xhci Panic patch

From: Nitin Gupta <nitin.gupta981_at_gmail.com>
Date: Mon, 31 Jan 2022 07:32:40 UTC
Dear Group Member

I came across the kernel Panic in xhci module for some of my
development activities .Issue is very random and looks like td is NULL ..
Please Review the below patch and let me know your thoughts


index e88a827..a6ce227 100644
--- a/sys/dev/usb/controller/xhci.c
+++ b/sys/dev/usb/controller/xhci.c
@@ -886,7 +886,7 @@ xhci_skip_transfer(struct usb_xfer *xfer)
 static void
 xhci_check_transfer(struct xhci_softc *sc, struct xhci_trb *trb)
 {
-       struct xhci_endpoint_ext *pepext;
+       struct xhci_endpoint_ext *pepext = NULL;
        int64_t offset;
        uint64_t td_event;
        uint32_t temp;
@@ -929,6 +929,10 @@ xhci_check_transfer(struct xhci_softc *sc, struct
xhci_trb *trb
)

        pepext = &sc->sc_hw.devs[index].endp[epno];

+       if (pepext == NULL) {
+               DPRINTF("pepext is Null\n");
+               return;
+       }
        if (pepext->trb_ep_mode != USB_EP_MODE_STREAMS) {
                stream_id = 0;
@@ -940,8 +944,8 @@ xhci_check_transfer(struct xhci_softc *sc, struct
xhci_trb *trb)

        /* try to find the USB transfer that generated the event */
        for (i = 0; i != (XHCI_MAX_TRANSFERS - 1); i++) {
-               struct usb_xfer *xfer;
-               struct xhci_td *td;
+               struct usb_xfer *xfer = NULL;
+               struct xhci_td *td = NULL;

                xfer = pepext->xfer[i + (XHCI_MAX_TRANSFERS * stream_id)];
                if (xfer == NULL)
@@ -949,6 +953,9 @@ xhci_check_transfer(struct xhci_softc *sc, struct
xhci_trb *trb)

                td = xfer->td_transfer_cache;




Regards
Nitin