diff options
author | Geert Uytterhoeven <geert+renesas@glider.be> | 2015-10-25 11:09:33 +0100 |
---|---|---|
committer | Vinod Koul <vinod.koul@intel.com> | 2015-11-16 08:39:42 +0530 |
commit | 36fa4a530b7798aa85789953b08d94c03fb09fa5 (patch) | |
tree | fbe8111cbb5858b6290352727809e7067401600f /lib/crc8.c | |
parent | 8005c49d9aea74d382f474ce11afbbc7d7130bec (diff) | |
download | op-kernel-dev-36fa4a530b7798aa85789953b08d94c03fb09fa5.zip op-kernel-dev-36fa4a530b7798aa85789953b08d94c03fb09fa5.tar.gz |
dmaengine: sh: usb-dmac: Fix crash on runtime suspend
If CONFIG_PREEMPT=y:
Unable to handle kernel NULL pointer dereference at virtual address 00000014
pgd = c0003000
[00000014] *pgd=80000040004003, *pmd=00000000
Internal error: Oops: 206 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 17 Comm: kworker/0:1 Tainted: G W 4.3.0-rc3-koelsch-022
71-g705498fc5e6a5da8-dirty #1789
Hardware name: Generic R8A7791 (Flattened Device Tree)
Workqueue: pm pm_runtime_work
task: ef578e40 ti: ef57a000 task.ti: ef57a000
PC is at usb_dmac_chan_halt+0xc/0xc0
LR is at usb_dmac_runtime_suspend+0x28/0x38
pc : [<c023c880>] lr : [<c023c95c>] psr: 80000113
sp : ef57bdf8 ip : 00000008 fp : 00000003
r10: 00000008 r9 : c06ab928 r8 : ef49e810
r7 : 00000000 r6 : 000000ac r5 : ef770010 r4 : 00000000
r3 : 00000000 r2 : 8ffc2b84 r1 : 00000000 r0 : ef770010
Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
Control: 30c5307d Table: 40003000 DAC: fffffffd
Process kworker/0:1 (pid: 17, stack limit = 0xef57a210)
Stack: (0xef57bdf8 to 0xef57c000)
[...
[<c023c880>] (usb_dmac_chan_halt) from [<c023c95c>] (usb_dmac_runtime_suspend+0x28/0x38)
[<c023c95c>] (usb_dmac_runtime_suspend) from [<c027b25c>] (pm_genpd_runtime_suspend+0x74/0x23c)
This happens because usb_dmac_probe() calls pm_runtime_put() before
usb_dmac_chan_probe(), leading to the device being suspended before the
DMA channels are initialized, causing a NULL pointer dereference.
Move the call to pm_runtime_put() to the end of usb_dmac_probe() to fix
this.
Add a check to usb_dmac_runtime_suspend() to prevent the crash from
happening in the error path.
Reported-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Diffstat (limited to 'lib/crc8.c')
0 files changed, 0 insertions, 0 deletions