[3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Peter Hurley]

Booting 3.15-rc3, I get this BUG when loading gpio_ich:

  BUG: unable to handle kernel NULL pointer dereference at           (null)
  IP: [<ffffffffa042339c>] ichx_gpio_probe+0x28c/0x3d0 [gpio_ich]
  usbcore: registered new interface driver btusb
  PGD 2b04aa067 PUD 2af912067 PMD 0
  Oops: 0000 [#1] PREEMPT SMP
  Modules linked in: gpio_ich(+) btusb bluetooth psmouse snd i5400_edac ....
  CPU: 3 PID: 1217 Comm: modprobe Not tainted 3.15.0-rc3+wip-xeon #rc3+wip
  Hardware name: Dell Inc. Precision WorkStation T5400  /0RW203, BIOS A11 04/30/2012
  task: ffff8802ae8448f0 ti: ffff8802b0d74000 task.ti: ffff8802b0d74000
  RIP: 0010:[<ffffffffa042339c>]  [<ffffffffa042339c>] ichx_gpio_probe+0x28c/0x3d0 [gpio_ich]
  RSP: 0018:ffff8802b0d75b78  EFLAGS: 00010246
  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
  RDX: 0000000000000000 RSI: 0000000000000100 RDI: ffffffff81c378a0
  RBP: ffff8802b0d75bb8 R08: 0000000000000000 R09: ffff880036a0e2c8
  R10: 0000000000005dc0 R11: 8000000000000000 R12: ffff880036a0e000
  R13: ffff8800bad62bc0 R14: 0000000000000003 R15: 0000000000000000
  FS:  00007fb9d38fa700(0000) GS:ffff8802bfcc0000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000000 CR3: 00000002af445000 CR4: 00000000000007e0
  Stack:
   ffff8802b0d75b98 ffff880036a0e010 ffff880036a0e020 ffff880036a0e010
   ffffffffa0425028 ffffffffa0425028 0000000000000000 0000000000000001
   ffff8802b0d75be8 ffffffff814793f2 ffff8802b0d75ca8 ffff880036a0e010
  Call Trace:
   [<ffffffff814793f2>] platform_drv_probe+0x32/0x80
   [<ffffffff8147784b>] driver_probe_device+0x8b/0x3a0
   [<ffffffff81477c0b>] __driver_attach+0xab/0xb0
   [<ffffffff81477b60>] ? driver_probe_device+0x3a0/0x3a0
   [<ffffffff8147586d>] bus_for_each_dev+0x5d/0xa0
   [<ffffffff8147727e>] driver_attach+0x1e/0x20
   [<ffffffff81476dd4>] bus_add_driver+0x124/0x250
   [<ffffffffa029a000>] ? 0xffffffffa0299fff
   [<ffffffff81478314>] driver_register+0x64/0xf0
   [<ffffffffa029a000>] ? 0xffffffffa0299fff
   [<ffffffff8147926a>] __platform_driver_register+0x4a/0x50
   [<ffffffffa029a017>] ichx_gpio_driver_init+0x17/0x1000 [gpio_ich]
   [<ffffffff8100032a>] do_one_initcall+0xda/0x180
   [<ffffffff8103e733>] ? set_memory_nx+0x43/0x50
   [<ffffffff816ffeec>] ? set_section_ro_nx+0x6d/0x75
   [<ffffffff810cc9f9>] load_module+0x1d79/0x2770
   [<ffffffff810c8690>] ? unset_module_init_ro_nx+0x80/0x80
   [<ffffffff81172f80>] ? __vmalloc_node_range+0x170/0x250
   [<ffffffff810cd479>] ? SyS_init_module+0x89/0x100
   [<ffffffff810cd4a2>] SyS_init_module+0xb2/0x100
   [<ffffffff81719ad2>] system_call_fastpath+0x16/0x1b
  Code: c7 05 fd 1f 00 00 40 51 42 a0 e9 00 fe ff ff 48 8b 05 f1 1f 00 00 45 31 c0 48 c7 c7 a0 78 c3 81 48 8b 48 08 48 8b 50 10 48 63 c3 <0f> b6 34 01 4c 89 c9 0f b6 14 1a 49 03 75 00 4c 89 4d c8 e8 ec
  RIP  [<ffffffffa042339c>] ichx_gpio_probe+0x28c/0x3d0 [gpio_ich]
   RSP <ffff8802b0d75b78>
  CR2: 0000000000000000


