Re: [RFT PATCH 1/2] xhci: Reconfigure endpoint 0 max packet size only during endpoint reset

[Mathias Nyman]

> > +       ep_index = xhci_get_endpoint_index(&host_ep->desc);
> > +
> > +       /*
> > +        * Usb core assumes a max packet value for ep0 on FS devices until the
> > +        * real value is read from the descriptor. Core resets Ep0 if values
> > +        * mismatch. Reconfigure the xhci ep0 endpoint context here in that case
> > +        */
> > +       if (usb_endpoint_xfer_control(&host_ep->desc) && ep_index == 0) {
> > +               udev = container_of(host_ep, struct usb_device, ep0);
> > +               if (udev->speed == USB_SPEED_FULL)
> > +                       xhci_check_ep0_maxpacket(xhci, xhci->devs[udev->slot_id]);
> > +               /* Nothing else should be done here for ep0 during ep reset */
> > +               return;
> > +       }
> > +
>
> Could there be a race condition between the xhci_endpoint_reset() and
> xhci_free_dev() functions, resulting in the xhci->devs[udev->slot_id]
> becoming null?
> If so, a null pointer dereference will happen in
> xhci_check_ep0_maxpacket() when accessing vdev->out_ctx.

should not race. xhci_free_dev() and xhci_endpoint_reset() for endpoint 0 should only
be called by hub driver hub_free_dev() and usb_ep0_reinit() respectively.

Hub driver takes care of concurrency for these

Thanks
Mathias