From patchwork Mon Nov 18 03:12:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?6IOh6L+e5Yuk?= X-Patchwork-Id: 13878054 Received: from SEYPR02CU001.outbound.protection.outlook.com (mail-koreacentralazon11013057.outbound.protection.outlook.com [40.107.44.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 055D62110E; Mon, 18 Nov 2024 03:13:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.44.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731899583; cv=fail; b=qyiR6e/ms7xFvKnxYmzeVcjI4UafD66SsotD1N3NjVKir1udn9apd8IZf39jzujMPUfxQttII7/arcOqz6gwdpASySXhJR6+eS+PLY8EVoiaqNEA67i/ZSweAVZkVwsHwMI2Kmqs487VqN//tMiKl1+UEdrQ0kLnFq+gkYglx8w= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731899583; c=relaxed/simple; bh=XxKyxSvONLbTqk6AgaKx+MOzbGV5bIA42g7k7d8BrCs=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=tTu7DI7q8Ma8HxOeU2C0geTd9Yz2j/8Y13Hi2o2d4vzxdKzaNGhg2KmdBzqy/n0Ts/85G0d+H2UIzJM/Hp+jXNBrQ5LSOIU/gZZONDXIzFdR+OI8t/7s/WjJ1kbx7YFcfL/KR9H8vnu7694RFJfxZZGWFx0GwfLznNWhiXlT9oI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com; spf=pass smtp.mailfrom=vivo.com; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b=qGqB1ALo; arc=fail smtp.client-ip=40.107.44.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=vivo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b="qGqB1ALo" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=b/Kn5e8Z4OAut6+wo/qmwvCt5AITqlXUmmDrXVa4XSxnTV5yNYDh5Rz5mz/Uk7h1kjWLJseLdo4XGSuuztT+987hBvdx6wPA49LMydrml6tHUYDqQ7y721ym2FktkO0k4SbC46Q0THBAII2CPlJtJa8tKqJu8xEcF01aWO9K70NyV+p3J/e8482J7qqGqlHGw3gb9hN/XPOR7J7uaJaw1O6pwzJ5dVApMKuurG5w6OIJI/IsxfIDuoclvF0veWP8qwaP+GsI44LmSueEI1PqdYnXziH5zqHrfl16xWYWmxOXH+Pqj6I8awtKbvJDsWgRpy85wwFHGzG8eQJukKFSMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XxKyxSvONLbTqk6AgaKx+MOzbGV5bIA42g7k7d8BrCs=; b=jfTrMNz69CsfiR6ClwmKRq4QP2cxq8uVFv2IuF6YU/Qmn/usZ1S2om3kk021UfKsaut2TcndhyGdxPwDfZkjxoc2vC1c/+GJrS9FvDOkBgbkK3vDthqa7Ye/fW80pOPkKdAbVFRepG/fT4dNA6DJq9BIsmsnJkisekcnHpfntbB/7gfKIr2DE/TQeJ0A+p0OsKoIhgCh1UKFGBUzJaU9crPRhQmCHF2tHvttAESBhMjoiP91wUSQrbVHJawN1za1OV02gQI65K9cmrd7flW/RzzpTVxXVbplyh7JwX1va5sBSuNgKzFoh75yzKxn5X01ZwtZnlk7RxE8jTTa8cWMpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vivo.com; dmarc=pass action=none header.from=vivo.com; dkim=pass header.d=vivo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XxKyxSvONLbTqk6AgaKx+MOzbGV5bIA42g7k7d8BrCs=; b=qGqB1ALoz4J6naARwLQyKYaKCeyqyDRLf+ZMRRjWjG8azYqlB+SOPKkwlcmgYoz6tlCnmn0TrTpCEq93mZJ0vxxoiEFnt5FC+jIelsUHcug3GnhCm5v0Gibo6H0R3wVaGH+gtpjsI3N5lUTCSGhaociEn5j0iEdywTNnjMsAeu4/VKYLI5VODxDCnS42M29YGRoGG/ApaoaZmoYTjv8cD8fsy7spV/3o8W4FwRuZ1zc2jwTkaWrX2jYrhQIyvcBWMAsazADx6VQh7dQIpjDZo0H5o58p+tmVMxmrB4vvLeBbMXPv4bCLgbkZushANbRtsSPmaq/2tXd2tbHokX+fJw== Received: from