From: Mathieu Poirier <mathieu.poirier@linaro.org>
To: gregkh@linuxfoundation.org
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH 01/28] coresight: access conn->child_name only if it's initialised
Date: Thu, 25 Aug 2016 15:18:51 -0600 [thread overview]
Message-ID: <1472159958-5981-2-git-send-email-mathieu.poirier@linaro.org> (raw)
In-Reply-To: <1472159958-5981-1-git-send-email-mathieu.poirier@linaro.org>
From: Sudeep Holla <sudeep.holla@arm.com>
If the addition of the coresight devices get deferred, then there's a
window before child_name is populated by of_get_coresight_platform_data
from the respective component driver's probe and the attempted to access
the same from coresight_orphan_match resulting in kernel NULL pointer
dereference as below:
Unable to handle kernel NULL pointer dereference at virtual address 0x0
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 1038 Comm: kworker/0:1 Not tainted 4.7.0-rc3 #124
Hardware name: ARM Juno development board (r2) (DT)
Workqueue: events amba_deferred_retry_func
PC is at strcmp+0x1c/0x160
LR is at coresight_orphan_match+0x7c/0xd0
Call trace:
strcmp+0x1c/0x160
bus_for_each_dev+0x60/0xa0
coresight_register+0x264/0x2e0
tmc_probe+0x130/0x310
amba_probe+0xd4/0x1c8
driver_probe_device+0x22c/0x418
__device_attach_driver+0xbc/0x158
bus_for_each_drv+0x58/0x98
__device_attach+0xc4/0x160
device_initial_probe+0x10/0x18
bus_probe_device+0x94/0xa0
device_add+0x344/0x580
amba_device_try_add+0x194/0x238
amba_deferred_retry_func+0x48/0xd0
process_one_work+0x118/0x378
worker_thread+0x48/0x498
kthread+0xd0/0xe8
ret_from_fork+0x10/0x40
This patch adds a check for non-NULL conn->child_name before accessing
the same.
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
---
drivers/hwtracing/coresight/coresight.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index d08d1ab9bba5..ceeaaea41ed6 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -725,7 +725,8 @@ static int coresight_orphan_match(struct device *dev, void *data)
/* We have found at least one orphan connection */
if (conn->child_dev == NULL) {
/* Does it match this newly added device? */
- if (!strcmp(dev_name(&csdev->dev), conn->child_name)) {
+ if (conn->child_name &&
+ !strcmp(dev_name(&csdev->dev), conn->child_name)) {
conn->child_dev = csdev;
} else {
/* This component still has an orphan */
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: mathieu.poirier@linaro.org (Mathieu Poirier)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 01/28] coresight: access conn->child_name only if it's initialised
Date: Thu, 25 Aug 2016 15:18:51 -0600 [thread overview]
Message-ID: <1472159958-5981-2-git-send-email-mathieu.poirier@linaro.org> (raw)
In-Reply-To: <1472159958-5981-1-git-send-email-mathieu.poirier@linaro.org>
From: Sudeep Holla <sudeep.holla@arm.com>
If the addition of the coresight devices get deferred, then there's a
window before child_name is populated by of_get_coresight_platform_data
from the respective component driver's probe and the attempted to access
the same from coresight_orphan_match resulting in kernel NULL pointer
dereference as below:
Unable to handle kernel NULL pointer dereference at virtual address 0x0
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 1038 Comm: kworker/0:1 Not tainted 4.7.0-rc3 #124
Hardware name: ARM Juno development board (r2) (DT)
Workqueue: events amba_deferred_retry_func
PC is at strcmp+0x1c/0x160
LR is at coresight_orphan_match+0x7c/0xd0
Call trace:
strcmp+0x1c/0x160
bus_for_each_dev+0x60/0xa0
coresight_register+0x264/0x2e0
tmc_probe+0x130/0x310
amba_probe+0xd4/0x1c8
driver_probe_device+0x22c/0x418
__device_attach_driver+0xbc/0x158
bus_for_each_drv+0x58/0x98
__device_attach+0xc4/0x160
device_initial_probe+0x10/0x18
bus_probe_device+0x94/0xa0
device_add+0x344/0x580
amba_device_try_add+0x194/0x238
amba_deferred_retry_func+0x48/0xd0
process_one_work+0x118/0x378
worker_thread+0x48/0x498
kthread+0xd0/0xe8
ret_from_fork+0x10/0x40
This patch adds a check for non-NULL conn->child_name before accessing
the same.
