diff mbox series

[1/5] scsi: ufs: core: Cancel RTC work during ufshcd_remove()

Message ID 20241111-ufs_bug_fix-v1-1-45ad8b62f02e@linaro.org (mailing list archive)
State New
Delegated to: Geert Uytterhoeven
Headers show
Series scsi: ufs: Bug fixes for ufs core and platform drivers | expand

Commit Message

Manivannan Sadhasivam via B4 Relay Nov. 11, 2024, 5:48 p.m. UTC
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>

Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When
ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to
this, any further trigger of the RTC work after ufshcd_remove() would
result in a NULL pointer dereference as below:

Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4
Workqueue: events ufshcd_rtc_work
Call trace:
 _raw_spin_lock_irqsave+0x34/0x8c
 pm_runtime_get_if_active+0x24/0xb4
 ufshcd_rtc_work+0x124/0x19c
 process_scheduled_works+0x18c/0x2d8
 worker_thread+0x144/0x280
 kthread+0x11c/0x128
 ret_from_fork+0x10/0x20

Since RTC work accesses the ufshcd internal structures, it should be cancelled
when ufshcd is removed. So do that in ufshcd_remove(), as per the order in
ufshcd_init().

Cc: stable@vger.kernel.org # 6.8
Fixes: 6bf999e0eb41 ("scsi: ufs: core: Add UFS RTC support")
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/ufs/core/ufshcd.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Peter Wang (王信友) Nov. 12, 2024, 2:13 a.m. UTC | #1
On Mon, 2024-11-11 at 23:18 +0530, Manivannan Sadhasivam via B4 Relay
wrote:
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
> 
> 
> From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> 
> Currently, RTC work is only cancelled during __ufshcd_wl_suspend().
> When
> ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due
> to
> this, any further trigger of the RTC work after ufshcd_remove() would
> result in a NULL pointer dereference as below:
> 
> Unable to handle kernel NULL pointer dereference at virtual address
> 00000000000002a4
> Workqueue: events ufshcd_rtc_work
> Call trace:
>  _raw_spin_lock_irqsave+0x34/0x8c
>  pm_runtime_get_if_active+0x24/0xb4
>  ufshcd_rtc_work+0x124/0x19c
>  process_scheduled_works+0x18c/0x2d8
>  worker_thread+0x144/0x280
>  kthread+0x11c/0x128
>  ret_from_fork+0x10/0x20
> 
> Since RTC work accesses the ufshcd internal structures, it should be
> cancelled
> when ufshcd is removed. So do that in ufshcd_remove(), as per the
> order in
> ufshcd_init().
> 
> Cc: stable@vger.kernel.org # 6.8
> Fixes: 6bf999e0eb41 ("scsi: ufs: core: Add UFS RTC support")
> Signed-off-by: Manivannan Sadhasivam <
> manivannan.sadhasivam@linaro.org>
> ---
>  drivers/ufs/core/ufshcd.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> 

Reviewed-by: Peter Wang <peter.wang@mediatek.com>
diff mbox series

Patch

diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index f5846598d80e..cc2555333512 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -10225,6 +10225,7 @@  void ufshcd_remove(struct ufs_hba *hba)
 	ufs_hwmon_remove(hba);
 	ufs_bsg_remove(hba);
 	ufs_sysfs_remove_nodes(hba->dev);
+	cancel_delayed_work_sync(&hba->ufs_rtc_update_work);
 	blk_mq_destroy_queue(hba->tmf_queue);
 	blk_put_queue(hba->tmf_queue);
 	blk_mq_free_tag_set(&hba->tmf_tag_set);