From 4e0c1b69384581ee8315fe91bec2d795a1daf795 Mon Sep 17 00:00:00 2001
From: Wenping Zhang <wenping.zhang@rock-chips.com>
Date: Fri, 17 Jul 2020 17:29:32 +0800
Subject: [PATCH] net/rfkill: bt: fix crash issue if probe failed after
 wake_lock_init.

rfkill_rk_probe will fail in some situation after calling wake_lock_init,
but in failed situation, wake_lock_destroy is not called, it will cause
system crash if userspace program read /sys/kernel/debug/wakeup_sources.

Unable to handle kernel NULL pointer dereference at virtual address 00000010
[   36.171834] pgd = ffffffc0dd710000
[   36.175230] [00000010] *pgd=00000000dd480003, *pud=00000000dd480003, *pmd=0000000000000000
[   36.183554] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[   36.189129] Modules linked in:
[   36.192203] CPU: 4 PID: 738 Comm: Binder:605_4 Not tainted 4.4.126 #1
[   36.198633] Hardware name: Rockchip RK3399 Excavator Board dp(Android) (DT)
[   36.205583] task: ffffffc0cb43de80 task.stack: ffffffc0cac4c000
[   36.211502] PC is at _raw_spin_lock_irqsave+0x1c/0x50
[   36.216553] LR is at print_wakeup_source_stats+0x30/0xf0
[   36.221862] pc : [<ffffff8008b65890>] lr : [<ffffff800853e074>] pstate: a04001c5
[   36.229242] sp : ffffffc0cac4fc50
[   36.232554] x29: ffffffc0cac4fc70 x28: ffffffc0cac6ee80
[   36.237901] x27: ffffffc0ed446f00 x26: ffffffc0cac4fd78
[   36.243283] x25: ffffffc0cac4feb0 x24: ffffffc0cac6ee40
[   36.248634] x23: 0000000000000000 x22: 0000000000000010
[   36.253978] x21: ffffffc0cb43de80 x20: ffffff8009236db8
[   36.259323] x19: fffffffffffffff8 x18: ffffffc0caf18000
[   36.264675] x17: 00000070b84c8674 x16: ffffff80081c0e50
[   36.270020] x15: 0000000000000000 x14: 0000000000000000
[   36.275358] x13: 000000000000000a x12: 0000000000000020
[   36.280705] x11: 00000000fffffffb x10: ffffffc0caf17673
[   36.286051] x9 : 0000000005f5e0ff x8 : 0000000005f5e100
[   36.291378] x7 : 0000000000012054 x6 : ffffffc0caf17675
[   36.296711] x5 : 00000000ffffffff x4 : ffffff8008f98e4f
[   36.302054] x3 : 0000000000000140 x2 : ffffffc0cb43de80
[   36.307398] x1 : 0000000000000001 x0 : 0000000000000010
Call trace:
[   37.884693] [<ffffff8008b65890>] _raw_spin_lock_irqsave+0x1c/0x50
[   37.890778] [<ffffff800853e1ec>] wakeup_sources_stats_show+0xb8/0xc4
[   37.897125] [<ffffff80081e2118>] seq_read+0x120/0x404
[   37.902171] [<ffffff80081bfbc8>] __vfs_read+0x38/0xf4
[   37.907215] [<ffffff80081c03d4>] vfs_read+0x78/0x12c
[   37.912175] [<ffffff80081c0eac>] SyS_read+0x5c/0xbc
[   37.917055] [<ffffff80080832f0>] el0_svc_naked+0x24/0x28

Signed-off-by: Wenping Zhang <wenping.zhang@rock-chips.com>
Change-Id: I57216b16ffdd35bbcf0fda56924bf00a71d152ac
---
 net/rfkill/rfkill-bt.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/rfkill/rfkill-bt.c b/net/rfkill/rfkill-bt.c
index 58ad5b073809..85299bdf77eb 100644
--- a/net/rfkill/rfkill-bt.c
+++ b/net/rfkill/rfkill-bt.c
@@ -677,7 +677,7 @@ static int rfkill_rk_probe(struct platform_device *pdev)
 
 	ret = rfkill_rk_setup_wake_irq(rfkill, 0);
 	if (ret)
-		goto fail_gpio;
+		goto fail_setup_wake_irq;
 
 	DBG("setup rfkill\n");
 	rfkill->rfkill_dev = rfkill_alloc(pdata->name, &pdev->dev, pdata->type,
@@ -716,6 +716,8 @@ fail_alloc:
 
 	remove_proc_entry("btwrite", sleep_dir);
 	remove_proc_entry("lpm", sleep_dir);
+fail_setup_wake_irq:
+	wake_lock_destroy(&rfkill->bt_irq_wl);
 fail_gpio:
 
 	g_rfkill = NULL;
@@ -755,6 +757,7 @@ static int rfkill_rk_remove(struct platform_device *pdev)
 	if (gpio_is_valid(rfkill->pdata->poweron_gpio.io))
 		gpio_free(rfkill->pdata->poweron_gpio.io);
 	clk_disable_unprepare(rfkill->pdata->ext_clk);
+	wake_lock_destroy(&rfkill->bt_irq_wl);
 	g_rfkill = NULL;
 
 	return 0;