
X-NVConfidentiality: public
MIME-Version: 1.0
Content-Type: text/plain
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1;
        t=1594813043; bh=uuPzFrd79X6snwWrV1rXcJChGJVyio56NAiQtRIpVMc=;
        h=X-PGP-Universal:From:To:CC:Subject:Date:Message-ID:X-Mailer:
         In-Reply-To:References:X-NVConfidentiality:MIME-Version:
         Content-Type;
        b=KMonAL2NbiHVsPl3rkICVkx73w8mC+CLtMefaqfM1KgIRQsRrVud30eixHuu3Zm0c
         YF5DXh1QC43if5k/v50J6t7ajWSsTt0YEaXxyENBVBSLRIAobeVQU4FNheHuVb9R0R
         Ay+/3YyQaGcMePqWIvUGnW9YuKZDNvaWBjC/F1ziF5ga3sGJiPjpzODCiRqJv33TRU
         6KsW+6oeB85vHFI9FRD0Z1gizhPwW6g4hwh+NzsYUQHknuqsSK8eUX9UOEVEIjKrOb
         uXM1GjDqHQts882dmRP3XnmWs6AJ/Ts1co3nV0WlbuQi9aPjL6KJms8FtLivukX/lf
         p6rf6QuZ1gMHA==
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Commit 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB
context save/restore") is using the IPFS 'num_offsets' value when
allocating memory for FPCI context instead of the FPCI 'num_offsets'.

After commit cad064f1bd52 ("devres: handle zero size in devm_kmalloc()")
was added system suspend started failing on Tegra186. The kernel log
showed that the Tegra XHCI driver was crashing on entry to suspend when
attempting the save the USB context. On Tegra186, the IPFS context has a
zero length but the FPCI content has a non-zero length, and because of
the bug in the Tegra XHCI driver we are incorrectly allocating a zero
length array for the FPCI context. The crash seen on entering suspend
when we attempt to save the FPCI context and following commit
cad064f1bd52 ("devres: handle zero size in devm_kmalloc()") this now
causes a NULL pointer deference when we access the memory. Fix this by
correcting the amount of memory we are allocating for FPCI contexts.

Cc: stable@vger.kernel.org

Fixes: 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB context save/restore")

Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Acked-by: Thierry Reding <treding@nvidia.com>
---

Changes since V1:
- Corrected commit message
- Added Thierry's ACK

 drivers/usb/host/xhci-tegra.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/host/xhci-tegra.c b/drivers/usb/host/xhci-tegra.c
index 9ce28ab47f4b..014d79334f50 100644
--- a/drivers/usb/host/xhci-tegra.c
+++ b/drivers/usb/host/xhci-tegra.c
@@ -856,7 +856,7 @@ static int tegra_xusb_init_context(struct tegra_xusb *tegra)
 	if (!tegra->context.ipfs)
 		return -ENOMEM;
 
-	tegra->context.fpci = devm_kcalloc(tegra->dev, soc->ipfs.num_offsets,
+	tegra->context.fpci = devm_kcalloc(tegra->dev, soc->fpci.num_offsets,
 					   sizeof(u32), GFP_KERNEL);
 	if (!tegra->context.fpci)
 		return -ENOMEM;
-- 
2.17.1