From patchwork Thu Aug 22 02:34:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?6IOh6L+e5Yuk?= X-Patchwork-Id: 821646 Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sgaapc01on2073.outbound.protection.outlook.com [40.107.215.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72A7D12B72; Thu, 22 Aug 2024 02:34:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.215.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724294061; cv=fail; b=YwQjms/MxyoLh4FmOVPreWgcLfUHkQfHLyxHnSB5ISVFme7rnC3z75lPwRemz2fltCyYqxxKDK4rPVjn6I/Y6mk/5fYDDAsIdUj/mEmFANLSDRN72ke+CSs65/D8wpxNaDST9/IcwaUEPDB3E1CLkftbxfFl1xJugtStvapOlIc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724294061; c=relaxed/simple; bh=ix6XmUsMVsr5USt/UfxHmLcNsPUfXvAH8/BC6gxdleI=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=n2Nf7lqgtFi2DKWE27gGqsXsrX7FzjbjeUMKC7VfEWzyXs+8FtD3U7dVow7MrRjBBgAWvmj768O9vdg+nHzBmp7TMCgNQY+BjB16p2BbZk0VY+XI2sdxQdqk5tyo/7wEa0SyHx1n4nL1nXEmXNP293ZRxr0AJuNjj2wmPfxVDnA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com; spf=pass smtp.mailfrom=vivo.com; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b=VjiuW2U2; arc=fail smtp.client-ip=40.107.215.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=vivo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b="VjiuW2U2" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=huV3uXe79OP8L7YcMHrX6AbiPrdcYFkCE6j5Y4uRW1TN+SHQI4Ud7QP/339AjxJmX13H31df4Vsp5N4fpfaUVQ4XidnU29q0/irfL5dgn8/duSbbSoua9eq6h/QoMpq5O+wYhd7EvAt8cQJ1/ulluahzFOYW0nOB2U3GsQqs471rCnw5QuLMTkWUhfLeu938iov9+eGsmTfYjZSl8LW7GjwV8XRqlngfNV1S+VuaGibCjaX/0bMQ7UakFuxoxzoL7hUPG5m41Ebf32DFV19k2oo8JXYqKRB7Tzo1rgtDnYHfDt/EsF84TsE1kvtEfunlbuA4RVCSfAPbSZBZUo/V+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ix6XmUsMVsr5USt/UfxHmLcNsPUfXvAH8/BC6gxdleI=; b=K5zG3ZN8g8bTBNohtIQRR4vRfs8+cJOfee9sS6zcpV1AcLvFOwX/tCF8wicR6OanWP/E9hz819CVc9hvnzpEL5CiMy8oOhVgMhFBK5OfFgbV4UW44i3AiJ9G8263epqcFJMPyKRbqxfDQlLnCIWl2Yg5zWSdTgC5wynfBYIWKVnzsEndOLV82Qv4DHZQIGnzteoL+7KqWzFWfBCDNc4Pqx9l5pKEL2oTe7seaZc/HPJPn+Tvu+GUzf7jS2GQixb1FKJweT9iIIEvVcaHwe32U3CfMlV31uwoPtTDK+IlTo9UPIk1/IAOUGiR/lwIvNVRZOVK5onHC6ylNIWrNZW5Qg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vivo.com; dmarc=pass action=none header.from=vivo.com; dkim=pass header.d=vivo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ix6XmUsMVsr5USt/UfxHmLcNsPUfXvAH8/BC6gxdleI=; b=VjiuW2U2+AJ/kNdQPvv4U+pJlDg/r4AlLM2YYcmkbg6X5jNaIn/9qIFI0hjoM1OTyZRT/3Mjym0a50CUDOma8WpVHvt2FZl8gUT2zyILdKlvy8bMB7JTdeYatSn3d+DMO+HpfpdTved+34wurpomrSDWEOEnQdYW4k/YIgaqvQ/xzhl3mRR3zqXIzuTDWD7FDCkC9d+I6ELGLDo6W8kYjwF7/J7pfrhw0z/tXtUV+k8oFYlq9BETFgESiiYti53pP4HlufTkaMpbRYba3g61rga0qemHylCbaGYCS/06ye53tYz4dwsNl1PjMRre7AjtAjDZl7JlDP4GvisIgmPVEg== Received: from TYUPR06MB6217.apcprd06.prod.outlook.com (2603:1096:400:358::7) by SEZPR06MB5413.apcprd06.prod.outlook.com (2603:1096:101:64::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.25; Thu, 22 Aug 2024 02:34:12 +0000 Received: from TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe]) by TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe%4]) with mapi id 15.20.7875.019; Thu, 22 Aug 2024 02:34:11 +0000 From: =?eucgb2312_cn?b?uvrBrMfa?= To: Prashanth K , "gregkh@linuxfoundation.org" CC: "quic_jjohnson@quicinc.com" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , opensource.kernel , "akpm@linux-foundation.org" , Michael Nazzareno Trimarchi Subject: [PATCH v6] usb: gadget: u_serial: Add null pointer check in gs_read_complete & gs_write_complete Thread-Topic: [PATCH v6] usb: gadget: u_serial: Add null pointer check in gs_read_complete & gs_write_complete Thread-Index: Adr0Om++URnaGaVeQfyA+J7u99KqHg== Date: Thu, 22 Aug 2024 02:34:11 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vivo.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: TYUPR06MB6217:EE_|SEZPR06MB5413:EE_ x-ms-office365-filtering-correlation-id: 39f0f55b-f427-4f62-3771-08dcc252e834 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; ARA:13230040|366016|376014|1800799024|38070700018; x-microsoft-antispam-message-info: =?eucgb2312_cn?b?cVYxSEY1enZjWTNIU0VKZ1hkTWdM?= =?eucgb2312_cn?b?TVplUWVNUi92LzZ5UUw5MzQzaE92dlkwMWM4SnJhOFFQOFBKZkdmZWpzV3dkMDRn?= =?eucgb2312_cn?b?L0Q1T1A1aHFRM2tReUh0R3pTcHhMR2pTVFNXSlN3Wmp0R2RiNSt2UXNPYlhjNHcr?= =?eucgb2312_cn?b?MVp0c1hDRGtjWENkc3NINXB2Zm52QTJ0ZUdtNGJTU0s5V2kvQktTSGxOOTc4UFEz?= =?eucgb2312_cn?b?ZjNMZkVjR3Q5Qmx1UENia0NtVVgzSjI0M0lnQ3BMOWdRQzFRSE5NeWVpaXh6U3Jo?= =?eucgb2312_cn?b?YlljeUpzbDZEejMzZ3l0NmNrVkRZanJmNHFVT0o4cHBFZm53OW9lbjcvNytXMHZw?= =?eucgb2312_cn?b?dU9TUUM5QW1scXNNalFVMW1rTkIvTlpZY1pBQWtoTzZkbjg3bXFvRlJlL3YybVJK?= =?eucgb2312_cn?b?RDZ1RlVxK1FRc21qYmYvbkl4KzQvR1JFbWhjbnFSUzF3amhjU2lOdHJzcXAxMmxk?= =?eucgb2312_cn?b?M1lhQlcwdmVpQ1VxUjhOVUdiNnZWOUk3ZGZvdzBQRGYwRUh4dlVTL01xZG93VmlJ?= =?eucgb2312_cn?b?K1YwN250QmYxTm9RQUNnUU5vS1V3SXZEM1g3LzZaQTRNclJ3ZElzOUwzY2V6TVNq?= =?eucgb2312_cn?b?Wk13VHRURVg4VFVJZXkyb0hGRDE5ejgzMlhKR0ZGbDNkM2hCSVljaXhGQ1ZkQjFU?= =?eucgb2312_cn?b?c1lQRnZCWU5WSUF3WnNZSXhCendHTm5oVnZIQUQvSmpZc3hDakxOYkt5N0ExbkhO?= =?eucgb2312_cn?b?MFNibEREN1dGN254UzVvZ3ozdDZsNTRBckhMZHdXMXZOMTgycW14Ti8wQjlwR3o0?= =?eucgb2312_cn?b?cG5lR3hRL3NnV3lWSnNmSnZCZllRMlRWVmlLdW1qUU94ZUk4Uk5LY2doak9wcGN5?= =?eucgb2312_cn?b?MGM3ZUpEMnUySWp1L1NPQjQ0L25YN3E3dU9PNkFLZTUycVJpTnc2Nml3c3o3TnNZ?= =?eucgb2312_cn?b?c1ZweVU2aXNwTVRsQmNEZkVOMUt0emlYanFFVndXTCtSRVEvWjdYSzFoQ0hVS1lu?= =?eucgb2312_cn?b?NGZzYXRYTlZNcGxrV3lJMllaVWtndE5HUzIyckx5UWw0UUFzNDVlRDlZK0hzcytm?