kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/drivers/usb/gadget/function
History
Felix Hädicke d5c024f376 usb: gadget: serial: fix possible Oops caused by calling kthread_stop(NULL) 
Add check for NULL before calling kthread_stop().

There were cases in which gserial_console_exit() was called, but the
console thread was not started. This resulted in an invalid
kthread_stop(NULL) call.

Without this, the following Oops may occur:

    BUG: unable to handle kernel
    NULL pointer dereference at 0000000000000018
    IP: [<ffffffffb3ca1166>] kthread_stop+0x16/0x110
    ...
    CPU: 2 PID: 853 Comm: rmmod Not tainted 4.9.0-rc5 #3
    Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z77 Extreme3, BIOS P1.50 07/11/2013
    task: ffff880419f6a100 task.stack: ffffc90002e8c000
    RIP: 0010:[<ffffffffb3ca1166>]  [<ffffffffb3ca1166>] kthread_stop+0x16/0x110
    RSP: 0018:ffffc90002e8fdb0  EFLAGS: 00010286
    RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000
    RDX: 0000000000000001 RSI: 0000000000000246 RDI: 0000000000000000
    RBP: ffffc90002e8fdc8 R08: 0000000000000000 R09: 0000000000000001
    R10: 000000000000019d R11: 000000000000001f R12: 0000000000000000
    R13: ffff88041b8d8400 R14: 0000000000000001 R15: 000055fd59f5a1e0
    FS:  00007f82500be700(0000) GS:ffff88042f280000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000018 CR3: 000000041bee2000 CR4: 00000000001406e0
    Stack:
     0000000000000000 ffffffffc0b8e720 ffff88041b8d8400 ffffc90002e8fdf0
     ffffffffc0b8bb52 ffff88041a106300 0000000000000001 ffff880419fc2ea8
     ffffc90002e8fe08 ffffffffc0aed749 ffffffffc0aef600 ffffc90002e8fe20
    Call Trace:
     [<ffffffffc0b8bb52>] gserial_free_line+0x72/0xb0 [u_serial]
     [<ffffffffc0aed749>] acm_free_instance+0x19/0x30 [usb_f_acm]
     [<ffffffffc0b01b40>] usb_put_function_instance+0x20/0x30 [libcomposite]
     [<ffffffffc04a603b>] gs_unbind+0x3b/0x70 [g_serial]
     [<ffffffffc0b018d1>] __composite_unbind+0x61/0xb0 [libcomposite]
     [<ffffffffc0b01933>] composite_unbind+0x13/0x20 [libcomposite]
     [<ffffffffc08ef1ad>] usb_gadget_remove_driver+0x3d/0x90 [udc_core]
     [<ffffffffc08ef26e>] usb_gadget_unregister_driver+0x6e/0xc0 [udc_core]
     [<ffffffffc0aff6d2>] usb_composite_unregister+0x12/0x20 [libcomposite]
     [<ffffffffc04a6268>] cleanup+0x10/0xda8 [g_serial]
     [<ffffffffb3d0c0c2>] SyS_delete_module+0x192/0x270
     [<ffffffffb3c032a0>] ? exit_to_usermode_loop+0x90/0xb0
     [<ffffffffb4228a3b>] entry_SYSCALL_64_fastpath+0x1e/0xad
    Code: 89 c6 e8 6e ff ff ff 48 89 df e8 06 bd fd ff 5b 5d c3 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 49 89 fc 53 0f 1f 44 00 00 <f0> 41 ff 44 24 18 4c 89 e7 e8 bc f1 ff ff 48 85 c0 48 89 c3 74
    RIP  [<ffffffffb3ca1166>] kthread_stop+0x16/0x110
     RSP <ffffc90002e8fdb0>
    CR2: 0000000000000018
    ---[ end trace 5b3336a407e1698c ]---

