From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BBDDC4332F for ; Fri, 5 Nov 2021 16:19:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0F4CF611C4 for ; Fri, 5 Nov 2021 16:19:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233109AbhKEQW1 (ORCPT ); Fri, 5 Nov 2021 12:22:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232711AbhKEQW0 (ORCPT ); Fri, 5 Nov 2021 12:22:26 -0400 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B334C061205 for ; Fri, 5 Nov 2021 09:19:46 -0700 (PDT) Received: by mail-wr1-x42f.google.com with SMTP id n29so2835833wra.11 for ; Fri, 05 Nov 2021 09:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=rbAN5/q5aC9W3g+TNBCzDR83qZDPyKlQY+DOynOxaWc=; b=VhRTph4H734/VFWv5Yc71JjNDUjDWgs0/IuG/jYe+c8C50wENnseJ+QPDkeHwA/Nue 3Xbz6x92PZ1BndQkUjML5iQSRz57Exiqd4kboE5ww4Ti3PhYah3rJXKFO3VBZuHPSm5d /Vp2YxW1Ff7eL1Hof4VeOgn/6RiT1J2qNZBgTT5dWMbqkoNDUOHmieu/xtNsT+DOfHse lp4ngxhcokO09ZxK4RxQit5P3ZgRlqPR9QAcPp8UKoyZIKMT5Ch7QIC8S6CWCGMCMyRa K4TrMCiO7ZTy3gyYspywYPzKmkKetTIZYOYIW9iHGu85e53bazQM34oeM0j/mZqmD+Bq Zgqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=rbAN5/q5aC9W3g+TNBCzDR83qZDPyKlQY+DOynOxaWc=; b=lKgZTFfnzygvjRifzZXm0juOz8QkuCvmV672JQsu6Og/B26E9NeJl9wdJToKa5iAbT ypjx3ikWP2Ueei4RXt5+fay4tp554eyMifAkh3Sfu+ZCqFp4MHwieFxq9YZkXRo4qtLn MUuLex7/MEEadRQPTWpa5W0dc8vFwyAdpcZM9XJk3k+NWcWx4MICZQL5ADf5FkdaUKr+ uJ3SC8PMWWhoEEVRXU2q6v8CHuaHIzSa39uUrKvlAU0vpxZB1WrctSuy6Vj+t4psItN+ amlb/Cs+1On9roBcrclg0rx0mLK5hmV+G3pIvhyo0Ilt2SUnPLl2pjYfsty0cb+dRaGu tmig== X-Gm-Message-State: AOAM5339ChBzbGa+uYs1WaO8N5SeWTSJVu+MudTQNMgu4VWSJlq/RQFX yjYe0pdlKSbTQAdzrkZ4VL0o6A== X-Google-Smtp-Source: ABdhPJy4CVexYxHVciN9OvU9Rmn1DM0uKsGgR4pRPBwBd95RUZkv9/fHFHDsW2awhxYolxwd+SzRiA== X-Received: by 2002:a5d:4575:: with SMTP id a21mr60441042wrc.193.1636129184919; Fri, 05 Nov 2021 09:19:44 -0700 (PDT) Received: from ?IPv6:2a01:e34:ed2f:f020:decd:efcb:adc8:b46? ([2a01:e34:ed2f:f020:decd:efcb:adc8:b46]) by smtp.googlemail.com with ESMTPSA id x4sm6686432wmi.3.2021.11.05.09.19.43 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Nov 2021 09:19:43 -0700 (PDT) Subject: Re: [RESEND PATCH v2] thermal: Fix a NULL pointer dereference To: "Rafael J. Wysocki" , Subbaraman Narayanamurthy Cc: Amit Kucheria , Zhang Rui , Nick Desaulniers , Linux PM , Linux Kernel Mailing List , David Collins , Manaf Meethalavalappu Pallikunhi , Stable References: <1636070227-15909-1-git-send-email-quic_subbaram@quicinc.com> From: Daniel Lezcano Message-ID: Date: Fri, 5 Nov 2021 17:19:42 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/11/2021 16:14, Rafael J. Wysocki wrote: > On Fri, Nov 5, 2021 at 12:57 AM Subbaraman Narayanamurthy > wrote: >> >> of_parse_thermal_zones() parses the thermal-zones node and registers a >> thermal_zone device for each subnode. However, if a thermal zone is >> consuming a thermal sensor and that thermal sensor device hasn't probed >> yet, an attempt to set trip_point_*_temp for that thermal zone device >> can cause a NULL pointer dereference. Fix it. >> >> console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp >> ... >> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 >> ... >> Call trace: >> of_thermal_set_trip_temp+0x40/0xc4 >> trip_point_temp_store+0xc0/0x1dc >> dev_attr_store+0x38/0x88 >> sysfs_kf_write+0x64/0xc0 >> kernfs_fop_write_iter+0x108/0x1d0 >> vfs_write+0x2f4/0x368 >> ksys_write+0x7c/0xec >> __arm64_sys_write+0x20/0x30 >> el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc >> do_el0_svc+0x28/0xa0 >> el0_svc+0x14/0x24 >> el0_sync_handler+0x88/0xec >> el0_sync+0x1c0/0x200 >> >> While at it, fix the possible NULL pointer dereference in other >> functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(), >> of_thermal_get_trend(). > > Can the subject be more specific, please? > > The issue appears to be limited to the of_thermal_ family of > functions, but the subject doesn't reflect that at all. > >> Suggested-by: David Collins >> Signed-off-by: Subbaraman Narayanamurthy > > Daniel, any concerns regarding the code changes below? I've a concern about the root cause but I did not have time to investigate how to fix it nicely. thermal_of is responsible of introducing itself between the thermal core code and the backend. So it defines the ops which in turn call the sensor ops leading us to this problem. So, without a better solution, this fix can be applied until we rethink the thermal_of approach. Acked-by: Daniel Lezcano -- Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog