Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3943507pxj; Mon, 21 Jun 2021 09:54:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxela0/d/jSQIoSp/qrCp8If/hSzTCK82ALCxc8ueUdCdJeDDPilZpneqLUsazbsvl43RaY X-Received: by 2002:a6b:d001:: with SMTP id x1mr11717295ioa.171.1624294446944; Mon, 21 Jun 2021 09:54:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624294446; cv=none; d=google.com; s=arc-20160816; b=KT4FRIsDhFrHwJUiSoRfOKuYcHI21owrMm6nZePC63Yny2zX4KHD0IB5JBo0+8Jpo/ dEUF71FmLN8Jd5RzL9b5CHqjPTDA8BPVZXwoiRJUeA5wmPDX8QKXrx3hCEkabBxeo//q 4Q/eWyRYbGtp0WiwrZR72jIJn+V264nbhFUbf/WDmMvZAFKcNelVmzXmh4Kfhg9sOAvy ZLg8G9y5pq+A/utauUyrNeBQl2i7pP4sK6I4E2m6kgsNZZOPyZrF9dvaeTV3yL76kyqk xDzSvDd1RqoekC/FsWH43Ozi4Rt6yYbEPdInohOBLt3jclsEkZ1Om/pUx9H6vOHEIfpL 2B7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=RSrcAxp3YQzDD0emO+OItkqStVbRxtd9QsFyD2Dev1w=; b=rHgOgfYSqk4RzgUYwEASlL2ioEBAwn3cYAVLhDdiMa3epqGaAJ6X6pBkYa7onbofDx O8iBRpa9fkXrZTlhn672m0NF2z69zJ9hWydF0xs9hIBU64sAkFpBFtVwdQNVbwYQnHgk anIFjCga/Kwh5YHuy4qz/wmOGsPi/r12QrvxQvK9VuJ10QLgJuVSkMG65uILv4kWk1ow zNdJqkwD6biHwj2vqECXvOnpLMKWwHRLuzZ4pCOwHW4oYxBSnp8H2IF/Sz70qur2GOnQ DMttH0q06nk4gXDPKJ5TrcUj3tmfRjUKoLekXS/1GxbIgjWzMO9dy8upRcqxvwe7u4Du C/mA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="TDGHGv9/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e7si12676816ilq.68.2021.06.21.09.53.55; Mon, 21 Jun 2021 09:54:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="TDGHGv9/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231676AbhFUQy7 (ORCPT + 99 others); Mon, 21 Jun 2021 12:54:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:41158 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232584AbhFUQvH (ORCPT ); Mon, 21 Jun 2021 12:51:07 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id BF36A6141E; Mon, 21 Jun 2021 16:35:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1624293311; bh=XPCWpjmK3NPf8Hr7zjphzLZeWduT3z+M+pWQp2F6Ktg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TDGHGv9/hGsKzQ2kftMUeaz6hp3gfNURq51ZkwbG/RuzvdbdQXkcr/t+o8jJNlYG1 XFp9AFL6g1CavKKAPo2bw5S+8JJyyVdHRwK8Ppaf5/aUSLJC4fXq3JhcmgBiwnFmlF Tue1SUBDUSrdKEhgStR/3HnhfxG0u8kbfk+cEnvg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jack Pham , Peter Chen Subject: [PATCH 5.12 178/178] usb: dwc3: core: fix kernel panic when do reboot Date: Mon, 21 Jun 2021 18:16:32 +0200 Message-Id: <20210621154928.812384776@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210621154921.212599475@linuxfoundation.org> References: <20210621154921.212599475@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Peter Chen commit 4bf584a03eec674975ee9fe36c8583d9d470dab1 upstream. When do system reboot, it calls dwc3_shutdown and the whole debugfs for dwc3 has removed first, when the gadget tries to do deinit, and remove debugfs for its endpoints, it meets NULL pointer dereference issue when call debugfs_lookup. Fix it by removing the whole dwc3 debugfs later than dwc3_drd_exit. [ 2924.958838] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000002 .... [ 