This is almost certainly caused by the uninitialized regs ptr
in the ich6_desc struct (i3100_desc struct has the same problem)
introduced in this commit:

commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
Author: Vincent Donnefort <vdonnefort@gmail.com>
Date:   Fri Feb 14 15:01:56 2014 +0100

     gpio: ich: Add support for multiple register addresses

     This patch introduces regs and reglen pointers which allow a chipset to have
     register addresses differing from ICH ones.

     Acked-by: Linus Walleij <linus.walleij@linaro.org>
     Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
     Signed-off-by: Lee Jones <lee.jones@linaro.org>


The relevant excerpts from the mixed listing are:

0000000000000110 <ichx_gpio_probe>:

<...snip...>

	for (i = 0; i < ARRAY_SIZE(ichx_priv.desc->regs[0]); i++) {
		if (!(use_gpio & (1 << i)))
			continue;
		if (!request_region(
  380:	48 8b 05 00 00 00 00 	mov    0x0(%rip),%rax        # 387 <ichx_gpio_probe+0x277>
			383: R_X86_64_PC32	.bss+0xb4
  387:	45 31 c0             	xor    %r8d,%r8d
  38a:	48 c7 c7 00 00 00 00 	mov    $0x0,%rdi
			38d: R_X86_64_32S	ioport_resource
  391:	48 8b 48 08          	mov    0x8(%rax),%rcx
  395:	48 8b 50 10          	mov    0x10(%rax),%rdx
  399:	48 63 c3             	movslq %ebx,%rax
  39c:	0f b6 34 01          	movzbl (%rcx,%rax,1),%esi       <===== FAULTING INSTN
  3a0:	4c 89 c9             	mov    %r9,%rcx
  3a3:	0f b6 14 1a          	movzbl (%rdx,%rbx,1),%edx
  3a7:	49 03 75 00          	add    0x0(%r13),%rsi
  3ab:	4c 89 4d c8          	mov    %r9,-0x38(%rbp)
  3af:	e8 00 00 00 00       	callq  3b4 <ichx_gpio_probe+0x2a4>
			3b0: R_X86_64_PC32	__request_region-0x4
  3b4:	4c 8b 4d c8          	mov    -0x38(%rbp),%r9
  3b8:	48 85 c0             	test   %rax,%rax
  3bb:	0f 85 17 fe ff ff    	jne    1d8 <ichx_gpio_probe+0xc8>
	}
	return 0;

request_err:
	/* Clean up: release already requested regions, if any */
	for (i--; i >= 0; i--) {
  3c1:	41 83 ef 01          	sub    $0x1,%r15d
  3c5:	41 83 ff ff          	cmp    $0xffffffff,%r15d
  3c9:	0f 84 d1 00 00 00    	je     4a0 <ichx_gpio_probe+0x390>
		if (!(use_gpio & (1 << i)))
  3cf:	45 0f a3 fe          	bt     %r15d,%r14d
  3d3:	73 ec                	jae    3c1 <ichx_gpio_probe+0x2b1>


Regards,
Peter Hurley

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Vincent Donnefort]

Hello Peter,

On Wed, May 07, 2014 at 09:22:37AM -0400, Peter Hurley wrote:
> Booting 3.15-rc3, I get this BUG when loading gpio_ich:
> 
>  BUG: unable to handle kernel NULL pointer dereference at           (null)
>  IP: [<ffffffffa042339c>] ichx_gpio_probe+0x28c/0x3d0 [gpio_ich]
>  usbcore: registered new interface driver btusb
>  PGD 2b04aa067 PUD 2af912067 PMD 0
>  Oops: 0000 [#1] PREEMPT SMP
>  Modules linked in: gpio_ich(+) btusb bluetooth psmouse snd i5400_edac ....
>  CPU: 3 PID: 1217 Comm: modprobe Not tainted 3.15.0-rc3+wip-xeon #rc3+wip
>  Hardware name: Dell Inc. Precision WorkStation T5400  /0RW203, BIOS A11 04/30/2012
>  task: ffff8802ae8448f0 ti: ffff8802b0d74000 task.ti: ffff8802b0d74000
>  RIP: 0010:[<ffffffffa042339c>]  [<ffffffffa042339c>] ichx_gpio_probe+0x28c/0x3d0 [gpio_ich]
>  RSP: 0018:ffff8802b0d75b78  EFLAGS: 00010246
>  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
>  RDX: 0000000000000000 RSI: 0000000000000100 RDI: ffffffff81c378a0
>  RBP: ffff8802b0d75bb8 R08: 0000000000000000 R09: ffff880036a0e2c8
>  R10: 0000000000005dc0 R11: 8000000000000000 R12: ffff880036a0e000
>  R13: ffff8800bad62bc0 R14: 0000000000000003 R15: 0000000000000000
>  FS:  00007fb9d38fa700(0000) GS:ffff8802bfcc0000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 0000000000000000 CR3: 00000002af445000 CR4: 00000000000007e0
>  Stack:
>   ffff8802b0d75b98 ffff880036a0e010 ffff880036a0e020 ffff880036a0e010
>   ffffffffa0425028 ffffffffa0425028 0000000000000000 0000000000000001
>   ffff8802b0d75be8 ffffffff814793f2 ffff8802b0d75ca8 ffff880036a0e010
>  Call Trace:
>   [<ffffffff814793f2>] platform_drv_probe+0x32/0x80
>   [<ffffffff8147784b>] driver_probe_device+0x8b/0x3a0
>   [<ffffffff81477c0b>] __driver_attach+0xab/0xb0
>   [<ffffffff81477b60>] ? driver_probe_device+0x3a0/0x3a0
>   [<ffffffff8147586d>] bus_for_each_dev+0x5d/0xa0
>   [<ffffffff8147727e>] driver_attach+0x1e/0x20
>   [<ffffffff81476dd4>] bus_add_driver+0x124/0x250
>   [<ffffffffa029a000>] ? 0xffffffffa0299fff
>   [<ffffffff81478314>] driver_register+0x64/0xf0
>   [<ffffffffa029a000>] ? 0xffffffffa0299fff
>   [<ffffffff8147926a>] __platform_driver_register+0x4a/0x50
>   [<ffffffffa029a017>] ichx_gpio_driver_init+0x17/0x1000 [gpio_ich]
>   [<ffffffff8100032a>] do_one_initcall+0xda/0x180
>   [<ffffffff8103e733>] ? set_memory_nx+0x43/0x50
>   [<ffffffff816ffeec>] ? set_section_ro_nx+0x6d/0x75
>   [<ffffffff810cc9f9>] load_module+0x1d79/0x2770
>   [<ffffffff810c8690>] ? unset_module_init_ro_nx+0x80/0x80
>   [<ffffffff81172f80>] ? __vmalloc_node_range+0x170/0x250
>   [<ffffffff810cd479>] ? SyS_init_module+0x89/0x100
>   [<ffffffff810cd4a2>] SyS_init_module+0xb2/0x100
>   [<ffffffff81719ad2>] system_call_fastpath+0x16/0x1b
>  Code: c7 05 fd 1f 00 00 40 51 42 a0 e9 00 fe ff ff 48 8b 05 f1 1f 00 00 45 31 c0 48 c7 c7 a0 78 c3 81 48 8b 48 08 48 8b 50 10 48 63 c3 <0f> b6 34 01 4c 89 c9 0f b6 14 1a 49 03 75 00 4c 89 4d c8 e8 ec
>  RIP  [<ffffffffa042339c>] ichx_gpio_probe+0x28c/0x3d0 [gpio_ich]
>   RSP <ffff8802b0d75b78>
>  CR2: 0000000000000000
> 
> 
> This is almost certainly caused by the uninitialized regs ptr
> in the ich6_desc struct (i3100_desc struct has the same problem)
> introduced in this commit:
> 
> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
> Author: Vincent Donnefort <vdonnefort@gmail.com>
> Date:   Fri Feb 14 15:01:56 2014 +0100
> 
>     gpio: ich: Add support for multiple register addresses
> 
>     This patch introduces regs and reglen pointers which allow a chipset to have
>     register addresses differing from ICH ones.
> 
>     Acked-by: Linus Walleij <linus.walleij@linaro.org>
>     Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
>     Signed-off-by: Lee Jones <lee.jones@linaro.org>
> 