= =?eucgb2312_cn?b?Zkl1R0dsOWgvUmhvdnczeU1MamZONEtwZ2FBUEtzSHZ4MFhtNW9HelpRdDRPYU5v?= =?eucgb2312_cn?b?emFOcWZjRnZBZkNFS1Npb2srVmRKbURJNUE0L1JIR2NrNC95SnBGbW5VVDVnRXo3?= =?eucgb2312_cn?b?RUdVcHdxa2VKb2huMThrRmc3a0F6Nlc2c1E1bXZYbG43enZydGM2czRIMWdGK0lx?= =?eucgb2312_cn?b?MzZuMUJhWHdyaFpuRlNJbFVLVEppVER4QWdnUzh6VmJ4TER1OXNyVnFTbFZhYTVo?= =?eucgb2312_cn?b?M3NwN0lXSXdid1VWZjhJWm5zb2ZCU3grbWw2M2tuLzE1a1NYZWNIZ05ONnlCckZ3?= =?eucgb2312_cn?b?TVR4NmZCM3NkQnljRDY5dUdxYXpsdEZIWnUyc3FMUlAxelRGZlNDUDMrR0hwQkt6?= =?eucgb2312_cn?b?aXpSOGkzNDE2MHJZbVdSS2puNnoxSFMwaVo5TGl5ZS9vSytPM1MzcjV5d0dNY1hY?= =?eucgb2312_cn?b?VmtiUWczYTFER2Nqa3liRTVtWitKVkY3eFZwRUg5NnFVTklhUlhBSXJKVTVLWVFu?= =?eucgb2312_cn?b?TFdZREdzbkdMQk4xUEhlbEY5NkR2d2tRZTUvVHVEbXhwUlZ0UVl4VnR4YzFtako1?= =?eucgb2312_cn?b?K3FnL2RGQTZkTnI1dVN3T3ROWWEyY3Bmb2JPM3d6bkpUbVpYakZYL0JGd3BqOXlK?= =?eucgb2312_cn?b?MnJ0aWZRNWVnWjllYmtnZEllWFZwQ3hudjVId3phTnZaZmlnN3lqVDlmRml2NUdW?= =?eucgb2312_cn?b?Sk9PdzVKTnpac0R4bUxHemFsTkJyNzRPUmxHWVpkY2lIbTM1dGVyMVBxcTZvSmxN?= =?eucgb2312_cn?b?Q0lhVlUrYTBWUTViVEs2REVwdHE2WWY1dy9FNUdxNHBLRFlOZHBlRkVGcFpJeXBa?= =?eucgb2312_cn?b?d01ZcG1USHREdnVIaExJQVE9PQ==?= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:zh-cn; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:TYUPR06MB6217.apcprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(366016)(376014)(1800799024)(38070700018); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?eucgb2312_cn?b?c001aFB4d1JVOERXRThGcWc4?= =?eucgb2312_cn?b?NXFTY2ZCemcxTmRuREg5VHkvRWlwemRqUFhubHVVaVN1OW5qZE1GbnJQOGt6Y0sw?= =?eucgb2312_cn?b?SmtGZzV3VHFVREltUGg5MG5MVDhGYWZEekhKTFF1dE9aaG9BZ3lzU2krZ3RVWTF5?= =?eucgb2312_cn?b?UElmWDc4ZDZ3V2Y4YmIxV2hXY1J6c1VXVzBET3ViNUo2bE5pL1hvNE9uRVgyWE9t?= =?eucgb2312_cn?b?aS92bm1VR0VkamU2OHlBblBzV3NtUFo5STk3dHlGVEZNYThaZENvdEdod2RJL29L?= =?eucgb2312_cn?b?SGZQNUxPYlFxOVF0SFlRWWdWTllJNlZCTE9MSU5YNDlYRHFtWnErMEZjeVg5bkhp?= =?eucgb2312_cn?b?cjVDcUcxVlFCUEZoUW1FUlloQnBIVjhVYVlOR1pCTTh5aTBHUHQ0SFdYdFU4SXY5?= =?eucgb2312_cn?b?bml0enJXdHJYa0pPRFg0MlpPVnN0OWozQWtlbFU2WFYwdENLVklDVUt6eDhPVkpO?= =?eucgb2312_cn?b?eXZEYkNvcytwdjhrWWszQmY2TkFMRTV3bFpYMDNoWXgva2t0YXlXczFIVFFQZitq?= =?eucgb2312_cn?b?YWF4Y3hZbnVtVlBuUWZiblNwZ3dWakZBQzdxNGg5Uk14OWpJWTFzZGxiU3BEU3d6?= =?eucgb2312_cn?b?VElEY0FSN1dWL3ErWWtrRWNyT1hqa0pxOTJDVnpmNEh6cnVBcWVITjFpRzFYaWZC?= =?eucgb2312_cn?b?WUNlTUxjQmdJNlFNQVpKcWVPL0F1K3RnVi96OGw3M2hRcmxCL0daTTdhem43Kzh1?= =?eucgb2312_cn?b?ZGdka2VkTzRNb0VOTS8wMDJaZWZTQnluZUIvbFcvR0dMVzlFclVxa0xlcHVvVGc1?= =?eucgb2312_cn?b?T1RJTm8yb3V4d3lWWGdDWE51MzRSamtRemRnSWRtZUI5eDBpWHM0bUJic3BmVi95?= =?eucgb2312_cn?b?Y0pTSmZiZmoyMmNUTld2UWIxdEM0eUtERk81bTZPRTdSei9TTml5dmZtbEJxNlJq?= =?eucgb2312_cn?b?UHFIYzY2SnFJL21RaUlPaUdmdHgvcUJGeDhNSG5ZZzFYZlNZdW53dWMrTzkveGY3?= =?eucgb2312_cn?b?czVWK3ZLNU1pbjgrb2tXQ0lCRHorZ0NWRmgzTXcvcFl4VlpnQ1UzbTdtTFJseTRo?= =?eucgb2312_cn?b?TGVtalYrTGoxdStIOURtMnVjWVhhSHlrVHZRTzB4VWFmbHZweFU0OUZEaWhLVHNM?= =?eucgb2312_cn?b?WTlxU04rT3dkdmpyWElUdTJsb0R5b245emUraUpBeGJmMVFiaWxCRVJZRkloaVlG?= =?eucgb2312_cn?b?bWtPRTc3b0JiS3NOL3lIT2d0blN6K1ZybmhJbTkvdUxId1ZZWDZHOTJiVERjQkM4?= =?eucgb2312_cn?b?WnhxR1VuVk0yR3pXY2VzbGs3S1F5azFKbU85dEdRUkVPeERYRlJnWTZZQ1pQYW9G?= =?eucgb2312_cn?b?RFg5R1ZLZXdOUHEvcDZ2NXdNYUhWRlh3MStPTkRTdUlQV3Jlb3dhaFhVM2F0WjEx?= =?eucgb2312_cn?b?cmVHWUM0SzROaFZKaEdRakVnT2xiN1I5MmJSM0FzdmNhWFhDc0tRbEZCYUlnY3ZC?= =?eucgb2312_cn?b?alR5L0hMa09kejBJN1oxODJHRXFTaTJWTnFXeDZEelB3bTk5Y0NtanFqMCtQUWNT?= =?eucgb2312_cn?b?cnRmZno0UU9kdjVQcXY1bzJnYmgrUFBuTTMyTEVYMFBCcG5MWkhVRUd3aTFrZUpR?= =?eucgb2312_cn?b?MFBUeXdDVzZlSGJ5NFBIMXN6dUtIZWt1S0ZhQkJRMU1IY2hhWExxUUpoWHBzOHZ0?= =?eucgb2312_cn?b?QTJYNWV4dDE0T3AwWU9NSzVhWHJ5UU5CeVRkTDA4MHQ3Z2ljTFZiTnhiQk50UVJU?= =?eucgb2312_cn?b?ZEp5dkliSkJJZzlXRHdFUVlRZHFTNGIxMHR2TDV5UEw0SlRBQkZNazFZdWx6blo2?= =?eucgb2312_cn?b?OUdEek1lZzF2aDhOWUpnWktJeE9vZ0ZYR3p4V3B2TGxYZHUxNjN4T0tmaXg2aytU?= =?eucgb2312_cn?b?TXhNK2E5VjdkaVAxUFVMTzhVQjRLeE1yWWIvaDVSODRMU3k0RHlERmlGUDZ5K25k?= =?eucgb2312_cn?b?WVFvU3MvTHFEelUrVndHUU5qTGxCVkRGczRIYUlUVUdjQVBMQjg0MUgyWjdLazU3?= =?eucgb2312_cn?b?Y1hqdDBFaVdnSUF1QVE0ZVBxazB1K2tTd2d0ejNOOTFsQTN2cFlGTEp2QzNOckNZ?= =?eucgb2312_cn?b?S1I4MmJpMk1TaVgwSmlCUENHVUJ5ZFFWUHg1NU5vdExuYXdNMzhoRG43MDVDVUw5?= =?eucgb2312_cn?b?eG5OVjFPVG1ZeGlDaFU0WkI1N2xYbUp6OD0=?= Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: vivo.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TYUPR06MB6217.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 39f0f55b-f427-4f62-3771-08dcc252e834 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Aug 2024 02:34:11.8024 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 923e42dc-48d5-4cbe-b582-1a797a6412ed X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2OQvbrl3CEzo+KTIMw5SnlyN9xBzruxS6xVd43pi5Oqz2ZgDzDLmJjdl3gb9PMhGvlgDlc+okv49cvPZqgUwIA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR06MB5413 From: Lianqin Hu Considering that in some extreme cases, when the unbind operation is being executed, gserial_disconnect has already cleared gser->ioport, and the controller has not stopped & pullup 0, sys.usb.config is reset and the bind operation will be re-executed, calling gs_read_complete, which will result in accessing gser->iport, resulting in a null pointer dereference, add a null pointer check to prevent this situation. Added a static spinlock to prevent gser->ioport from becoming null after the newly added check. Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a8 pc : gs_read_complete+0x58/0x240 lr : usb_gadget_giveback_request+0x40/0x160 sp : ffffffc00f1539c0 x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000 x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000 x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8 x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098 x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000 x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000 x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8 Call trace: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec el0t_64_sync+0x1b4/0x1b8 Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62) ---[ end trace 938847327a739172 ]--- Kernel panic - not syncing: Oops: Fatal exception Fixes: c1dca562be8a ("usb gadget: split out serial core") Cc: stable@vger.kernel.org Signed-off-by: Lianqin Hu --- v6: - Update the commit text - Add the Fixes tag - CC stable kernel - Add serial_port_lock protection when checking port pointer - Optimize code comments - Delete log printing --- drivers/usb/gadget/function/u_serial.c | 33 ++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index b394105e55d6..e43d8065f7ec 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -452,20 +452,43 @@ static void gs_rx_push(struct work_struct *work) static void gs_read_complete(struct usb_ep *ep, struct usb_request *req) { - struct gs_port *port = ep->driver_data; + struct gs_port *port; + unsigned long flags; + + spin_lock_irqsave(&serial_port_lock, flags); + port = ep->driver_data; + + /* When port is NULL, return to avoid panic. */ + if (!port) { + spin_unlock_irqrestore(&serial_port_lock, flags); + return; + } - /* Queue all received data until the tty layer is ready for it. */ spin_lock(&port->port_lock); + spin_unlock(&serial_port_lock); + + /* Queue all received data until the tty layer is ready for it. */ list_add_tail(&req->list, &port->read_queue); schedule_delayed_work(&port->push, 0); - spin_unlock(&port->port_lock); + spin_unlock_irqrestore(&port->port_lock, flags); } static void gs_write_complete(struct usb_ep *ep, struct usb_request *req) { - struct gs_port *port = ep->driver_data; + struct gs_port *port; + unsigned long flags; + + spin_lock_irqsave(&serial_port_lock, flags); + port = ep->driver_data; + + /* When port is NULL, return to avoid panic. */ + if (!port) { + spin_unlock_irqrestore(&serial_port_lock, flags); + return; + } spin_lock(&port->port_lock); + spin_unlock(&serial_port_lock); list_add(&req->list, &port->write_pool); port->write_started--; @@ -486,7 +509,7 @@ static void gs_write_complete(struct usb_ep *ep, struct usb_request *req) break; } - spin_unlock(&port->port_lock); + spin_unlock_irqrestore(&port->port_lock, flags); } static void gs_free_requests(struct usb_ep *ep, struct list_head *head,