From: Mathieu Poirier <mathieu.poirier@linaro.org>
To: gregkh@linuxfoundation.org
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH 01/28] coresight: access conn->child_name only if it's initialised
Date: Thu, 25 Aug 2016 15:18:51 -0600 [thread overview]
Message-ID: <1472159958-5981-2-git-send-email-mathieu.poirier@linaro.org> (raw)
In-Reply-To: <1472159958-5981-1-git-send-email-mathieu.poirier@linaro.org>
From: Sudeep Holla <sudeep.holla@arm.com>
If the addition of the coresight devices get deferred, then there's a
window before child_name is populated by of_get_coresight_platform_data
from the respective component driver's probe and the attempted to access
the same from coresight_orphan_match resulting in kernel NULL pointer
dereference as below:
Unable to handle kernel NULL pointer dereference at virtual address 0x0
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 1038 Comm: kworker/0:1 Not tainted 4.7.0-rc3 #124
Hardware name: ARM Juno development board (r2) (DT)
Workqueue: events amba_deferred_retry_func
PC is at strcmp+0x1c/0x160
LR is at coresight_orphan_match+0x7c/0xd0
Call trace:
strcmp+0x1c/0x160
bus_for_each_dev+0x60/0xa0
coresight_register+0x264/0x2e0
tmc_probe+0x130/0x310
amba_probe+0xd4/0x1c8
driver_probe_device+0x22c/0x418
__device_attach_driver+0xbc/0x158
bus_for_each_drv+0x58/0x98
__device_attach+0xc4/0x160
device_initial_probe+0x10/0x18
bus_probe_device+0x94/0xa0
device_add+0x344/0x580
amba_device_try_add+0x194/0x238
amba_deferred_retry_func+0x48/0xd0
process_one_work+0x118/0x378
worker_thread+0x48/0x498
kthread+0xd0/0xe8
ret_from_fork+0x10/0x40
This patch adds a check for non-NULL conn->child_name before accessing
the same.
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
---
drivers/hwtracing/coresight/coresight.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index d08d1ab9bba5..ceeaaea41ed6 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -725,7 +725,8 @@ static int coresight_orphan_match(struct device *dev, void *data)
/* We have found at least one orphan connection */
if (conn->child_dev == NULL) {
/* Does it match this newly added device? */
- if (!strcmp(dev_name(&csdev->dev), conn->child_name)) {
+ if (conn->child_name &&
+ !strcmp(dev_name(&csdev->dev), conn->child_name)) {
conn->child_dev = csdev;
} else {
/* This component still has an orphan */
--
2.7.4
next prev parent reply other threads:[~2016-08-25 22:21 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-25 21:18 [PATCH 00/28] coresight: next v4.8-rc3 Mathieu Poirier
2016-08-25 21:18 ` Mathieu Poirier [this message]
2016-08-25 21:18 ` [PATCH 02/28] coresight-stm: support mmapping channel regions with mmio_addr Mathieu Poirier
2016-08-25 21:18 ` [PATCH 03/28] coresight: always use stashed trace id value in etm4_trace_id Mathieu Poirier
2016-08-25 21:18 ` [PATCH 04/28] coresight: Remove erroneous dma_free_coherent in tmc_probe Mathieu Poirier
2016-08-25 21:18 ` [PATCH 05/28] coresight: Consolidate error handling path for tmc_probe Mathieu Poirier
2016-08-25 21:18 ` [PATCH 06/28] coresight: Fix csdev connections initialisation Mathieu Poirier
2016-08-25 21:18 ` [PATCH 07/28] coresight: tmc: Limit the trace to available data Mathieu Poirier
2016-08-25 21:18 ` [PATCH 08/28] coresight: etmv4: Fix ETMv4x peripheral ID table Mathieu Poirier
2016-08-25 21:18 ` [PATCH 09/28] coresight: Cleanup TMC status check Mathieu Poirier
2016-08-25 21:19 ` [PATCH 10/28] coresight: Add better messages for coresight_timeout Mathieu Poirier
2016-08-25 21:19 ` [PATCH 11/28] coresight: delay initialisation when children are missing Mathieu Poirier
2016-08-25 21:19 ` [PATCH 12/28] coresight: add PM runtime calls to coresight_simple_func() Mathieu Poirier
2016-08-25 21:19 ` [PATCH 13/28] coresight-etm3x: Add ARM ETM 3.5 Cortex-A5 peripheral ID Mathieu Poirier
2016-08-25 21:19 ` [PATCH 14/28] hwtracing: coresight: of_coresight: add missing of_node_put after calling of_parse_phandle Mathieu Poirier
2016-08-25 21:19 ` [PATCH 15/28] coresight: Use local coresight_desc instances Mathieu Poirier
2016-08-25 21:19 ` [PATCH 16/28] coresight: etm4x: remove duplicated include from coresight-etm4x.c Mathieu Poirier
2016-08-25 21:19 ` [PATCH 17/28] coresight: tmc: Delete an unnecessary check before the function call "kfree" Mathieu Poirier
2016-08-25 21:19 ` [PATCH 18/28] coresight: etm4x: request to retain power to the trace unit when active Mathieu Poirier
2016-08-25 21:19 ` [PATCH 19/28] coresight: fix handling of ETM trace register access via sysfs Mathieu Poirier
2016-08-25 21:19 ` [PATCH 20/28] coresight: etm-perf: pass struct perf_event to source::enable/disable() Mathieu Poirier
2016-08-25 21:19 ` [PATCH 21/28] coresight: remove duplicated enumeration Mathieu Poirier
2016-08-25 21:19 ` [PATCH 22/28] coresight: etm-perf: configuring filters from perf core Mathieu Poirier
2016-08-25 21:19 ` [PATCH 23/28] coresight: etm4x: split default and filter configuration Mathieu Poirier
2016-08-25 21:19 ` [PATCH 24/28] coresight: etm4x: cleaning up default " Mathieu Poirier
2016-08-25 21:19 ` [PATCH 25/28] coresight: etm4x: adding range filter configuration function Mathieu Poirier
2016-08-25 21:19 ` [PATCH 26/28] coresight: etm4x: configuring include/exclude function Mathieu Poirier
2016-08-25 21:19 ` [PATCH 27/28] coresight: etm4x: adding configurable address range filtering Mathieu Poirier
2016-08-25 21:19 ` [PATCH 28/28] coresight: etm4x: adding configurable start/stop filtering Mathieu Poirier
2016-08-31 11:08 ` [PATCH 00/28] coresight: next v4.8-rc3 Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1472159958-5981-2-git-send-email-mathieu.poirier@linaro.org \
--to=mathieu.poirier@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).