All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] iio: chemical: scd30: fix Oops due to missing parent device
@ 2021-02-08 22:39 Petr Štetiar
  2021-02-12 19:12 ` Jonathan Cameron
  0 siblings, 1 reply; 3+ messages in thread
From: Petr Štetiar @ 2021-02-08 22:39 UTC (permalink / raw)
  To: Tomasz Duszynski, Jonathan Cameron, Lars-Peter Clausen,
	Peter Meerwald-Stadler
  Cc: Petr Štetiar, stable, Jonathan Cameron, linux-iio, linux-kernel

My machine Oopsed while testing SCD30 sensor in interrupt driven mode:

 Unable to handle kernel NULL pointer dereference at virtual address 00000188
 pgd = (ptrval)
 [00000188] *pgd=00000000
 Internal error: Oops: 5 [#1] SMP ARM
 Modules linked in:
 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.4.96+ #473
 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
 PC is at _raw_spin_lock_irqsave+0x10/0x4c
 LR is at devres_add+0x18/0x38
 ...
 [<8070ecac>] (_raw_spin_lock_irqsave) from [<804916a8>] (devres_add+0x18/0x38)
 [<804916a8>] (devres_add) from [<805ef708>] (devm_iio_trigger_alloc+0x5c/0x7c)
 [<805ef708>] (devm_iio_trigger_alloc) from [<805f0a90>] (scd30_probe+0x1d4/0x3f0)
 [<805f0a90>] (scd30_probe) from [<805f10fc>] (scd30_i2c_probe+0x54/0x64)
 [<805f10fc>] (scd30_i2c_probe) from [<80583390>] (i2c_device_probe+0x150/0x278)
 [<80583390>] (i2c_device_probe) from [<8048e6c0>] (really_probe+0x1f8/0x360)

I've found out, that it's due to missing parent/owner device in iio_dev struct
which then leads to NULL pointer dereference during spinlock while registering
the device resource via devres_add().

Cc: <stable@vger.kernel.org> # v5.9+
Fixes: 64b3d8b1b0f5 ("iio: chemical: scd30: add core driver")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
---
 drivers/iio/chemical/scd30_core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/iio/chemical/scd30_core.c b/drivers/iio/chemical/scd30_core.c
index 4d0d798c7cd3..33aa6eb1963d 100644
--- a/drivers/iio/chemical/scd30_core.c
+++ b/drivers/iio/chemical/scd30_core.c
@@ -697,6 +697,7 @@ int scd30_probe(struct device *dev, int irq, const char *name, void *priv,
 
 	dev_set_drvdata(dev, indio_dev);
 
+	indio_dev->dev.parent = dev;
 	indio_dev->info = &scd30_info;
 	indio_dev->name = name;
 	indio_dev->channels = scd30_channels;

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] iio: chemical: scd30: fix Oops due to missing parent device
  2021-02-08 22:39 [PATCH] iio: chemical: scd30: fix Oops due to missing parent device Petr Štetiar
@ 2021-02-12 19:12 ` Jonathan Cameron
  2021-02-19 14:49   ` Petr Štetiar
  0 siblings, 1 reply; 3+ messages in thread
From: Jonathan Cameron @ 2021-02-12 19:12 UTC (permalink / raw)
  To: Petr Štetiar
  Cc: Tomasz Duszynski, Lars-Peter Clausen, Peter Meerwald-Stadler,
	stable, Jonathan Cameron, linux-iio, linux-kernel

On Mon,  8 Feb 2021 23:39:47 +0100
Petr Štetiar <ynezz@true.cz> wrote:

> My machine Oopsed while testing SCD30 sensor in interrupt driven mode:
> 
>  Unable to handle kernel NULL pointer dereference at virtual address 00000188
>  pgd = (ptrval)
>  [00000188] *pgd=00000000
>  Internal error: Oops: 5 [#1] SMP ARM
>  Modules linked in:
>  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.4.96+ #473
>  Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
>  PC is at _raw_spin_lock_irqsave+0x10/0x4c
>  LR is at devres_add+0x18/0x38
>  ...
>  [<8070ecac>] (_raw_spin_lock_irqsave) from [<804916a8>] (devres_add+0x18/0x38)
>  [<804916a8>] (devres_add) from [<805ef708>] (devm_iio_trigger_alloc+0x5c/0x7c)
>  [<805ef708>] (devm_iio_trigger_alloc) from [<805f0a90>] (scd30_probe+0x1d4/0x3f0)
>  [<805f0a90>] (scd30_probe) from [<805f10fc>] (scd30_i2c_probe+0x54/0x64)
>  [<805f10fc>] (scd30_i2c_probe) from [<80583390>] (i2c_device_probe+0x150/0x278)
>  [<80583390>] (i2c_device_probe) from [<8048e6c0>] (really_probe+0x1f8/0x360)
> 
> I've found out, that it's due to missing parent/owner device in iio_dev struct
> which then leads to NULL pointer dereference during spinlock while registering
> the device resource via devres_add().
> 
> Cc: <stable@vger.kernel.org> # v5.9+
> Fixes: 64b3d8b1b0f5 ("iio: chemical: scd30: add core driver")
> Signed-off-by: Petr Štetiar <ynezz@true.cz>

Hi Petr,

So, we moved this into the core a while back (to avoid exactly this sort of issue).
That change predates this introduction of this driver as it went in
in v5.8

So I think you've hit an issue with a backport here to an earlier kernel?

Jonathan


> ---
>  drivers/iio/chemical/scd30_core.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/iio/chemical/scd30_core.c b/drivers/iio/chemical/scd30_core.c
> index 4d0d798c7cd3..33aa6eb1963d 100644
> --- a/drivers/iio/chemical/scd30_core.c
> +++ b/drivers/iio/chemical/scd30_core.c
> @@ -697,6 +697,7 @@ int scd30_probe(struct device *dev, int irq, const char *name, void *priv,
>  
>  	dev_set_drvdata(dev, indio_dev);
>  
> +	indio_dev->dev.parent = dev;
>  	indio_dev->info = &scd30_info;
>  	indio_dev->name = name;
>  	indio_dev->channels = scd30_channels;


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] iio: chemical: scd30: fix Oops due to missing parent device
  2021-02-12 19:12 ` Jonathan Cameron
@ 2021-02-19 14:49   ` Petr Štetiar
  0 siblings, 0 replies; 3+ messages in thread
From: Petr Štetiar @ 2021-02-19 14:49 UTC (permalink / raw)
  To: Jonathan Cameron
  Cc: Tomasz Duszynski, Lars-Peter Clausen, Peter Meerwald-Stadler,
	stable, Jonathan Cameron, linux-iio, linux-kernel

Jonathan Cameron <jic23@kernel.org> [2021-02-12 19:12:19]:

Hi Jonathan,

> >  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.4.96+ #473
> 
> So, we moved this into the core a while back (to avoid exactly this sort of issue).
> That change predates this introduction of this driver as it went in
> in v5.8

sorry for the noise, I've missed that commit 8525df47b3d1 ("iio: core:
fix/re-introduce back parent assignment"), thank you for the hint.

> So I think you've hit an issue with a backport here to an earlier kernel?

Indeed, I've backported it to 5.4.96 as you can see in the dmesg output above.
I'll try to reproduce it again on 5.10 in the upcoming days.

Cheers,

Petr

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-02-19 14:50 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-08 22:39 [PATCH] iio: chemical: scd30: fix Oops due to missing parent device Petr Štetiar
2021-02-12 19:12 ` Jonathan Cameron
2021-02-19 14:49   ` Petr Štetiar

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.