[v2] phy: Fix db410c crash issue during usb_stop

JianfengA.Zhu at sony.com JianfengA.Zhu at sony.com
Thu Nov 21 06:52:15 CET 2024 

usb stop crash log
====================================================================
dragonboard410c => usb start
starting USB...
Bus usb at 78d9000: USB EHCI 1.00
scanning bus usb at 78d9000 for devices... 4 USB Device(s) found
       scanning usb for storage devices... 0 Storage Device(s) found
dragonboard410c => usb stop
stopping USB..
"Synchronous Abort" handler, esr 0x96000007, far 0x0
elr: 000000008f636a28 lr : 000000008f636a24 (reloc)
elr: 00000000bd97ea28 lr : 00000000bd97ea24
x0 : 0000000000000000 x1 : 00000000bd1494d0
x2 : 0000000000000000 x3 : 0000000000001f40
x4 : 00000000bd131990 x5 : 00000000bd157b70
x6 : 0000000000000041 x7 : 00000000bd163b80
x8 : 00000000bd131db0 x9 : 000000000000b65c
x10: 00000000bd13183c x11: 0000000000000006
x12: 000000000001869f x13: 0000000000000061
x14: 00000000ffffffff x15: 00000000bd1317b8
x16: 00000000bd9b78ac x17: 0000000000000000
x18: 00000000bd143d90 x19: 00000000bd1575d8
x20: 00000000bd1575d8 x21: 00000000bd157440
x22: 00000000bd1493b0 x23: 0000000000000002
x24: 00000000bd9eb910 x25: 0000000000000000
x26: 0000000000000000 x27: 0000000000000000
x28: 00000000bd158540 x29: 00000000bd131980

Code: f9400000 b4000120 97ffdd1e aa0003e2 (f9400001)
Resetting CPU ...

resetting ...
====================================================================

After commit ed8fbd2889fc ("dts: msm8916: replace with upstream DTS")
msm8916_usbphy will be defined as a child device of usb at 78d9000. When
calling usb stop, usb at 78d9000 will be removed. During the removal process,
the sub-device msm8916_usbphy will be removed first. In the subsequent
remove process, the uclass_priv_ of msm8916_usbphy will be accessed again.
Because uclass_priv_ is NULL at this time, it will cause a crash.

Detailed calling process
====================================================================
usb_stop (drivers/usb/host/usb-uclass.c)
|-> device_remove(bus, DM_REMOVE_NORMAL); <== remove ehci_msm
.|-> device_chld_remove <== remove msm8916_usbphy
. |-> device_remove
.  |-> device_free(dev);
.   |-> dev_set_uclass_priv(dev, NULL);
.    |-> dev->uclass_priv_ = uclass_priv; <== uclass_priv is NULL
|-> drv->remove(dev);
 |-> ehci_usb_remove
  |-> generic_shutdown_phy
   |-> generic_shutdown_phy
    |-> phy_get_counts
     |-> dev_get_uclass_priv
      |-> dm_priv_to_rw(dev->uclass_priv_); <== NULL pointer access
====================================================================

Fix: Move the usb phy node out of the usb control.

Signed-off-by: Jianfeng Zhu <JianfengA.Zhu at sony.com>
Reviewed-by: Jacky Cao <Jacky.Cao at sony.com>
Reviewed-by: Toyama, Yoshihiro <Yoshihiro.Toyama at sony.com>
---
 drivers/phy/qcom/msm8916-usbh-phy.c      |  2 +-
 dts/upstream/src/arm64/qcom/msm8916.dtsi | 30 +++++++++++-------------
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/drivers/phy/qcom/msm8916-usbh-phy.c b/drivers/phy/qcom/msm8916-usbh-phy.c
index 4b435aa2a6e..42ed7a6bee4 100644
--- a/drivers/phy/qcom/msm8916-usbh-phy.c
+++ b/drivers/phy/qcom/msm8916-usbh-phy.c
@@ -73,7 +73,7 @@ static int msm_phy_probe(struct udevice *dev)
 {
 	struct msm_phy_priv *priv = dev_get_priv(dev);
 
-	priv->regs = dev_remap_addr(dev_get_parent(dev));
+	priv->regs = dev_remap_addr(dev);
 	if (!priv->regs)
 		return -EINVAL;
 
diff --git a/dts/upstream/src/arm64/qcom/msm8916.dtsi b/dts/upstream/src/arm64/qcom/msm8916.dtsi
index 7383bcc603a..6f6152d6039 100644
--- a/dts/upstream/src/arm64/qcom/msm8916.dtsi
+++ b/dts/upstream/src/arm64/qcom/msm8916.dtsi
@@ -2395,7 +2395,6 @@
 			assigned-clock-rates = <80000000>;
 			resets = <&gcc GCC_USB_HS_BCR>;
 			reset-names = "core";
-			phy_type = "ulpi";
 			dr_mode = "otg";
 			hnp-disable;
 			srp-disable;
@@ -2405,22 +2404,21 @@
 			phys = <&usb_hs_phy>;
 			status = "disabled";
 			#reset-cells = <1>;
+		};
 
-			ulpi {
-				usb_hs_phy: phy {
-					compatible = "qcom,usb-hs-phy-msm8916",
-						     "qcom,usb-hs-phy";
-					#phy-cells = <0>;
-					clocks = <&xo_board>, <&gcc GCC_USB2A_PHY_SLEEP_CLK>;
-					clock-names = "ref", "sleep";
-					resets = <&gcc GCC_USB2A_PHY_BCR>, <&usb 0>;
-					reset-names = "phy", "por";
-					qcom,init-seq = /bits/ 8 <0x0 0x44>,
-								 <0x1 0x6b>,
-								 <0x2 0x24>,
-								 <0x3 0x13>;
-				};
-			};
+		usb_hs_phy: usb_hs_phy at 78d9000 {
+			compatible = "qcom,usb-hs-phy-msm8916",
+				     "qcom,usb-hs-phy";
+			reg = <0x78d9000 0x400>;
+			#phy-cells = <0>;
+			clocks = <&xo_board>, <&gcc GCC_USB2A_PHY_SLEEP_CLK>;
+			clock-names = "ref", "sleep";
+			resets = <&gcc GCC_USB2A_PHY_BCR>, <&usb 0>;
+			reset-names = "phy", "por";
+			qcom,init-seq = /bits/ 8 <0x0 0x44>,
+						 <0x1 0x6b>,
+						 <0x2 0x24>,
+						 <0x3 0x13>;
 		};
 
 		wcnss: remoteproc at a204000 {
-- 
2.25.1

More information about the U-Boot mailing list