Yes indeed, this must be linked to this thread https://lkml.org/lkml/2014/4/15/292 

Regards,
Vincent.

> 
> The relevant excerpts from the mixed listing are:
> 
> 0000000000000110 <ichx_gpio_probe>:
> 
> <...snip...>
> 
> 	for (i = 0; i < ARRAY_SIZE(ichx_priv.desc->regs[0]); i++) {
> 		if (!(use_gpio & (1 << i)))
> 			continue;
> 		if (!request_region(
>  380:	48 8b 05 00 00 00 00 	mov    0x0(%rip),%rax        # 387 <ichx_gpio_probe+0x277>
> 			383: R_X86_64_PC32	.bss+0xb4
>  387:	45 31 c0             	xor    %r8d,%r8d
>  38a:	48 c7 c7 00 00 00 00 	mov    $0x0,%rdi
> 			38d: R_X86_64_32S	ioport_resource
>  391:	48 8b 48 08          	mov    0x8(%rax),%rcx
>  395:	48 8b 50 10          	mov    0x10(%rax),%rdx
>  399:	48 63 c3             	movslq %ebx,%rax
>  39c:	0f b6 34 01          	movzbl (%rcx,%rax,1),%esi       <===== FAULTING INSTN
>  3a0:	4c 89 c9             	mov    %r9,%rcx
>  3a3:	0f b6 14 1a          	movzbl (%rdx,%rbx,1),%edx
>  3a7:	49 03 75 00          	add    0x0(%r13),%rsi
>  3ab:	4c 89 4d c8          	mov    %r9,-0x38(%rbp)
>  3af:	e8 00 00 00 00       	callq  3b4 <ichx_gpio_probe+0x2a4>
> 			3b0: R_X86_64_PC32	__request_region-0x4
>  3b4:	4c 8b 4d c8          	mov    -0x38(%rbp),%r9
>  3b8:	48 85 c0             	test   %rax,%rax
>  3bb:	0f 85 17 fe ff ff    	jne    1d8 <ichx_gpio_probe+0xc8>
> 	}
> 	return 0;
> 
> request_err:
> 	/* Clean up: release already requested regions, if any */
> 	for (i--; i >= 0; i--) {
>  3c1:	41 83 ef 01          	sub    $0x1,%r15d
>  3c5:	41 83 ff ff          	cmp    $0xffffffff,%r15d
>  3c9:	0f 84 d1 00 00 00    	je     4a0 <ichx_gpio_probe+0x390>
> 		if (!(use_gpio & (1 << i)))
>  3cf:	45 0f a3 fe          	bt     %r15d,%r14d
>  3d3:	73 ec                	jae    3c1 <ichx_gpio_probe+0x2b1>
> 
> 
> Regards,
> Peter Hurley

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Peter Hurley]

