Test environment: Linux kernel version: 5.10.y Architecture: ARM Cortex-A Processor: NXP Layerscape LS1028 Crash in reboot tests: Reproducibility: 1% If a job ring is still allocated, Once caam_jr_remove() returned, jrpriv will be freed and the registers will get unmapped.Then caam_jr_interrupt will get error irqstate value. So such a job ring will probably crash.Crash info is below: -------------------------------------- RBS Sys: Restart ordered by epghd(0x1) RBS Sys: RESTARTING caam_jr 8030000.jr: Device is busy caam_jr 8020000.jr: Device is busy caam_jr 8010000.jr: Device is busy arm-smmu 5000000.iommu: disabling translation caam_jr 8010000.jr: job ring error: irqstate: 00000103 ------------[ cut here ]------------ kernel BUG at drivers/crypto/caam/jr.c:288! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Hardware name: freescale ls1028a/ls1028a, BIOS 2019.10+fsl+g3d542a3d22 pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--) pc : caam_jr_interrupt+0x128/0x130 lr : caam_jr_interrupt+0x128/0x130 sp : ffff80001144be50 x29: ffff80001144be50 x28: ffff800010f61008 x27: ffff800011228000 x26: ffff800010f61008 x25: ffff000027904800 x24: 0000000000000072 x23: ffff8000113ba140 x22: 0000000000000001 x21: ffff800011433000 x20: ffff000027904e80 x19: 0000000000000103 x18: 0000000000000030 x17: 0000000000000000 x16: 0000000000000000 x15: ffffffffffffffff x14: ffff8000113ebcb8 x13: 0000000000000008 x12: fffffffffffcac8f x11: ffff00000038bb00 x10: ffff8000112a1e90 x9 : ffff8000100a99c0 x8 : ffff800011249e90 x7 : ffff8000112a1e90 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000279ac600 Call trace: caam_jr_interrupt+0x128/0x130 __handle_irq_event_percpu+0x84/0x2b0 handle_irq_event+0x6c/0xfc handle_fasteoi_irq+0xc8/0x230 __handle_domain_irq+0xb8/0x130 gic_handle_irq+0x90/0x158 el1_irq+0xcc/0x180 _raw_spin_lock_irq+0x0/0x90 caam_rng_read_one.constprop.0+0x248/0x370 caam_read+0x8c/0xb0 hwrng_fillfn+0xfc/0x1cc kthread+0x14c/0x160 ret_from_fork+0x10/0x30 Code: 2a1303e2 d00029a1 910ee021 940b2b1d (d4210000) ---[ end trace f04d90f3ad0da5f4 ]--- Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt Kernel Offset: disabled CPU features: 0x28040022,21002008 Memory Limit: none -------------------------------------- Disabling interrupts is to ensure that the device removal operation is not interrupted. Signed-off-by: Kun Song <Kun.Song@xxxxxxxxxxxxx> Reviewed-by: Hen Guo <Heng.Guo@xxxxxxxxxxxxx> --- drivers/crypto/caam/jr.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/crypto/caam/jr.c b/drivers/crypto/caam/jr.c index 6f669966ba2c..d191e8caa1ad 100644 --- a/drivers/crypto/caam/jr.c +++ b/drivers/crypto/caam/jr.c @@ -135,6 +135,10 @@ static int caam_jr_remove(struct platform_device *pdev) jrdev = &pdev->dev; jrpriv = dev_get_drvdata(jrdev); + /* Disabling interrupts is ensure that the device removal operation + * is not interrupted by interrupts. + */ + devm_free_irq(jrdev, jrpriv->irq, jrdev); if (jrpriv->hwrng) caam_rng_exit(jrdev->parent); -- 2.26.1