TYUPR06MB6217.apcprd06.prod.outlook.com (2603:1096:400:358::7) by KL1PR06MB6845.apcprd06.prod.outlook.com (2603:1096:820:10d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8182.11; Mon, 18 Nov 2024 03:12:54 +0000 Received: from TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe]) by TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe%6]) with mapi id 15.20.8182.011; Mon, 18 Nov 2024 03:12:54 +0000 From: =?eucgb2312_cn?b?uvrBrMfa?= To: "gregkh@linuxfoundation.org" , "quic_jjohnson@quicinc.com" , "mwalle@kernel.org" , Prashanth K CC: "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , opensource.kernel , =?eucgb2312_cn?b?uvrBrMfa?= Subject: [PATCH] usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Thread-Topic: [PATCH] usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Thread-Index: Ads5Z1bjTgbcKYBiSvSmNoAzjrMY+A== Date: Mon, 18 Nov 2024 03:12:54 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vivo.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: TYUPR06MB6217:EE_|KL1PR06MB6845:EE_ x-ms-office365-filtering-correlation-id: c2626aa1-177a-48ea-fa0c-08dd077ee4e6 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018; x-microsoft-antispam-message-info: =?eucgb2312_cn?b?OE9yUnV1RTlCRVdQaUs5R2crM3BI?= =?eucgb2312_cn?b?VmoxbXlYaFF5Zk5pY3Y3bTZwQXhkNTZ1K0ZyM0RLc3ZrQXM3amNteFFnczhoWFVF?= =?eucgb2312_cn?b?Y0h0MXV5OXFsQzgvZGtjajNJYUt1aGtxUVhjeExxSkNJaWRoNExjVkN6WGZCbXJz?= =?eucgb2312_cn?b?dkNoRW94QUtzOXo0UzNaaERtQ3hkNEFwUHRBM2Z1SEVzd242d201VjExelZIL0lB?= =?eucgb2312_cn?b?TkZBNkZwV2hzem1kalQvMnFLWVR6WkNCblhIRGpnd242U2NzYlBsQUgyUXloUVFJ?= =?eucgb2312_cn?b?dEhrQkgvditDTCsyTXRyc0lFT3lsdzFROVNXdjNRb1FqQS9VRFo0MHN3Y3RIMTlY?= =?eucgb2312_cn?b?U0llTHcvblJ3cDU2dkpkUHFSWGpmN21RUTl2M0FoRHNIVGhUb2hHZjU2VEZremhI?= =?eucgb2312_cn?b?cFFBLzVROFZmOTBTelF6WHlWRmxLTmJoWjhPbGp4U0VOVWRVdHZpVFlBSXBmeEN1?= =?eucgb2312_cn?b?L1psWDh0UlFKdVA0M1hqV01jdnVBM2ZmRFlxZ3VhbmZWbzdyNTB1S0xISldnZDB3?= =?eucgb2312_cn?b?RGFxc1B3NEs5b2JIUkdiRVRiV3plejhzanBNUXRtK2l5bWVZeGJkaVNLVE1uY2E5?= =?eucgb2312_cn?b?Z0JWYk45QnhSbHMxVFc3U0I1c3Rzc3RoencvNXpCTXR5dlFQSCszK0dFcXdXaFFu?= =?eucgb2312_cn?b?NHYwa0pqWFhsSlplWnpNY0UxVnZiZ1JydUtma2IreThJYVZRdHhFQmV4VjAzSE56?= =?eucgb2312_cn?b?VHRUM3ZRbmg2NG9WWnZmcnBwQTZnVS96SGJFbmcvU3loNmpId01jTUd5VURIQm1o?= =?eucgb2312_cn?b?alBhc1c2d2xyZmd0ZHM0RERxbWpIWGNHY2pPUEhPNWxTTGRwdFZselRLUm5HbUVQ?= =?eucgb2312_cn?b?RGJ5TnE1bTZndjBRQ01kQ3RVZ1BodVZ0SjI1MTYxYm1sTTFJTlJjNHdJcE91Y0Ir?= =?eucgb2312_cn?b?aU12aDFMVWxnZDRRVDgzOWhOQ1JOZlkwMmpCNlc0OWN2em1JMS9md2F0Z0l6Zk9U?= =?eucgb2312_cn?b?Tm0wUDFPNTlZb0ZralF0clE5Nk93QTZXclV1TnVOdTN3dVdrcEl3Y01iZ0Z3ZjBM?= =?eucgb2312_cn?b?NUZkSGtSUnQ5ZXZtYms4RnN5OVVIT2xhV2dHQy9PS1FOUHdrRzZuK1JCd285WDQ0?= =?eucgb2312_cn?b?RnZWUnUybllpYUtTMW1DK2NqS1kzRmlmR0VGaGJVd1RFTFdybVRJUytZLzhQMnNp?