From: Suzuki K Poulose <suzuki.poulose@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, mathieu.poirier@linaro.org,
Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [PATCH v2 1/9] coresight: Fix NULL pointer dereference in _coresight_build_path
Date: Mon, 6 Jun 2016 10:11:33 +0100 [thread overview]
Message-ID: <1465204301-24184-2-git-send-email-suzuki.poulose@arm.com> (raw)
In-Reply-To: <1465204301-24184-1-git-send-email-suzuki.poulose@arm.com>
_coresight_build_path assumes that all the connections of a csdev
has the child_dev initialised. This may not be true if the particular
component is not supported by the kernel config(e.g TPIU) but is
present in the DT. In which case, building a path can cause a crash like
this :
Unable to handle kernel NULL pointer dereference at virtual
address 00000010
pgd = ffffffc9750dd000
[00000010] *pgd=00000009f5e90003, *pud=00000009f5e90003,
*pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 4 PID: 1348 Comm: bash Not tainted 4.6.0-next-20160517 #1646
Hardware name: ARM Juno development board (r0) (DT)
task: ffffffc97517a280 ti: ffffffc9762c4000 task.ti: ffffffc9762c4000
PC is at _coresight_build_path+0x18/0xe4
LR is at _coresight_build_path+0xc0/0xe4
pc : [<ffffff80083d5130>] lr : [<ffffff80083d51d8>] pstate: 20000145
sp : ffffffc9762c7ba0
[<ffffff80083d5130>] _coresight_build_path+0x18/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d5cdc>] coresight_build_path+0x40/0x68
[<ffffff80083d5e14>] coresight_enable+0x74/0x1bc
[<ffffff80083d60a0>] enable_source_store+0x3c/0x6c
[<ffffff800830b17c>] dev_attr_store+0x18/0x28
[<ffffff80081ca9c4>] sysfs_kf_write+0x40/0x50
[<ffffff80081c9e38>] kernfs_fop_write+0x140/0x1cc
[<ffffff8008163ec8>] __vfs_write+0x28/0x110
[<ffffff8008164bf0>] vfs_write+0xa0/0x174
[<ffffff8008165d18>] SyS_write+0x44/0xa0
[<ffffff8008084e70>] el0_svc_naked+0x24/0x28
Acked-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
drivers/hwtracing/coresight/coresight.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index 5443d03..0fdaaf4 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -385,7 +385,6 @@ static int _coresight_build_path(struct coresight_device *csdev,
int i;
bool found = false;
struct coresight_node *node;
- struct coresight_connection *conn;
/* An activated sink has been found. Enqueue the element */
if ((csdev->type == CORESIGHT_DEV_TYPE_SINK ||
@@ -394,8 +393,9 @@ static int _coresight_build_path(struct coresight_device *csdev,
/* Not a sink - recursively explore each port found on this element */
for (i = 0; i < csdev->nr_outport; i++) {
- conn = &csdev->conns[i];
- if (_coresight_build_path(conn->child_dev, path) == 0) {
+ struct coresight_device *child_dev = csdev->conns[i].child_dev;
+
+ if (child_dev && _coresight_build_path(child_dev, path) == 0) {
found = true;
break;
}
--
1.9.1
WARNING: multiple messages have this Message-ID (diff)
From: suzuki.poulose@arm.com (Suzuki K Poulose)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 1/9] coresight: Fix NULL pointer dereference in _coresight_build_path
Date: Mon, 6 Jun 2016 10:11:33 +0100 [thread overview]
Message-ID: <1465204301-24184-2-git-send-email-suzuki.poulose@arm.com> (raw)
In-Reply-To: <1465204301-24184-1-git-send-email-suzuki.poulose@arm.com>
_coresight_build_path assumes that all the connections of a csdev
has the child_dev initialised. This may not be true if the particular
component is not supported by the kernel config(e.g TPIU) but is
present in the DT. In which case, building a path can cause a crash like
this :
Unable to handle kernel NULL pointer dereference at virtual
address 00000010
pgd = ffffffc9750dd000
[00000010] *pgd=00000009f5e90003, *pud=00000009f5e90003,
*pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 4 PID: 1348 Comm: bash Not tainted 4.6.0-next-20160517 #1646
Hardware name: ARM Juno development board (r0) (DT)