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
---
drivers/hwtracing/coresight/coresight.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index d08d1ab9bba5..ceeaaea41ed6 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -725,7 +725,8 @@ static int coresight_orphan_match(struct device *dev, void *data)
/* We have found at least one orphan connection */
if (conn->child_dev == NULL) {
/* Does it match this newly added device? */
- if (!strcmp(dev_name(&csdev->dev), conn->child_name)) {
+ if (conn->child_name &&
+ !strcmp(dev_name(&csdev->dev), conn->child_name)) {
conn->child_dev = csdev;
} else {
/* This component still has an orphan */
--
2.7.4
next prev parent reply other threads:[~2016-08-25 22:21 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-25 21:18 [PATCH 00/28] coresight: next v4.8-rc3 Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier [this message]
2016-08-25 21:18 ` [PATCH 01/28] coresight: access conn->child_name only if it's initialised Mathieu Poirier
2016-08-25 21:18 ` [PATCH 02/28] coresight-stm: support mmapping channel regions with mmio_addr Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:18 ` [PATCH 03/28] coresight: always use stashed trace id value in etm4_trace_id Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:18 ` [PATCH 04/28] coresight: Remove erroneous dma_free_coherent in tmc_probe Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:18 ` [PATCH 05/28] coresight: Consolidate error handling path for tmc_probe Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:18 ` [PATCH 06/28] coresight: Fix csdev connections initialisation Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:18 ` [PATCH 07/28] coresight: tmc: Limit the trace to available data Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:18 ` [PATCH 08/28] coresight: etmv4: Fix ETMv4x peripheral ID table Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:18 ` [PATCH 09/28] coresight: Cleanup TMC status check Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 10/28] coresight: Add better messages for coresight_timeout Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 11/28] coresight: delay initialisation when children are missing Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 12/28] coresight: add PM runtime calls to coresight_simple_func() Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 13/28] coresight-etm3x: Add ARM ETM 3.5 Cortex-A5 peripheral ID Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 14/28] hwtracing: coresight: of_coresight: add missing of_node_put after calling of_parse_phandle Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 15/28] coresight: Use local coresight_desc instances Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 16/28] coresight: etm4x: remove duplicated include from coresight-etm4x.c Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 17/28] coresight: tmc: Delete an unnecessary check before the function call "kfree" Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 18/28] coresight: etm4x: request to retain power to the trace unit when active Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 19/28] coresight: fix handling of ETM trace register access via sysfs Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 20/28] coresight: etm-perf: pass struct perf_event to source::enable/disable() Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 21/28] coresight: remove duplicated enumeration Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 22/28] coresight: etm-perf: configuring filters from perf core Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 23/28] coresight: etm4x: split default and filter configuration Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 24/28] coresight: etm4x: cleaning up default " Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 25/28] coresight: etm4x: adding range filter configuration function Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 26/28] coresight: etm4x: configuring include/exclude function Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 27/28] coresight: etm4x: adding configurable address range filtering Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-25 21:19 ` [PATCH 28/28] coresight: etm4x: adding configurable start/stop filtering Mathieu Poirier
2016-08-25 21:19 ` Mathieu Poirier
2016-08-31 11:08 ` [PATCH 00/28] coresight: next v4.8-rc3 Greg KH
2016-08-31 11:08 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1472159958-5981-2-git-send-email-mathieu.poirier@linaro.org \
--to=mathieu.poirier@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.