Hi Vincent,

On 05/07/2014 10:05 AM, Vincent Donnefort wrote:
> Hello Peter,

>> This is almost certainly caused by the uninitialized regs ptr
>> in the ich6_desc struct (i3100_desc struct has the same problem)
>> introduced in this commit:
>>
>> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
>> Author: Vincent Donnefort <vdonnefort@gmail.com>
>> Date:   Fri Feb 14 15:01:56 2014 +0100
>>
>>      gpio: ich: Add support for multiple register addresses
>>
>>      This patch introduces regs and reglen pointers which allow a chipset to have
>>      register addresses differing from ICH ones.
>>
>>      Acked-by: Linus Walleij <linus.walleij@linaro.org>
>>      Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
>>      Signed-off-by: Lee Jones <lee.jones@linaro.org>
>>
>
> Yes indeed, this must be linked to this thread https://lkml.org/lkml/2014/4/15/292

Thanks for the link.

I searched through LKML but without the driver name or the offending function
in the commit message I couldn't find it.

Linus,

What tree is this bug fix trapped in? I see it didn't make -rc4 either.

Regards,
Peter Hurley

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Linus Walleij]

On Wed, May 7, 2014 at 4:33 PM, Peter Hurley <peter@hurleysoftware.com> wrote:
> Hi Vincent,
>
> On 05/07/2014 10:05 AM, Vincent Donnefort wrote:
>>
>> Hello Peter,
>
>
>>> This is almost certainly caused by the uninitialized regs ptr
>>> in the ich6_desc struct (i3100_desc struct has the same problem)
>>> introduced in this commit:
>>>
>>> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
>>> Author: Vincent Donnefort <vdonnefort@gmail.com>
>>> Date:   Fri Feb 14 15:01:56 2014 +0100
>>>
>>>      gpio: ich: Add support for multiple register addresses
>>>
>>>      This patch introduces regs and reglen pointers which allow a chipset
>>> to have
>>>      register addresses differing from ICH ones.
>>>
>>>      Acked-by: Linus Walleij <linus.walleij@linaro.org>
>>>      Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
>>>      Signed-off-by: Lee Jones <lee.jones@linaro.org>
>>>
>>
>> Yes indeed, this must be linked to this thread
>> https://lkml.org/lkml/2014/4/15/292
>
>
> Thanks for the link.
>
> I searched through LKML but without the driver name or the offending
> function
> in the commit message I couldn't find it.
>
> Linus,
>
> What tree is this bug fix trapped in? I see it didn't make -rc4 either.

Since the last signoff is Lee I guess it's in the MFD tree?

Yours,
Linus Walleij

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Peter Hurley]

On 05/08/2014 05:48 PM, Linus Walleij wrote:
> On Wed, May 7, 2014 at 4:33 PM, Peter Hurley <peter@hurleysoftware.com> wrote:
>> Hi Vincent,
>>
>> On 05/07/2014 10:05 AM, Vincent Donnefort wrote:
>>>
>>> Hello Peter,
>>
>>
>>>> This is almost certainly caused by the uninitialized regs ptr
>>>> in the ich6_desc struct (i3100_desc struct has the same problem)
>>>> introduced in this commit:
>>>>
>>>> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
>>>> Author: Vincent Donnefort <vdonnefort@gmail.com>
>>>> Date:   Fri Feb 14 15:01:56 2014 +0100
>>>>
>>>>       gpio: ich: Add support for multiple register addresses
>>>>
>>>>       This patch introduces regs and reglen pointers which allow a chipset
>>>> to have
>>>>       register addresses differing from ICH ones.
>>>>
>>>>       Acked-by: Linus Walleij <linus.walleij@linaro.org>
>>>>       Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
>>>>       Signed-off-by: Lee Jones <lee.jones@linaro.org>
>>>>
>>>
>>> Yes indeed, this must be linked to this thread
>>> https://lkml.org/lkml/2014/4/15/292
>>
>>
>> Thanks for the link.
>>
>> I searched through LKML but without the driver name or the offending
>> function
>> in the commit message I couldn't find it.
>>
>> Linus,
>>
>> What tree is this bug fix trapped in? I see it didn't make -rc4 either.
>
> Since the last signoff is Lee I guess it's in the MFD tree?

