From patchwork Tue Nov 26 07:00:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?6IOh6L+e5Yuk?= X-Patchwork-Id: 13885514 Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01on2066.outbound.protection.outlook.com [40.107.215.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 443B62940D; Tue, 26 Nov 2024 07:00:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.215.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732604444; cv=fail; b=uBsrljQBZhaoZ1e4cQhceQlFZbfi0AlZRi2unKpWfiNITdiSiWNUkYz4byJb3Jza0kGC0FgxiFG3F4bft8J5Q5q4C/17sCT8Fb6ln3Rr5CnCHBO9y4punzt19iaeYDKHZmO3eCN5FiU47WBowMjKkbvR9T+j3qFz/EO2mCnjMGA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732604444; c=relaxed/simple; bh=1WL3SDN1Du0bkTmxpapsxP1zFFJ638qiS5qvCazlcoI=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=T96dix8lkrKsiSdiSHy/Vc6alpm5EzAHe2w3bFz1MDSp27Q8ExAR7dadVfXVJrGeDzC6EEeczplpTdddqd+n2O10JySNpFQevrB7LqLWFmIFPaq1OxCZBhM4DlYXAKQ4Nd9ekILnsGwuUKJDcCgN0HjZn39SXfUxAKakq95LgO4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com; spf=pass smtp.mailfrom=vivo.com; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b=bvhPDqb5; arc=fail smtp.client-ip=40.107.215.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=vivo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b="bvhPDqb5" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MgHhCay0XB1YZCqtYj7IdMdlQj9Rh75lH6i7CYTbo6WA9/7+2iO2Ff6pIQR5G0gsK9oQQA0aNdD4n4n6UNZKseMKXF/w7zEc3/LIOzl1CtRW+/AvcZzN7Pn6YSvPZ4Vd26+OZfkv1BsA4Tb8cfIu8p1d3eLI+LuwGj4qP60L9IVMOAYguLl4rnOFtOHhAMDkz0crQCFg0BDg6dKSXerJYu1Xwj4ExiXeJyAq/2Y0N7QZz/rz/lbIY9OncT7zofDYV2YDfvkIsNCeyo8WA7oxoOAu/UHOBK8ztESJpjIWRMNsSkBeZNMjs0JGtrut12jxU4fDaqfumphv8GO45SeC8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1WL3SDN1Du0bkTmxpapsxP1zFFJ638qiS5qvCazlcoI=; b=QdcsnJJJcL0WkbYRQYUM9FvRaDNKl+RsBO237Trp78ktBctwFRQJSN98iPix0Iuu21tgcam3g7dA8ecJxhWw1KgVn34tgHfTiGkeyAzm8pbqo9+wLOin///xmHyyoSBUBXObo566fQi9CBCmeTEBc5NNd3tCGtn0Sx0XMQCdueQG8NnQbJPZeJV/HJFgGMxSOeJRursrnfd9Te/q7pyD9dpZJa4VgLHkOU+r8I+aKL0k2qhIDLS4m58SPoMIdAxxZ4WBmmsQI+PPiS4xU+XA/u1E/6NVKcrk/5oP32unuAm1Sr6ceI1Cy+QdgQwauvYTunjQ5S+kj4tCO+3A67UAOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vivo.com; dmarc=pass action=none header.from=vivo.com; dkim=pass header.d=vivo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1WL3SDN1Du0bkTmxpapsxP1zFFJ638qiS5qvCazlcoI=; b=bvhPDqb54eBv4UyR3MNsrBZ4J1itq3WghrquzQ4Glq20iUC5CVYN3TzF5R03knINDS4fyhja1ILz0dBYhS0RiZpW2JjI8UR1X6zx6Ai8ED2uGoP+xFo7HsmIXME3qa5NytRXGyipf6nZA6179Iniuf4nRDVrXvka9eDENwDZqoc+L1RoUJZOS4oBOxTOA0/6jnCSk5KX/yjWwR6rAUTyIGTRToNfgwQetZWr79QCahBDoqDUm1Vae5G4zC+wFwgE3Fb2nYskO2Sesdkg+0tWgMPLFBEh8QftbGxl28ewbEC8GzTaShLEWLOXZjwGApRTHWRlj3mvxk7EFEpak8QmwQ== Received: from TYUPR06MB6217.apcprd06.prod.outlook.com (2603:1096:400:358::7) by TYUPR06MB6025.apcprd06.prod.outlook.com (2603:1096:400:359::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8182.18; Tue, 26 Nov 2024 07:00:36 +0000 Received: from TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe]) by TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe%6]) with mapi id 15.20.8207.010; Tue, 26 Nov 2024 07:00:35 +0000 From: =?eucgb2312_cn?b?uvrBrMfa?= To: "gregkh@linuxfoundation.org" , Prashanth K , "quic_jjohnson@quicinc.com" , "mwalle@kernel.org" CC: "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , opensource.kernel , =?eucgb2312_cn?b?uvrBrMfa?= Subject: [PATCH v3] usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Thread-Topic: [PATCH v3] usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Thread-Index: Ads/0KOYIMV5fb0KR0SoXAeOq8TMMg== Date: Tue, 26 Nov 2024 07:00:35 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vivo.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: TYUPR06MB6217:EE_|TYUPR06MB6025:EE_ x-ms-office365-filtering-correlation-id: 682a00df-1c13-443d-6272-08dd0de806ce x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700018; x-microsoft-antispam-message-info: =?eucgb2312_cn?b?SU9mWGVSdEp0MUhJaWNHMHBST2pM?= =?eucgb2312_cn?b?aUdhZENPSjFFWmdtZnNjUnBZR2pGVUs1UkpVU3NUMDdWRDFXVk9pa3hSUFR4ak8x?= =?eucgb2312_cn?b?YWRMWDdieEtlRUNneU12Vmt6VEVKdGYyRnZWNklDZ2tSYzNRRkkxd2tocTc2alZo?= =?eucgb2312_cn?b?RkdJREdHTnVYeFRqUUJnT010RWlqM3ZzMWgxbktPUWRHdmZGc3pnbkY0KyswSnZK?= =?eucgb2312_cn?b?RGNLWHV2d3QyM05QZzZncm1CK281M0ZQSGFNdWk5bkorMmdOT2dUOGlZeFdXVjcx?= =?eucgb2312_cn?b?WFU4RDUyRjNLTWZ2eWUvOFZwUWUzQ0ZZY2tCTnNEaUxNd29oRlQ0SlltVjVMNDJN?= =?eucgb2312_cn?b?eTE4RHE1R3A3Wk5NWkREOFl3YkdIRXo4VlNEZGpKcUtCY2pzUUVzWjhtbEVza0pj?= =?eucgb2312_cn?b?Vjh0cEhwejc5RTZ1YWtMTEI1ZWFkUTdod0pKSUJ4VXZjZ0ppNGtEZmZQb0RvVHY3?= =?eucgb2312_cn?b?Z09JS3JyS283UnF4N0wvNUsxdTY4bXZvRHFxMzlzczA1VXVTVCs0VjlBTWxvZFZo?= =?eucgb2312_cn?b?cndJUStpS3ZheW9DSjlaYVBVdHRZZ3hiT2tvRTNJT0tqTmJ5a3V5RnNDbzA1ZytG?= =?eucgb2312_cn?b?L0lWVDlZeklDbVV4TW5Ib3o0bjN3WmozU3hoTENJZk5tcnB3b1ArVThyNzdzT2Y0?= =?eucgb2312_cn?b?elZwcTRPdjNHWi9IV2ovV25lRUJtZnRHRlhwVjBOMk8xQzVIZVY3aVJzZjJUMUdI?= =?eucgb2312_cn?b?WlRuTm9SanVES1pVR2ZCU0w3S2FqS2RLQ1FLZmU0L1ZEblptallWY0kwQXk2SVpS?= =?eucgb2312_cn?b?RXVLdjF2RjFFdzBxT2NLQTJrTXRLRzFSNnppNktudlVhYU03dVlIVnB1R1RXdmZ4?= =?eucgb2312_cn?b?TmJpUzVRN0Jramp0SUZLMEVnV2hkVVl5a0ZYenJWU3QrL2lsNEhOSWlZTWh4QzI2?= =?eucgb2312_cn?b?NCtiaGNaamQvRTRIVlRuTk5CVlo2UFhXZ2wyd1E3U2lCYnA3NU5hT1N6OXFwRDVq?