= =?eucgb2312_cn?b?VmVjSUZCQk9zQkVDVHpFYlY4eTRwYUJsbG1vWnFvTUZMRXpzTVUwSC9VSEIwbUdX?= =?eucgb2312_cn?b?RGFmVzZRdXN3UWJXbDJ1YXFsbWUrN2wydG04N3BJUjBSU2o5YXRSdHk3WWx0VlJT?= =?eucgb2312_cn?b?eXRLckthcXpUc1hxcTNTMU1JR3VHR2swRDJtSjd3MjgzQmZGcVZxMVluYmhlR0RC?= =?eucgb2312_cn?b?ZDAzaUVCMXZyQ3pyV2dleWJrTUgzcW4yUHpCTEo1UUFMSU90YW1TbFNxdk9aMFFm?= =?eucgb2312_cn?b?SUNTd20wcVFSZ3hVbStpaS9zV2tiRjR5NGIyaHZHZUcrVGFTMmpDaU1pVzZYLzFU?= =?eucgb2312_cn?b?RXIwNlZuTnphMFhaTk9NSThZeHE5OU9xMG9RQXl6ZHJRcVEzZDRYcStFNEVualJq?= =?eucgb2312_cn?b?R2FXRmZDQzNoRDBGaFlZUDFmQTd6cFRqTnpQdkcvTjJ2ZDRiUGFleFlMMkEvZjBE?= =?eucgb2312_cn?b?V3hYMFJOU0N0ekFMTkhHVlM2R29ZVitkcHVvbTdUZmZ2U1FIQ3pvbkU2eXArbVJt?= =?eucgb2312_cn?b?cWFWT1pIdlF2K3NyWVFtUkFFMGwrd2s3TGxDZFlyNlhzd0RzelllSk5jMTRDM1dE?= =?eucgb2312_cn?b?Z1VKSEtSZlg1bW9rV3lOTy9vZ1N3T1VMbVlJOE12NHpCM3ZWNnZDaUcwTXVlaGVH?= =?eucgb2312_cn?b?alVuUThZZnRWTm5Xbm1ta3JGOVVIUT0=?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:zh-cn;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYUPR06MB6217.apcprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?eucgb2312_cn?b?dDFkMFYvVzlMc2FiQlM1ZWwy?= =?eucgb2312_cn?b?MDlJNUpPK0dhTWFmbnpFWVF6azZRdlA5bi9jbmZ6RFFkcTJSYmRPS004MUV0US9P?= =?eucgb2312_cn?b?WGU1bXN6Y0w4aFYvMGZCdzU0SDZOR0ZRZEVGekh2VkV6TjREaUNhVWpQTmhzQ1VT?= =?eucgb2312_cn?b?ZlZURHozbG4wSkV1UHRoRjNrQ1A0bGMzTmhBc01VTkc2UUxpa0NTY0s0bmRNT1VL?= =?eucgb2312_cn?b?NlQ0cGJEVlpRRjN5TjFBcy9oTDZFcEFSNitMcko3dFhjL2dhSVp1WDl3UnVUSyt4?= =?eucgb2312_cn?b?a1NQK3pKVEUzTEk4MWkxZlhOUkpsa2h2ZDZLT2dzQ1ExTVF1ZkhvQjloK2cvN2Zm?= =?eucgb2312_cn?b?Y3JYRldRUlcwRlRlUXdheWJlTyt6dmpRMGRSSlo4djhTbXZCOGk2NnFUVFp0MkZL?= =?eucgb2312_cn?b?Z2ZWQjhERE8zeDJ6ZVFZc3NyZGxWSTVzdlcxaGIyeW5UK0ZXbm1UNWVjRHYxOHFn?= =?eucgb2312_cn?b?WUF3SHNEMTM0a21Gc05aTEI3b2t3azBCTExJL0hKTEdEWVBvTE5TeUxiOTZRdUlT?= =?eucgb2312_cn?b?RU9CMHdjS2dabmpoejl3L2FGRURjck1kbXliRGcyWGJiV0ZaK09nTk4rSzdvYUxV?= =?eucgb2312_cn?b?UXpJc0Y4bjh2Q0I1N0twUWRadStqckttWURsUERkUG9helR1NGhZallzY2R0WEVJ?= =?eucgb2312_cn?b?eGg2S1lKKzVvbmVPZm1qSXVWbnA0dGRicE9WVTREa2dNTzFFT2dCdDdMM0dhdG5B?= =?eucgb2312_cn?b?K2lnZ0M1YnBEcEtBcXArcXpQS0FWMU8rYTBIZFRiQUFkNk1VTmd1SExZais5ak16?= =?eucgb2312_cn?b?OGg0T1RiS29kd2hlQTBPM01kdC9sc2E4elRBeXlWWWFSV3Bwb2NiTERHUHJNaFh0?= =?eucgb2312_cn?b?RHU0a1YvUHMvNFkxMkJpRy9XbGlMbm9hQXpVb0VCczdyWXB3SG9BMEpMU1krbEJM?= =?eucgb2312_cn?b?L1R4RWxtSEl1S21ZVHRwcm1JTkx4bVVxYVBhRW5qS1pZb2c4Q3gxcFV1dlBWUThh?= =?eucgb2312_cn?b?UVM2S3BhemtPZDJCTGRZYTRRZndwTVg0eGVDVUtTZERQMm5KRWNjRjRUT2JYMHdr?= =?eucgb2312_cn?b?R1A1aHZWYVhzdUU4UGYwSkgvQkNPSHZ3cU50anRNUWpheXBZV1ltM3hUVEdkMGIr?= =?eucgb2312_cn?b?c3NuZTFiZDVVenBac0lWSCszNXV6RmRNME1EbFBDakc0Q2Ewczl4R1Z3ZlBBZTBN?= =?eucgb2312_cn?b?K1FpNXBxMmxJRUQvbXJpbU5CRU45QjJlODFsL0hhN2ZVK29raHcxTFJabjZDZ2lT?