summaryrefslogtreecommitdiff
path: root/payloads/libpayload/drivers
diff options
context:
space:
mode:
authorYidi Lin <yidilin@chromium.org>2022-08-05 15:40:48 +0800
committerMartin Roth <martin.roth@amd.corp-partner.google.com>2022-08-12 17:14:54 +0000
commit8610dd5022e0310ff36ed7132c574f65c001b1aa (patch)
treefa349e008c074563f29011e00f439e88066838c3 /payloads/libpayload/drivers
parenta4795c01ed161cb0d288272a6eaa363d26aef63d (diff)
libpayload: usbmsc: Prevent usbdisk_remove() from being called twice
When removing SD card from USB card reader, the USB MSC stack does not detach the device immediately. Instead, the USB MSC stack calls usbdisk_remove() and calls usb_msc_destroy() after several pollings. It results in usbdisk_remove() being called twice. Since the usbmsc_inst_t instance is freed after first usbdisk_remove() call, the second call invokes an invalid usbmsc_inst_t instance and causes exception in CPU. This patch prevents usbdisk_remove() from being called twice by setting usbdisk_created to zero. BUG=b:239492347 TEST=insert an empty SD card into the USB card reader then remove the SD card. AP firmware does not crash. Change-Id: I0675e9fde3e770d63dd0047928356a204245ef18 Signed-off-by: Yidi Lin <yidilin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/66449 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'payloads/libpayload/drivers')
-rw-r--r--payloads/libpayload/drivers/usb/usbmsc.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/payloads/libpayload/drivers/usb/usbmsc.c b/payloads/libpayload/drivers/usb/usbmsc.c
index 96c4946b76..75a8804b28 100644
--- a/payloads/libpayload/drivers/usb/usbmsc.c
+++ b/payloads/libpayload/drivers/usb/usbmsc.c
@@ -78,8 +78,10 @@ usb_msc_create_disk (usbdev_t *dev)
static void
usb_msc_remove_disk (usbdev_t *dev)
{
- if (MSC_INST (dev)->usbdisk_created && usbdisk_remove)
+ if (MSC_INST (dev)->usbdisk_created && usbdisk_remove) {
usbdisk_remove (dev);
+ MSC_INST (dev)->usbdisk_created = 0;
+ }
}
static void