task: ffffffc97517a280 ti: ffffffc9762c4000 task.ti: ffffffc9762c4000
PC is at _coresight_build_path+0x18/0xe4
LR is at _coresight_build_path+0xc0/0xe4
pc : [<ffffff80083d5130>] lr : [<ffffff80083d51d8>] pstate: 20000145
sp : ffffffc9762c7ba0
[<ffffff80083d5130>] _coresight_build_path+0x18/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d5cdc>] coresight_build_path+0x40/0x68
[<ffffff80083d5e14>] coresight_enable+0x74/0x1bc
[<ffffff80083d60a0>] enable_source_store+0x3c/0x6c
[<ffffff800830b17c>] dev_attr_store+0x18/0x28
[<ffffff80081ca9c4>] sysfs_kf_write+0x40/0x50
[<ffffff80081c9e38>] kernfs_fop_write+0x140/0x1cc
[<ffffff8008163ec8>] __vfs_write+0x28/0x110
[<ffffff8008164bf0>] vfs_write+0xa0/0x174
[<ffffff8008165d18>] SyS_write+0x44/0xa0
[<ffffff8008084e70>] el0_svc_naked+0x24/0x28
Acked-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
drivers/hwtracing/coresight/coresight.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index 5443d03..0fdaaf4 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -385,7 +385,6 @@ static int _coresight_build_path(struct coresight_device *csdev,
int i;
bool found = false;
struct coresight_node *node;
- struct coresight_connection *conn;
/* An activated sink has been found. Enqueue the element */
if ((csdev->type == CORESIGHT_DEV_TYPE_SINK ||
@@ -394,8 +393,9 @@ static int _coresight_build_path(struct coresight_device *csdev,
/* Not a sink - recursively explore each port found on this element */
for (i = 0; i < csdev->nr_outport; i++) {
- conn = &csdev->conns[i];
- if (_coresight_build_path(conn->child_dev, path) == 0) {
+ struct coresight_device *child_dev = csdev->conns[i].child_dev;
+
+ if (child_dev && _coresight_build_path(child_dev, path) == 0) {
found = true;
break;
}
--
1.9.1
next prev parent reply other threads:[~2016-06-06 9:11 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-06 9:11 [PATCH v2 0/9] coresight: Miscellaneous fixes Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose [this message]
2016-06-06 9:11 ` [PATCH v2 1/9] coresight: Fix NULL pointer dereference in _coresight_build_path Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 2/9] coresight: Fix tmc_read_unprepare_etr Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 3/9] coresight: Remove erroneous dma_free_coherent in tmc_probe Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-12 20:38 ` Mathieu Poirier
2016-06-12 20:38 ` Mathieu Poirier
2016-06-06 9:11 ` [PATCH v2 4/9] coresight: Fix csdev connections initialisation Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-12 20:39 ` Mathieu Poirier
2016-06-12 20:39 ` Mathieu Poirier
2016-06-13 8:54 ` Suzuki K Poulose
2016-06-13 8:54 ` Suzuki K Poulose
2016-06-13 14:37 ` Mathieu Poirier
2016-06-13 14:37 ` Mathieu Poirier
2016-06-06 9:11 ` [PATCH v2 5/9] coresight: tmc: Limit the trace to available data Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 6/9] coresight: etmv4: Fix ETMv4x peripheral ID table Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 7/9] coresight: Cleanup TMC status check Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 8/9] coresight: Consolidate error handling path for tmc_probe Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 9/9] coresight: Add better messages for coresight_timeout Suzuki K Poulose
2016-06-06 9:11 ` Suzuki K Poulose
2016-06-12 20:36 ` Mathieu Poirier
2016-06-12 20:36 ` Mathieu Poirier
2016-06-10 10:31 ` [PATCH] coresight: Fix erroneous memset in tmc_read_unprepare_etr Suzuki K Poulose
2016-06-10 10:31 ` Suzuki K Poulose
2016-06-12 21:06 ` Mathieu Poirier
2016-06-12 21:06 ` Mathieu Poirier
2016-06-13 8:59 ` Suzuki K Poulose
2016-06-13 8:59 ` Suzuki K Poulose
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1465204301-24184-2-git-send-email-suzuki.poulose@arm.com \
--to=suzuki.poulose@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.poirier@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.