From patchwork Wed Jun 9 14:22:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: jiantao zhang X-Patchwork-Id: 457303 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 860E6C48BCD for ; Wed, 9 Jun 2021 14:23:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6A24A61249 for ; Wed, 9 Jun 2021 14:23:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238005AbhFIOZM (ORCPT ); Wed, 9 Jun 2021 10:25:12 -0400 Received: from szxga01-in.huawei.com ([45.249.212.187]:3815 "EHLO szxga01-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237850AbhFIOYy (ORCPT ); Wed, 9 Jun 2021 10:24:54 -0400 Received: from nkgeml705-chm.china.huawei.com (unknown [172.30.72.53]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4G0Tj80MPxzWsTw; Wed, 9 Jun 2021 22:18:04 +0800 (CST) Received: from nkgeml706-chm.china.huawei.com (10.98.57.153) by nkgeml705-chm.china.huawei.com (10.98.57.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Wed, 9 Jun 2021 22:22:56 +0800 Received: from nkgeml706-chm.china.huawei.com ([10.98.57.153]) by nkgeml706-chm.china.huawei.com ([10.98.57.153]) with mapi id 15.01.2176.012; Wed, 9 Jun 2021 22:22:56 +0800 From: "Zhangjiantao (Kirin, nanjing)" To: "Xuetao (kirin)" , "mathias.nyman@intel.com" , "gregkh@linuxfoundation.org" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: "chenyu (U)" , Caiyadong , xuhaiyang Subject: [PATCH] xhci: solve a double free problem while doing s4 Thread-Topic: [PATCH] xhci: solve a double free problem while doing s4 Thread-Index: AQHXXTD5CgkqbtPEIEyqX6Nz35qOtasLuySA Date: Wed, 9 Jun 2021 14:22:55 +0000 Message-ID: <1428e2d7b7b74fccb3493384f96c521a@huawei.com> References: <1623244292-108534-1-git-send-email-xuetao09@huawei.com> In-Reply-To: <1623244292-108534-1-git-send-email-xuetao09@huawei.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.136.108.160] MIME-Version: 1.0 X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-usb@vger.kernel.org when system is doing s4, the process of xhci_resume may be as below: 1、xhci_mem_cleanup 2、xhci_init->xhci_mem_init->xhci_mem_cleanup(when memory is not enough). xhci_mem_cleanup will be executed twice when system is out of memory. xhci->port_caps is freed in xhci_mem_cleanup,but it isn't set to NULL. It will be freed twice when xhci_mem_cleanup is called the second time. We got following bug when system resumes from s4: kernel BUG at mm/slub.c:309! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP CPU: 0 PID: 5929 Tainted: G S W 5.4.96-arm64-desktop #1 pc : __slab_free+0x5c/0x424 lr : kfree+0x30c/0x32c Call trace: __slab_free+0x5c/0x424 kfree+0x30c/0x32c xhci_mem_cleanup+0x394/0x3cc xhci_mem_init+0x9ac/0x1070 xhci_init+0x8c/0x1d0 xhci_resume+0x1cc/0x5fc xhci_plat_resume+0x64/0x70 platform_pm_thaw+0x28/0x60 dpm_run_callback+0x54/0x24c device_resume+0xd0/0x200 async_resume+0x24/0x60 async_run_entry_fn+0x44/0x110 process_one_work+0x1f0/0x490 worker_thread+0x5c/0x450 kthread+0x158/0x160 ret_from_fork+0x10/0x24 Signed-off-by: Tao Xue --- drivers/usb/host/xhci-mem.c | 1 + 1 file changed, 1 insertion(+) -- 2.7.4 diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index f66815f..e4b0c04 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -1924,6 +1924,7 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci) xhci->hw_ports = NULL; xhci->rh_bw = NULL; xhci->ext_caps = NULL; + xhci->port_caps = NULL; xhci->page_size = 0; xhci->page_shift = 0;