2925.030994] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--) [ 2925.037005] pc : inode_permission+0x2c/0x198 [ 2925.041281] lr : lookup_one_len_common+0xb0/0xf8 [ 2925.045903] sp : ffff80001276ba70 [ 2925.049218] x29: ffff80001276ba70 x28: ffff0000c01f0000 x27: 0000000000000000 [ 2925.056364] x26: ffff800011791e70 x25: 0000000000000008 x24: dead000000000100 [ 2925.063510] x23: dead000000000122 x22: 0000000000000000 x21: 0000000000000001 [ 2925.070652] x20: ffff8000122c6188 x19: 0000000000000000 x18: 0000000000000000 [ 2925.077797] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000004 [ 2925.084943] x14: ffffffffffffffff x13: 0000000000000000 x12: 0000000000000030 [ 2925.092087] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f x9 : ffff8000102b2420 [ 2925.099232] x8 : 7f7f7f7f7f7f7f7f x7 : feff73746e2f6f64 x6 : 0000000000008080 [ 2925.106378] x5 : 61c8864680b583eb x4 : 209e6ec2d263dbb7 x3 : 000074756f307065 [ 2925.113523] x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff8000122c6188 [ 2925.120671] Call trace: [ 2925.123119] inode_permission+0x2c/0x198 [ 2925.127042] lookup_one_len_common+0xb0/0xf8 [ 2925.131315] lookup_one_len_unlocked+0x34/0xb0 [ 2925.135764] lookup_positive_unlocked+0x14/0x50 [ 2925.140296] debugfs_lookup+0x68/0xa0 [ 2925.143964] dwc3_gadget_free_endpoints+0x84/0xb0 [ 2925.148675] dwc3_gadget_exit+0x28/0x78 [ 2925.152518] dwc3_drd_exit+0x100/0x1f8 [ 2925.156267] dwc3_remove+0x11c/0x120 [ 2925.159851] dwc3_shutdown+0x14/0x20 [ 2925.163432] platform_shutdown+0x28/0x38 [ 2925.167360] device_shutdown+0x15c/0x378 [ 2925.171291] kernel_restart_prepare+0x3c/0x48 [ 2925.175650] kernel_restart+0x1c/0x68 [ 2925.179316] __do_sys_reboot+0x218/0x240 [ 2925.183247] __arm64_sys_reboot+0x28/0x30 [ 2925.187262] invoke_syscall+0x48/0x100 [ 2925.191017] el0_svc_common.constprop.0+0x48/0xc8 [ 2925.195726] do_el0_svc+0x28/0x88 [ 2925.199045] el0_svc+0x20/0x30 [ 2925.202104] el0_sync_handler+0xa8/0xb0 [ 2925.205942] el0_sync+0x148/0x180 [ 2925.209270] Code: a9025bf5 2a0203f5 121f0056 370802b5 (79400660) [ 2925.215372] ---[ end trace 124254d8e485a58b ]--- [ 2925.220012] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 2925.227676] Kernel Offset: disabled [ 2925.231164] CPU features: 0x00001001,20000846 [ 2925.235521] Memory Limit: none [ 2925.238580] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- Fixes: 8d396bb0a5b6 ("usb: dwc3: debugfs: Add and remove endpoint dirs dynamically") Cc: Jack Pham Tested-by: Jack Pham Signed-off-by: Peter Chen Link: https://lore.kernel.org/r/20210608105656.10795-1-peter.chen@kernel.org (cherry picked from commit 2a042767814bd0edf2619f06fecd374e266ea068) Link: https://lore.kernel.org/r/20210615080847.GA10432@jackp-linux.qualcomm.com Signed-off-by: Greg Kroah-Hartman --- drivers/usb/dwc3/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1657,8 +1657,8 @@ static int dwc3_remove(struct platform_d pm_runtime_get_sync(&pdev->dev); - dwc3_debugfs_exit(dwc); dwc3_core_exit_mode(dwc); + dwc3_debugfs_exit(dwc); dwc3_core_exit(dwc); dwc3_ulpi_exit(dwc);