[PATCH 0/4] usb: gadget: f_mass_storage: Fix crashes on low memory devices
Mattijs Korpershoek
mkorpershoek at baylibre.com
Fri Mar 28 09:15:40 CET 2025
Zixun has reported an odd problem in [1].
He encountered a data abort on the 2nd "ums 0 mmc 0" command with
sam9x60-curiosity board:
U-Boot> ums 0 mmc 0
UMS: LUN 0, dev mmc 0, hwpart 0, sector 0x0, count 0x1d29000
CTRL+C - Operation aborted
U-Boot> ums 0 mmc 0
UMS: LUN 0, dev mmc 0, hwpart 0, sector 0x0, count 0x1d29000
data abort
pc : [<27f93428>] lr : [<27ef7e80>]
reloc pc : [<23f16428>] lr : [<23e7ae80>]
sp : 27ef4cf0 ip : a5200000 fp : 23f6915c
r10: deadbeef r9 : 27ef7e80 r8 : 27f7d2a0
r7 : a5200000 r6 : 00000000 r5 : 00000000 r4 : 27f01668
r3 : 00000000 r2 : 00000000 r1 : 27fe1d88 r0 : 27f01668
Flags: nzCV IRQs off FIQs off Mode SVC_32 (T)
Code: 45ac d017 68c5 4667 (60fd) 60af
I could reproduce this on khadas-vim3_android_ab_defconfig by applying
the following diff:
diff --git a/configs/khadas-vim3_android_ab_defconfig b/configs/khadas-vim3_android_ab_defconfig
index a078c5d363ae..c8d1cc69f1fb 100644
--- a/configs/khadas-vim3_android_ab_defconfig
+++ b/configs/khadas-vim3_android_ab_defconfig
@@ -3,7 +3,7 @@ CONFIG_SYS_BOARD="vim3"
CONFIG_SYS_CONFIG_NAME="khadas-vim3_android"
CONFIG_ARCH_MESON=y
CONFIG_TEXT_BASE=0x01000000
-CONFIG_SYS_MALLOC_LEN=0x08000000
+CONFIG_SYS_MALLOC_LEN=0x81000
CONFIG_NR_DRAM_BANKS=1
CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y
CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x20000000
This series fixes the above mentioned crash by introducing proper error
handling and freeing the buffers in the unbind callback.
[1] https://lore.kernel.org/r/all/CA+GyqebHib_N7szGKkR0Ejac1rmoDQp+0a8t7ROng=PE3g9pGA@mail.gmail.com/
Signed-off-by: Mattijs Korpershoek <mkorpershoek at baylibre.com>
---
This should go into next since it's not an urgent fix.
---
---
Mattijs Korpershoek (4):
usb: gadget: f_mass_storage: Remove kref structure use
usb: gadget: f_mass_storage: Drop invalid kfree() in fsg_common_release()
usb: gadget: f_mass_storage: Fix NULL dereference in fsg_add()
usb: gadget: f_mass_storage: Fix memory leak of fsg buffers
drivers/usb/gadget/f_mass_storage.c | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)
---
base-commit: 3f9e0349c3e8afe45d5bdb2328a16512cfbc2ef1
change-id: 20250327-ums-gadget-leak-898d2e776e2d
Best regards,
--
Mattijs Korpershoek <mkorpershoek at baylibre.com>
More information about the U-Boot
mailing list