The commit above is the buggy commit. I don't have a commit id for
the bug fix since I don't know what tree it's stuck in. Looking over
Lee's tree, I don't see it.

Below is your signoff on LKML of the fix.

On 04/22/2014 05:15 PM, Linus Walleij wrote:
 > On Tue, Apr 15, 2014 at 2:21 PM, Vincent Donnefort <vdonnefort@gmail.com> wrote:
 >
 >> From: Vincent Donnefort <vdonnefort@gmail.com>
 >>
 >> This patch fixes kernel NULL pointer BUG introduced by the following commit:
 >> b667cf488aa9476b0ab64acd91f2a96f188cfd21
 >> gpio: ich: Add support for multiple register addresses.
 >>
 >> Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
 >
 > Patch applied for fixes with Eric's tested-by tag.

Please expedite this fix as it has already missed -rc3 & -rc4.

Regards,
Peter Hurley

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Lee Jones]

On Thu, 08 May 2014, Linus Walleij wrote:

> On Wed, May 7, 2014 at 4:33 PM, Peter Hurley <peter@hurleysoftware.com> wrote:
> > Hi Vincent,
> >
> > On 05/07/2014 10:05 AM, Vincent Donnefort wrote:
> >>
> >> Hello Peter,
> >
> >
> >>> This is almost certainly caused by the uninitialized regs ptr
> >>> in the ich6_desc struct (i3100_desc struct has the same problem)
> >>> introduced in this commit:
> >>>
> >>> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
> >>> Author: Vincent Donnefort <vdonnefort@gmail.com>
> >>> Date:   Fri Feb 14 15:01:56 2014 +0100
> >>>
> >>>      gpio: ich: Add support for multiple register addresses
> >>>
> >>>      This patch introduces regs and reglen pointers which allow a chipset
> >>> to have
> >>>      register addresses differing from ICH ones.
> >>>
> >>>      Acked-by: Linus Walleij <linus.walleij@linaro.org>
> >>>      Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
> >>>      Signed-off-by: Lee Jones <lee.jones@linaro.org>
> >>>
> >>
> >> Yes indeed, this must be linked to this thread
> >> https://lkml.org/lkml/2014/4/15/292
> >
> >
> > Thanks for the link.
> >
> > I searched through LKML but without the driver name or the offending
> > function
> > in the commit message I couldn't find it.
> >
> > Linus,
> >
> > What tree is this bug fix trapped in? I see it didn't make -rc4 either.
> 
> Since the last signoff is Lee I guess it's in the MFD tree?

This patch is in Mainline.

Search for $SUBJECT.

-- 
Lee Jones
Linaro STMicroelectronics Landing Team Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Peter Hurley]

On 05/09/2014 03:20 AM, Lee Jones wrote:
> On Thu, 08 May 2014, Linus Walleij wrote:
>
>> On Wed, May 7, 2014 at 4:33 PM, Peter Hurley <peter@hurleysoftware.com> wrote:
>>> Hi Vincent,
>>>
>>> On 05/07/2014 10:05 AM, Vincent Donnefort wrote:
>>>>
>>>> Hello Peter,
>>>
>>>
>>>>> This is almost certainly caused by the uninitialized regs ptr
>>>>> in the ich6_desc struct (i3100_desc struct has the same problem)
>>>>> introduced in this commit:
>>>>>
>>>>> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
>>>>> Author: Vincent Donnefort <vdonnefort@gmail.com>
>>>>> Date:   Fri Feb 14 15:01:56 2014 +0100
>>>>>
>>>>>       gpio: ich: Add support for multiple register addresses
>>>>>
>>>>>       This patch introduces regs and reglen pointers which allow a chipset
>>>>> to have
>>>>>       register addresses differing from ICH ones.
>>>>>
>>>>>       Acked-by: Linus Walleij <linus.walleij@linaro.org>
>>>>>       Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
>>>>>       Signed-off-by: Lee Jones <lee.jones@linaro.org>
>>>>>
>>>>
>>>> Yes indeed, this must be linked to this thread
>>>> https://lkml.org/lkml/2014/4/15/292
>>>
>>>
>>> Thanks for the link.
>>>
>>> I searched through LKML but without the driver name or the offending
>>> function
>>> in the commit message I couldn't find it.
>>>
>>> Linus,
>>>
>>> What tree is this bug fix trapped in? I see it didn't make -rc4 either.
>>
>> Since the last signoff is Lee I guess it's in the MFD tree?
>
> This patch is in Mainline.
>
> Search for $SUBJECT.