= =?eucgb2312_cn?b?QkNYVStuMmwvRnNHeHoybERrVEIxL0ZiVFZjTmo1Wmp2eEhsQ2o2WHpXR29aVzUx?= =?eucgb2312_cn?b?MDRncHRjV1FTZld0VElReVAvaDV2TDd3RzlDUDliK2pVTTFkK3hpdTFZcUh5OW50?= =?eucgb2312_cn?b?L0Z2RytnZURHd0JHdlloZndGZW1HV2tIeHRxbVBWanhqWWdDd1RXKzRVWUFKMTg1?= =?eucgb2312_cn?b?aVRTQ1hMcnYzSjFSV20zVityQjF3OG5IWXIxZWdlWlNndVVNWlhJOVRCYXl3TkYx?= =?eucgb2312_cn?b?UXBoUHowNkhndXRwQ3FxdHpOaDFFeFR2VUxHRHNGdFBIMUNhdldZdVdvYlFNQW95?= =?eucgb2312_cn?b?bC9UWFRZRjlZMUQ2V1JBejNKTUlsTjhRcENUMCtGMlFYOXBJNVhaWUM2Q0ZiRU1K?= =?eucgb2312_cn?b?clcrN0dCRktSNmNhWTFYaVkxN0VTcXhMR21rOEFwMkExVVBMdGR5T3l5ZHd2N2tR?= =?eucgb2312_cn?b?L2tBeDhTejBBbUt2WStKS3FQK2JQSkR1TkpabmRIa1NFSXdYNkN2dlBCbUcvZjZW?= =?eucgb2312_cn?b?V1ZmV1FRNmhtVXM5MUhJb2VsK3F3Z0VCeWtobXJYSjVPbEJIS3NwSjdETzV1aGQ4?= =?eucgb2312_cn?b?YnFQSUNZQ1VybThzaXF3Smxld09UeEI1Z3k1cmowbEZqNlRUYVlnVDh2L3VLd000?= =?eucgb2312_cn?b?SVp4cDBWRnJYUXpwK3N5a08rd0NqWXlWWHZmaDNGb0czNjhWM0lyRkM3eWRGQ25V?= =?eucgb2312_cn?b?VlMwZExlL3RKL1p4Sm5KTGx0eS9HSjNDd3JmOTZjQjllQWtVNFZjZGVqMm9JeURl?= =?eucgb2312_cn?b?Rm9wYmlRZEt5bEZPR2RvN081SEcybmJyMnZKYlVHaDBxWEp3L2JHbWhOaUthaHZB?= =?eucgb2312_cn?b?cXpsVWF3N2NVRzFZV2JsUnJoTTNqVT0=?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:zh-cn;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYUPR06MB6217.apcprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?eucgb2312_cn?b?RERSb2tBV29ZVS9LR05zYzIz?= =?eucgb2312_cn?b?NDdMbm5jY21jYUJReFhlQjFPYnFQblBwaHFzcDBwZVBZSjJwS2s1TVpsTXphSTJX?= =?eucgb2312_cn?b?V1lTVy9IbDRJQ3JpMUZXYjdEd0FOUFJaYWhWVFduU1phRzJ1ejc3d2dVbm1XU1Za?= =?eucgb2312_cn?b?clBnS3ZSNHJZVnJLeFJTczdGUjlzVi9yZU1NaHBBN1hlamVCL1ZyUkRBZzBXVTFS?= =?eucgb2312_cn?b?a3BPSHI5NllUQzBUcjlCaWN1NGdodUF0RTFnZWNiZFlMWmVPTmw5aHNNKzlxeFpQ?= =?eucgb2312_cn?b?aUR5M2pTeEhVa1dEV2VYc1ZQV3pUZmUyRmYxbGNRT0RxZVRVOU5sRUp2ZG5JaXRk?= =?eucgb2312_cn?b?MkF1N0xLdEtyLzlpV1dXcWZ0akZGQWc4c2dNV0FZbjY3ZzVTMjJaZ2E0N1J3dVpl?= =?eucgb2312_cn?b?VUdweWtVYXk3VVVtV3RaZWd4cW5BNkhud202TjZtZHhPWGFnSGYyTnFsME9YazB6?= =?eucgb2312_cn?b?UFJEaUNYekErejdlSUwrRG9IbnpTbWgwell1cVAxSFJtUVFBS2hLWG8xa1gzU2dw?= =?eucgb2312_cn?b?RmlUTlVUYTFMTE8yMzVGeVQ3aVgxMmNvK1hBQzJRNS81ZHRBa0VQUkJBT2JwSFF1?= =?eucgb2312_cn?b?aWdXUWRGYUxDL3NQS0dwQTNtRGpBclBZeEQrMmYvRnpqbnRDbFBkUURmeDcvNzJS?= =?eucgb2312_cn?b?STJwdlVEQjV4bjJ1OXMzQ3BmOVZHWXpvS3RtRkpCQklFQTFpclJGNnRxbzgrRXpV?= =?eucgb2312_cn?b?ZmF1MG9WUDFCK1k3eDF2TUZlc1hERndDaUNjNlN3RzVTNXlwVWxwUEZ2T2NDVllI?= =?eucgb2312_cn?b?eTFzN0FBV0s2ZTVoNDNIWHViaUdOWUpGU2duYVc5Z00vWk10V1VrbDJ1bHhiT3pk?= =?eucgb2312_cn?b?NGtlY1ZaSXREanE0dlV6azBrREFvbWk2RUNlc0ZuVzArcFNBTWdJRkVmZlc2UFNh?= =?eucgb2312_cn?b?TVFHdGVGY1NnMGNKZlVWZm9ZR2N5VTY4UkVqb2d3UDBFVUM5b2RFS3o5aGlsa1hO?