Signed-off-by: Felix Hädicke <felixhaedicke@web.de>
Tested-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2016-11-18 13:55:19 +02:00
..
f_acm.c usb: gadget: f_acm: Fix configfs attr name 2016-03-04 15:14:50 +02:00
f_ecm.c usb: gadget: Update usb_assign_descriptors for SuperSpeedPlus 2016-03-04 15:14:23 +02:00
f_eem.c usb: gadget: prevent potenial null pointer dereference on skb->len 2016-09-06 10:44:03 +03:00
f_fs.c usb: gadget: f_fs: use complete() instead complete_all() 2016-11-03 10:38:38 +02:00
f_hid.c usb: gadget: f_hid add super speed support 2016-11-08 13:27:32 +02:00
f_loopback.c usb: gadget: remove variable ret and remove unnecessary if statement 2016-09-09 13:38:37 +03:00
f_mass_storage.c usb: gadget: Add per-lun inquiry string 2016-08-25 12:13:13 +03:00
f_mass_storage.h usb: gadget: Add per-lun inquiry string 2016-08-25 12:13:13 +03:00
f_midi.c usb: gadget: remove useless parameter in alloc_ep_req() 2016-08-25 12:13:19 +03:00
f_ncm.c usb: gadget: NCM: differentiate consumed packets from dropped packets 2016-11-03 10:38:39 +02:00
f_obex.c usb: gadget: Update usb_assign_descriptors for SuperSpeedPlus 2016-03-04 15:14:23 +02:00
f_phonet.c usb: gadget: Update usb_assign_descriptors for SuperSpeedPlus 2016-03-04 15:14:23 +02:00
f_printer.c usb: gadget: composite: let USB functions process ctrl reqs in cfg0 2016-08-25 12:13:17 +03:00
f_rndis.c usb: gadget: function: f_rndis: socket buffer may be NULL 2016-08-22 10:45:12 +03:00
f_serial.c usb: gadget: Update usb_assign_descriptors for SuperSpeedPlus 2016-03-04 15:14:23 +02:00
f_sourcesink.c usb: gadget: remove useless parameter in alloc_ep_req() 2016-08-25 12:13:19 +03:00
f_subset.c usb: gadget: Update usb_assign_descriptors for SuperSpeedPlus 2016-03-04 15:14:23 +02:00
f_tcm.c usb: gadget: f_tcm: out of bound access in usbg_drop_tpg 2016-05-31 11:24:30 +03:00
f_uac1.c usb: gadget: Update usb_assign_descriptors for SuperSpeedPlus 2016-03-04 15:14:23 +02:00
f_uac2.c usb: gadget: f_uac2: fix error handling at afunc_bind 2016-11-18 13:54:09 +02:00
f_uvc.c usb: gadget: uvc: Add missing call for additional setup data 2016-08-31 10:06:04 +03:00
f_uvc.h usb: gadget: f_uvc: remove compatibility layer 2014-09-09 09:49:41 -05:00
g_zero.h usb: gadget: define free_ep_req as universal function 2015-12-15 09:12:41 -06:00
Makefile usb: gadget: f_tcm: convert to new function interface with backward compatibility 2015-12-20 19:40:34 -08:00
ndis.h
rndis.c usb: gadget: Fix checkpatch error for braces 2016-11-18 13:54:41 +02:00
rndis.h usb: gadget: Fix checkpatch error for braces 2016-11-18 13:54:41 +02:00
storage_common.c usb: gadget: Add per-lun inquiry string 2016-08-25 12:13:13 +03:00
storage_common.h usb: gadget: Add per-lun inquiry string 2016-08-25 12:13:13 +03:00
tcm.h usb-gadget/tcm: Conversion to percpu_ida tag pre-allocation 2016-03-10 21:48:14 -08:00
u_ecm.h
u_eem.h
u_ether.c usb: gadget: NCM: differentiate consumed packets from dropped packets 2016-11-03 10:38:39 +02:00
u_ether.h usb: gadget: u_ether: add a flag to avoid skb_reserve() calling 2016-08-31 10:06:03 +03:00
u_ether_configfs.h usb-gadget/ether: use per-attribute show and store methods 2015-10-13 22:14:18 -07:00
u_fs.h usb: gadget: ffs: add eventfd notification about ffs events 2015-01-27 09:34:59 -06:00
u_gether.h
u_hid.h usb: gadget: hid: add configfs support 2014-11-06 16:18:19 -06:00
u_midi.h usb: gadget: f_midi: add configfs support 2014-11-05 13:37:17 -06:00
u_ncm.h
u_phonet.h
u_printer.h usb: gadget: printer: add configfs support 2015-03-10 15:33:41 -05:00
u_rndis.h usb: gadget: rndis: remove the limit of available rndis connections 2015-05-07 13:47:17 -05:00
u_serial.c usb: gadget: serial: fix possible Oops caused by calling kthread_stop(NULL) 2016-11-18 13:55:19 +02:00
u_serial.h
u_tcm.h usb: gadget: f_tcm: convert to new function interface with backward compatibility 2015-12-20 19:40:34 -08:00
u_uac1.c usb: gadget: u_uac1: fix one code style problem 2015-01-15 09:41:48 -06:00
u_uac1.h usb: gadget: remove gadget_chips.h 2015-08-06 09:35:20 -05:00
u_uac2.h usb: gadget: f_uac2: add configfs support 2014-08-20 14:04:42 -05:00
u_uvc.h usb: gadget: uvc: configfs support in uvc function 2015-01-12 12:13:26 -06:00
uvc.h usb: gadget: Fix checkpatch error for braces 2016-11-18 13:54:41 +02:00
uvc_configfs.c usb: gadget: uvc: Fix return value in case of error 2016-08-11 15:09:46 +03:00
uvc_configfs.h usb: gadget: uvc: configfs support in uvc function 2015-01-12 12:13:26 -06:00
uvc_queue.c [media] vb2: replace void *alloc_ctxs by struct device *alloc_devs 2016-07-08 14:45:07 -03:00
uvc_queue.h [media] media: videobuf2: Restructure vb2_buffer 2015-10-01 09:04:43 -03:00
uvc_v4l2.c usb: gadget: Fix checkpatch error for braces 2016-11-18 13:54:41 +02:00
uvc_v4l2.h usb: gadget: uvc: separately compile some components of f_uvc 2014-09-09 09:49:12 -05:00
uvc_video.c usb: gadget: composite: always set ep->mult to a sensible value 2016-10-31 11:15:33 +02:00
uvc_video.h usb: gadget: uvc: separately compile some components of f_uvc 2014-09-09 09:49:12 -05:00