From 8610dd5022e0310ff36ed7132c574f65c001b1aa Mon Sep 17 00:00:00 2001 From: Yidi Lin Date: Fri, 5 Aug 2022 15:40:48 +0800 Subject: [PATCH] libpayload: usbmsc: Prevent usbdisk_remove() from being called twice When removing SD card from USB card reader, the USB MSC stack does not detach the device immediately. Instead, the USB MSC stack calls usbdisk_remove() and calls usb_msc_destroy() after several pollings. It results in usbdisk_remove() being called twice. Since the usbmsc_inst_t instance is freed after first usbdisk_remove() call, the second call invokes an invalid usbmsc_inst_t instance and causes exception in CPU. This patch prevents usbdisk_remove() from being called twice by setting usbdisk_created to zero. BUG=b:239492347 TEST=insert an empty SD card into the USB card reader then remove the SD card. AP firmware does not crash. Change-Id: I0675e9fde3e770d63dd0047928356a204245ef18 Signed-off-by: Yidi Lin Reviewed-on: https://review.coreboot.org/c/coreboot/+/66449 Reviewed-by: Yu-Ping Wu Tested-by: build bot (Jenkins) --- payloads/libpayload/drivers/usb/usbmsc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/payloads/libpayload/drivers/usb/usbmsc.c b/payloads/libpayload/drivers/usb/usbmsc.c index 96c4946b76..75a8804b28 100644 --- a/payloads/libpayload/drivers/usb/usbmsc.c +++ b/payloads/libpayload/drivers/usb/usbmsc.c @@ -78,8 +78,10 @@ usb_msc_create_disk (usbdev_t *dev) static void usb_msc_remove_disk (usbdev_t *dev) { - if (MSC_INST (dev)->usbdisk_created && usbdisk_remove) + if (MSC_INST (dev)->usbdisk_created && usbdisk_remove) { usbdisk_remove (dev); + MSC_INST (dev)->usbdisk_created = 0; + } } static void