= =?eucgb2312_cn?b?cFpPYUg4QmRFZzRXb1lXK0tSVWVvelh6bFkzTVR6RmJxTzN6QjhScExUV2xRMTdP?= =?eucgb2312_cn?b?aEp0L2Y3Z3ZyK2JPZm91cWo4VmFyL2hlbVJDRnhxMTZZVzE0MUd3Tm8rbXA1VG9n?= =?eucgb2312_cn?b?OUMrYTlDMEM2L05xUVI5d3BCemJ4b3VCRE16ZDBKenJQOUhJR2tZV1NIeldtbUdL?= =?eucgb2312_cn?b?dGJYbTJrbld6V3MzY0s4RHdmZWc4Z3lpKzFtNFNQcmdEck1NQjJ2c25UNmhPelJD?= =?eucgb2312_cn?b?VWpaZnQ1MFE5N1V6YWZnY2EzeTBoL2VKbi9kOGN4OUV5NnJTczZHb1BNTHE5RWZY?= =?eucgb2312_cn?b?WFFERGRPVFcwVyswU3Y1K3A0TjBsZzYxV0oyaWhxdWFKYnNsWlMrS0JCVFlmY1lq?= =?eucgb2312_cn?b?MTg0NEQzM3IvTW5GR09nVjRhWTVaT2xGV2FyVHZjbmU0WFI2MWwzQ1J3YXA1U1dv?= =?eucgb2312_cn?b?b0J6SWs3QzBPTzc2NGxhMlZlN1RIV1JoYUQweHRydUg2SlhZQ25waHIwN1ZwNnJI?= =?eucgb2312_cn?b?NU5nTjdxY3BSejNlSTJLc0VvRTM5eXZEaHdKa3ExOCtRUTJEYklheldzWEp0NWFs?= =?eucgb2312_cn?b?WWVZc0x0bmxqSFVNZTlOMVZrNSt2bm9oekJRSjBMdzBubXUwZks0WmdvVHRnUU8r?= =?eucgb2312_cn?b?c05nZXo0TWt0NFdCY1Y3M05RUDJPSEJGT2ROZ3I5Y0Rsam9FQk1TV2RxdmtmYmxy?= =?eucgb2312_cn?b?ZVFZbXRFUnZWdjVVVWJGaEVJOEs4a3FSL1ZkQ08zbG03a01ndTJ0MnI3RCtITUxW?= =?eucgb2312_cn?b?cTZBK0VyV0lCRmJNTWtmQi9DbFc0U0xDZ0huSnBOZWp3VVdQanNWMktwOHhBNll6?= =?eucgb2312_cn?b?bzVpSXVRMVBJRy9XWFZjaGhkS0xxb2U2dnhaa3AyaTM0citzWGpCSU1vTWdzTzha?= =?eucgb2312_cn?b?eWFkcWhCMzFwQTB0MjdINnF5dk4yaGV6V0N2MjdJTFBaTHZ6b0J6Mmc1QzlGeFlW?= =?eucgb2312_cn?b?SFQxN29qS2VLR0hmcU1ZOVQrN3orUUtsM0xLcGt5RlZNYWFLREpud2JwcUt0ZlZD?= =?eucgb2312_cn?b?SHlFMVBUWkh3TU5QQ05aL3pOZnBuaDJ4d2hJbklUNGc0TWptVmIyMFZjeGRzNGZX?= =?eucgb2312_cn?b?OTl6d1h4Z2o5cjFMaUVUckVWSnJYa3U4WT0=?= Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: vivo.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TYUPR06MB6217.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 682a00df-1c13-443d-6272-08dd0de806ce X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2024 07:00:35.3842 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 923e42dc-48d5-4cbe-b582-1a797a6412ed X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zy6Xz54rFUayQ0qDZ+Fas0fyOpiJrS5WzBXOFDOA1u5/Vf4HTxtUM6ECUebAohowL1qYu8xF/e72vktL+PSPEQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYUPR06MB6025 From: Lianqin Hu Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function,The port->port_usb pointer will be set to NULL. E.g. Thread A Thread B gs_open() gadget_unbind_driver() gs_start_io() composite_disconnect() gs_start_rx() gserial_disconnect() ... ... spin_unlock(&port->port_lock) status = usb_ep_queue() spin_lock(&port->port_lock) spin_lock(&port->port_lock) port->port_usb = NULL gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock) Crash This causes thread A to access a null pointer (port->port_usb is null) when calling the gs_free_requests function, causing a crash. If port_usb is NULL, the release request will be skipped as it will be done by gserial_disconnect. So add a null pointer check to gs_start_io before attempting to access the value of the pointer port->port_usb. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8 pc : gs_start_io+0x164/0x25c lr : gs_start_io+0x238/0x25c sp : ffffffc08b75ba00 x29: ffffffc08b75ba00 x28: ffffffed8ba01000 x27: 0000000000020902 x26: dead000000000100 x25: ffffff899f43a400 x24: ffffff8862325400 x23: ffffff88623256a4 x22: ffffff8862325690 x21: ffffff88623255ec x20: ffffff88623255d8 x19: ffffff885e19d700 x18: ffffffed8c45ae40 x17: 00000000d48d30ad x16: 00000000d48d30ad x15: 0010000000000001 x14: ffffffed8c50fcc0 x13: 0000000040000000 x12: 0000000000000001 x11: 0000000080200012 x10: 0000000080200012 x9 : ffffff88623255d8 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : ffffffed8ae0b9a4 x4 : fffffffe267d0ea0 x3 : 0000000080200012 x2 : ffffff899f43a400 x1 : 0000000080200013 x0 : ffffff899f43b100 Call trace: gs_start_io+0x164/0x25c gs_open+0x108/0x13c tty_open+0x314/0x638 chrdev_open+0x1b8/0x258 do_dentry_open+0x2c4/0x700 vfs_open+0x2c/0x3c path_openat+0xa64/0xc60 do_filp_open+0xb8/0x164 do_sys_openat2+0x84/0xf0 __arm64_sys_openat+0x70/0x9c invoke_syscall+0x58/0x114 el0_svc_common+0x80/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x38/0x68 el0t_64_sync_handler+0x68/0xbc el0t_64_sync+0x1a8/0x1ac Code: f2fbd5ba eb14013f 540004a1 f940e708 (f9407513) ---[ end trace 0000000000000000 ]--- Suggested-by: Prashanth K Signed-off-by: Lianqin Hu v3: - Update patch submission description - Link to v2: https://lore.kernel.org/all/TYUPR06MB62178D00DC96CC2702114CF5D2222@TYUPR06MB6217.apcprd06.prod.outlook.com/ v2: - Modify patch content and description according to "v1 suggestion" - Link to v1: https://lore.kernel.org/all/TYUPR06MB621737D16F68B5ABD6CF5772D2272@TYUPR06MB6217.apcprd06.prod.outlook.com/ drivers/usb/gadget/function/u_serial.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index 0a8c05b2746b..53d9fc41acc5 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -579,9 +579,12 @@ static int gs_start_io(struct gs_port *port) * we didn't in gs_start_tx() */ tty_wakeup(port->port.tty); } else { - gs_free_requests(ep, head, &port->read_allocated); - gs_free_requests(port->port_usb->in, &port->write_pool, - &port->write_allocated); + /* Free reqs only if we are still connected */ + if (port->port_usb) { + gs_free_requests(ep, head, &port->read_allocated); + gs_free_requests(port->port_usb->in, &port->write_pool, + &port->write_allocated); + } status = -EIO; }