= =?eucgb2312_cn?b?TlRTYitQV1luaGh3amVsM3dQRy8vMmFoN1Q4cFZBTzE5SzJnT0w2RVBkTFIybGZS?= =?eucgb2312_cn?b?MnBHSFhZMThuYWtQUzdvY1BxOFlqcU5MYXlzSVV5M0xLVFY1YlVNcnRxeTJVSFFW?= =?eucgb2312_cn?b?QXdmeGs3Y054NGZBRjNabGM2ZUJobmthYmxaZS9jemNBcXB0dzNyV0JRQ2tCMTRy?= =?eucgb2312_cn?b?Q0FZbkZoMy9zUUUzS2w1RUI5SWg2QTh2R0ZlY3ozbWlqRFRwY1dOaHp3OTUrYTJE?= =?eucgb2312_cn?b?S3RIOGt3NEpXYWkyRmh5bjFnTGl1VmlCV0ZtNWtWNmMzNTZFZGF0Z0I3czZJdUJT?= =?eucgb2312_cn?b?d08xK1hUMS9FckowOHpPYkdtZGFyVDNzYkVsRjl5elNIMmozUlJrdkJjWWZGd2Vx?= =?eucgb2312_cn?b?bWR6WC9hTEY3c0wrTVFaYXFEdit6eTJZT0tHeTF2V1hLUDNMdVJBR0hYUTBmL25Z?= =?eucgb2312_cn?b?ak5kaVlLQkNzK3BGem5CbEx3TTB0R0RMS2NEK0ZPckt6di9zdUgwTUR4MGhNWHN3?= =?eucgb2312_cn?b?SkNIT1dKbmF0VnhjNXVITkg2ZUIzU0JPVEw2TGpiVGdrN0M5bEllMFZoQ1BrckpR?= =?eucgb2312_cn?b?RXdXSWljWVdoTkpTV3BYNVFQeUZnZ2NBbVQ3RVdTWHJCb3ZDNURQdFE0dkIwb0NX?= =?eucgb2312_cn?b?dFEvSXU1VVFESEMvMXFQbGpsUGVNeFFyRzh4c0F3SFJESnFkU2RvYVFQN0JpZXFJ?= =?eucgb2312_cn?b?RGIzanpzSEs3aXlJSWNZRFV3UjFqQ0RBOEt2UzNrV2E3c29aZVhFVndkYUlhRG9k?= =?eucgb2312_cn?b?bXNZdUN5U3JaZ2RGeEFHeU5rYXlDdDUva1V6V3JGT21iN2xvQS9BL0dtR2JoSGIv?= =?eucgb2312_cn?b?QjArRGo0VnpPU2JPaW03a0orbHJmRXZhVT0=?= Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: vivo.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TYUPR06MB6217.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c2626aa1-177a-48ea-fa0c-08dd077ee4e6 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2024 03:12:54.3869 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 923e42dc-48d5-4cbe-b582-1a797a6412ed X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +YtjMYaEoTP0wAsBliUGRTfSQ68eQAfpDjJcwm930sJQIreJNH/6MTnirWbE3tJZidrHpH3mM07PAISLibMHVw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR06MB6845 From: Lianqin Hu Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function,The port->port_usb pointer will be set to NULL. E.g. Thread A Thread B gs_open() gadget_unbind_driver() gs_start_io() composite_disconnect() gs_start_rx() gserial_disconnect() ... ... spin_unlock(&port->port_lock) status = usb_ep_queue() spin_lock(&port->port_lock) spin_lock(&port->port_lock) port->port_usb = NULL gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock) Crash This causes thread A to access a null pointer (port->port_usb is null) when calling the gs_free_requests function, causing a crash. To solve this problem, add the read_busy flag, before setting port_usb to null in gserial_disconnect, add the read_busy flag judgment. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8 pc : gs_start_io+0x164/0x25c lr : gs_start_io+0x238/0x25c sp : ffffffc08b75ba00 x29: ffffffc08b75ba00 x28: ffffffed8ba01000 x27: 0000000000020902 x26: dead000000000100 x25: ffffff899f43a400 x24: ffffff8862325400 x23: ffffff88623256a4 x22: ffffff8862325690 x21: ffffff88623255ec x20: ffffff88623255d8 x19: ffffff885e19d700 x18: ffffffed8c45ae40 x17: 00000000d48d30ad x16: 00000000d48d30ad x15: 0010000000000001 x14: ffffffed8c50fcc0 x13: 0000000040000000 x12: 0000000000000001 x11: 0000000080200012 x10: 0000000080200012 x9 : ffffff88623255d8 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : ffffffed8ae0b9a4 x4 : fffffffe267d0ea0 x3 : 0000000080200012 x2 : ffffff899f43a400 x1 : 0000000080200013 x0 : ffffff899f43b100 Call trace: gs_start_io+0x164/0x25c gs_open+0x108/0x13c tty_open+0x314/0x638 chrdev_open+0x1b8/0x258 do_dentry_open+0x2c4/0x700 vfs_open+0x2c/0x3c path_openat+0xa64/0xc60 do_filp_open+0xb8/0x164 do_sys_openat2+0x84/0xf0 __arm64_sys_openat+0x70/0x9c invoke_syscall+0x58/0x114 el0_svc_common+0x80/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x38/0x68 el0t_64_sync_handler+0x68/0xbc el0t_64_sync+0x1a8/0x1ac Code: f2fbd5ba eb14013f 540004a1 f940e708 (f9407513) ---[ end trace 0000000000000000 ]--- Signed-off-by: Lianqin Hu --- drivers/usb/gadget/function/u_serial.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index 0a8c05b2746b..9ab2dbed60a8 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -124,6 +124,7 @@ struct gs_port { struct kfifo port_write_buf; wait_queue_head_t drain_wait; /* wait while writes drain */ bool write_busy; + bool read_busy; wait_queue_head_t close_wait; bool suspended; /* port suspended */ bool start_delayed; /* delay start when suspended */ @@ -331,9 +332,11 @@ __acquires(&port->port_lock) /* drop lock while we call out; the controller driver * may need to call us back (e.g. for disconnect) */ + port->read_busy = true; spin_unlock(&port->port_lock); status = usb_ep_queue(out, req, GFP_ATOMIC); spin_lock(&port->port_lock); + port->read_busy = false; if (status) { pr_debug("%s: %s %s err %d\n", @@ -1412,19 +1415,21 @@ void gserial_disconnect(struct gserial *gser) /* tell the TTY glue not to do I/O here any more */ spin_lock(&port->port_lock); - gs_console_disconnect(port); + if (!port->read_busy) { + gs_console_disconnect(port); - /* REVISIT as above: how best to track this? */ - port->port_line_coding = gser->port_line_coding; + /* REVISIT as above: how best to track this? */ + port->port_line_coding = gser->port_line_coding; - port->port_usb = NULL; - gser->ioport = NULL; - if (port->port.count > 0) { - wake_up_interruptible(&port->drain_wait); - if (port->port.tty) - tty_hangup(port->port.tty); + port->port_usb = NULL; + gser->ioport = NULL; + if (port->port.count > 0) { + wake_up_interruptible(&port->drain_wait); + if (port->port.tty) + tty_hangup(port->port.tty); + } + port->suspended = false; } - port->suspended = false; spin_unlock(&port->port_lock); spin_unlock_irqrestore(&serial_port_lock, flags);