Hmmm. Search for '[PATCH] gpio: ich: set regs and reglen for i3100 and ich6 chipset'
(which is the bug fix for the buggy commit) turns up nothing in mainline.

This bug was reported on April 14 in -rc1 by Eric Paris here
http://lkml.iu.edu/hypermail/linux/kernel/1404.1/03833.html
and _fixed_ a day later on April 15 by Vincent Donnefort here
https://lkml.org/lkml/2014/4/15/292
It was signed off by Linus Walleij on the same day here
https://lkml.org/lkml/2014/4/22/1128

Since this bug fix never made it to mainline, I re-discovered
the bug in -rc3 and reported it here
http://lists-archives.com/linux-kernel/28051348-bug-null-ptr-dereference-in-ichx_gpio_request_regions.html
(presumably, you received a copy of that email).
Vincent replied with the link to the previous bug fix.

Since that time, I have been trying to find in which tree that
bug fix is stuck, but I just keep getting replies which show
an uncareful reading of this thread.

Regards,
Peter Hurley

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Josh Boyer]

On Fri, May 9, 2014 at 7:30 AM, Peter Hurley <peter@hurleysoftware.com> wrote:
> On 05/09/2014 03:20 AM, Lee Jones wrote:
>>
>> On Thu, 08 May 2014, Linus Walleij wrote:
>>
>>> On Wed, May 7, 2014 at 4:33 PM, Peter Hurley <peter@hurleysoftware.com>
>>> wrote:
>>>>
>>>> Hi Vincent,
>>>>
>>>> On 05/07/2014 10:05 AM, Vincent Donnefort wrote:
>>>>>
>>>>>
>>>>> Hello Peter,
>>>>
>>>>
>>>>
>>>>>> This is almost certainly caused by the uninitialized regs ptr
>>>>>> in the ich6_desc struct (i3100_desc struct has the same problem)
>>>>>> introduced in this commit:
>>>>>>
>>>>>> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
>>>>>> Author: Vincent Donnefort <vdonnefort@gmail.com>
>>>>>> Date:   Fri Feb 14 15:01:56 2014 +0100
>>>>>>
>>>>>>       gpio: ich: Add support for multiple register addresses
>>>>>>
>>>>>>       This patch introduces regs and reglen pointers which allow a
>>>>>> chipset
>>>>>> to have
>>>>>>       register addresses differing from ICH ones.
>>>>>>
>>>>>>       Acked-by: Linus Walleij <linus.walleij@linaro.org>
>>>>>>       Signed-off-by: Vincent Donnefort <vdonnefort@gmail.com>
>>>>>>       Signed-off-by: Lee Jones <lee.jones@linaro.org>
>>>>>>
>>>>>
>>>>> Yes indeed, this must be linked to this thread
>>>>> https://lkml.org/lkml/2014/4/15/292
>>>>
>>>>
>>>>
>>>> Thanks for the link.
>>>>
>>>> I searched through LKML but without the driver name or the offending
>>>> function
>>>> in the commit message I couldn't find it.
>>>>
>>>> Linus,
>>>>
>>>> What tree is this bug fix trapped in? I see it didn't make -rc4 either.
>>>
>>>
>>> Since the last signoff is Lee I guess it's in the MFD tree?
>>
>>
>> This patch is in Mainline.
>>
>> Search for $SUBJECT.
>
>
> Hmmm. Search for '[PATCH] gpio: ich: set regs and reglen for i3100 and ich6
> chipset'
> (which is the bug fix for the buggy commit) turns up nothing in mainline.

