On Wed, 25 Feb 2015, Devin Heitmueller wrote:
> Hi Alan,
>
> I think I see what's going on. Permit me to comment on your
> explanation of urb->use_count first, since it's relevant later on.
I won't go over this in great detail, because I think your proposed
explanation is wrong. My impression
Hi Alan,
I think I see what's going on. Permit me to comment on your
explanation of urb->use_count first, since it's relevant later on.
> Here's the story:
>
> A new URB has its use_count set to 0 by usb_init_urb.
>
> The use_count is incremented when the URB is submitted,
>
On Mon, 23 Feb 2015, Devin Heitmueller wrote:
> > Good suggestion. I'll add code to print it out before and after
> > usb_kill_urb(), as well as from within the the IRQ handler and right
> > before the call to usb_free_urb().
>
> Added a quick debug line right before the call to usb_urb_kill(),
> Good suggestion. I'll add code to print it out before and after
> usb_kill_urb(), as well as from within the the IRQ handler and right
> before the call to usb_free_urb().
Added a quick debug line right before the call to usb_urb_kill(),
thinking that perhaps one of the things checked for at th
On Fri, 20 Feb 2015, Devin Heitmueller wrote:
> > If you want to trace things in greater detail, look at the value of
> > urb->use_count at various points. usb_kill_urb won't return until the
> > value reaches 0, which should not occur until well after
> > usb_hcd_unlink_urb_from_ep returns.
>
>
> But the fact that the call stack passes through qh_completions and
> ehci_unlink_async means that the URB in question is _not_ isochronous
> (or interrupt for that matter). Does that help?
Doh. My mistake. Of course it's a bulk endpoint. This is the price
I pay for working on two different U
On Fri, 20 Feb 2015, Devin Heitmueller wrote:
> Hi there,
>
> I've been trying to track down some memory corruption in my driver for
> the HVR-950q related to dequeueing of ISOC URBs when shutting down the
> stream. I enabled SLUB poisoning, and I'm seeing a use-after-free
> condition in the EHC
Hi there,
I've been trying to track down some memory corruption in my driver for
the HVR-950q related to dequeueing of ISOC URBs when shutting down the
stream. I enabled SLUB poisoning, and I'm seeing a use-after-free
condition in the EHCI driver. See below.
Based on my read of the stack, it lo
