On 1/31/22 08:32, Nitin Gupta wrote:
Dear Group Member
I came across the kernel Panic in xhci module for some of my
development activities .Issue is very random and looks like td is NULL ..
Please Review the below patch and let me know your thoughts
Can you show the panic backtrace?
Which version of FreeBSD is this?
> pepext = &sc->sc_hw.devs[index].endp[epno];
^^^ none of these structures can be NULL, when the "sc" is non-null.
Your patch doesn't look right.
--HPS
index e88a827..a6ce227 100644
--- a/sys/dev/usb/controller/xhci.c
+++ b/sys/dev/usb/controller/xhci.c
@@ -886,7 +886,7 @@ xhci_skip_transfer(struct usb_xfer *xfer)
static void
xhci_check_transfer(struct xhci_softc *sc, struct xhci_trb *trb)
{
- struct xhci_endpoint_ext *pepext;
+ struct xhci_endpoint_ext *pepext = NULL;
int64_t offset;
uint64_t td_event;
uint32_t temp;
@@ -929,6 +929,10 @@ xhci_check_transfer(struct xhci_softc *sc, struct
xhci_trb *trb
)
pepext = &sc->sc_hw.devs[index].endp[epno];
+ if (pepext == NULL) {
+ DPRINTF("pepext is Null\n");
+ return;
+ }
if (pepext->trb_ep_mode != USB_EP_MODE_STREAMS) {
stream_id = 0;
@@ -940,8 +944,8 @@ xhci_check_transfer(struct xhci_softc *sc, struct
xhci_trb *trb)
/* try to find the USB transfer that generated the event */
for (i = 0; i != (XHCI_MAX_TRANSFERS - 1); i++) {
- struct usb_xfer *xfer;
- struct xhci_td *td;
+ struct usb_xfer *xfer = NULL;
+ struct xhci_td *td = NULL;
xfer = pepext->xfer[i + (XHCI_MAX_TRANSFERS * stream_id)];
if (xfer == NULL)
@@ -949,6 +953,9 @@ xhci_check_transfer(struct xhci_softc *sc, struct
xhci_trb *trb)
td = xfer->td_transfer_cache;
Regards
Nitin