It's not in mainline (as you've found).

> This bug was reported on April 14 in -rc1 by Eric Paris here
> http://lkml.iu.edu/hypermail/linux/kernel/1404.1/03833.html
> and _fixed_ a day later on April 15 by Vincent Donnefort here
> https://lkml.org/lkml/2014/4/15/292
> It was signed off by Linus Walleij on the same day here
> https://lkml.org/lkml/2014/4/22/1128

To add to this, Fedora picked up the patch shortly after that as an
add-on patch to 3.15-rcX.  We are still carrying that separate patch
on top of 3.15-rc4.

> Since this bug fix never made it to mainline, I re-discovered
> the bug in -rc3 and reported it here
> http://lists-archives.com/linux-kernel/28051348-bug-null-ptr-dereference-in-ichx_gpio_request_regions.html
> (presumably, you received a copy of that email).
> Vincent replied with the link to the previous bug fix.

Right, still missing in -rc4.

> Since that time, I have been trying to find in which tree that
> bug fix is stuck, but I just keep getting replies which show
> an uncareful reading of this thread.

Yep.

Someone please get this into the mainline tree.

josh

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Linus Walleij]

On Fri, May 9, 2014 at 2:29 PM, Josh Boyer <jwboyer@fedoraproject.org> wrote:

>> Hmmm. Search for '[PATCH] gpio: ich: set regs and reglen for i3100 and ich6
>> chipset'
>> (which is the bug fix for the buggy commit) turns up nothing in mainline.
>
> It's not in mainline (as you've found).

Has this been fixed now then? *I* can see it in mainline.

Yours,
Linus Walleij

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Josh Boyer]

On Tue, May 13, 2014 at 5:34 AM, Linus Walleij <linus.walleij@linaro.org> wrote:
> On Fri, May 9, 2014 at 2:29 PM, Josh Boyer <jwboyer@fedoraproject.org> wrote:
>
>>> Hmmm. Search for '[PATCH] gpio: ich: set regs and reglen for i3100 and ich6
>>> chipset'
>>> (which is the bug fix for the buggy commit) turns up nothing in mainline.
>>
>> It's not in mainline (as you've found).
>
> Has this been fixed now then? *I* can see it in mainline.

Not that I can see as of this morning.  I saw your pull request go to
Linus that contains the fix, but he hasn't pulled it into mainline
yet.  So hopefully soon.  Not sure where you're looking to already see
it though.

josh

Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Linus Walleij]

On Tue, May 13, 2014 at 2:50 PM, Josh Boyer <jwboyer@fedoraproject.org> wrote:
> On Tue, May 13, 2014 at 5:34 AM, Linus Walleij <linus.walleij@linaro.org> wrote:
>> On Fri, May 9, 2014 at 2:29 PM, Josh Boyer <jwboyer@fedoraproject.org> wrote:
>>
>>>> Hmmm. Search for '[PATCH] gpio: ich: set regs and reglen for i3100 and ich6
>>>> chipset'
>>>> (which is the bug fix for the buggy commit) turns up nothing in mainline.
>>>
>>> It's not in mainline (as you've found).
>>
>> Has this been fixed now then? *I* can see it in mainline.
>
> Not that I can see as of this morning.  I saw your pull request go to
> Linus that contains the fix, but he hasn't pulled it into mainline
> yet.  So hopefully soon.  Not sure where you're looking to already see
> it though.

Yeah well I'm confused. Hope the pull request will fix
it, maybe something was missed somehow :-/

Yours,
Linus Walleij