From: Mathieu Poirier <mathieu.poirier@linaro.org> To: gregkh@linuxfoundation.org Cc: suzuki.poulose@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/3] coresight: Fix tmc_read_unprepare_etr Date: Tue, 14 Jun 2016 11:17:13 -0600 [thread overview] Message-ID: <1465924634-22310-3-git-send-email-mathieu.poirier@linaro.org> (raw) In-Reply-To: <1465924634-22310-1-git-send-email-mathieu.poirier@linaro.org> From: Suzuki K Poulose <suzuki.poulose@arm.com> At the end of the trace capture, we free the allocated memory, resetting the drvdata->buf to NULL, to indicate that trace data was collected and the next trace session should allocate the memory in tmc_enable_etr_sink_sysfs. The tmc_enable_etr_sink_sysfs, we only allocate memory if drvdata->vaddr is not NULL (which is not performed at the end of previous session). This can cause, drvdata->vaddr getting assigned NULL and later we do memset() which causes a crash as below : Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = ffffffc9747f0000 [00000000] *pgd=00000009f402e003, *pud=00000009f402e003, *pmd=0000000000000000 Internal error: Oops: 96000046 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1592 Comm: bash Not tainted 4.7.0-rc1+ #1712 Hardware name: ARM Juno development board (r0) (DT) task: ffffffc078fe0080 ti: ffffffc974178000 task.ti: ffffffc974178000 PC is at __memset+0x1ac/0x200 LR is at tmc_enable_etr_sink+0xf8/0x304 pc : [<ffffff80083a002c>] lr : [<ffffff800859be44>] pstate: 400001c5 sp : ffffffc97417bc00 x29: ffffffc97417bc00 x28: ffffffc974178000 Call trace: Exception stack(0xffffffc97417ba40 to 0xffffffc97417bb60) ba40: 0000000000000001 ffffffc974a5d098 ffffffc97417bc00 ffffff80083a002c ba60: ffffffc974a5d118 0000000000000000 0000000000000000 0000000000000000 ba80: 0000000000000001 0000000000000000 ffffff800859bdec 0000000000000040 baa0: ffffff8008b45b58 00000000000001c0 ffffffc97417baf0 ffffff80080eddb4 bac0: 0000000000000003 ffffffc078fe0080 ffffffc078fe0960 ffffffc078fe0940 bae0: 0000000000000000 0000000000000000 00000000007fffc0 0000000000000004 bb00: 0000000000000000 0000000000000040 000000000000003f 0000000000000000 bb20: 0000000000000000 0000000000000000 0000000000000000 0000000000000001 bb40: ffffffc078fe0960 0000000000000018 ffffffffffffffff 0008669628000000 [<ffffff80083a002c>] __memset+0x1ac/0x200 [<ffffff8008599814>] coresight_enable_path+0xa8/0x1dc [<ffffff8008599b10>] coresight_enable+0x88/0x1b8 [<ffffff8008599d88>] enable_source_store+0x3c/0x6c [<ffffff800845eaf4>] dev_attr_store+0x18/0x28 [<ffffff80082829e8>] sysfs_kf_write+0x54/0x64 [<ffffff8008281c30>] kernfs_fop_write+0x148/0x1d8 [<ffffff8008200128>] __vfs_write+0x28/0x110 [<ffffff8008200e88>] vfs_write+0xa0/0x198 [<ffffff80082021b0>] SyS_write+0x44/0xa0 [<ffffff8008084e70>] el0_svc_naked+0x24/0x28 Code: 91010108 54ffff4a 8b040108 cb050042 (d50b7428) This patch fixes the issue by clearing the drvdata->vaddr while we free the allocated buffer at the end of a session, so that we allocate the memory again. Cc: mathieu.poirier@linaro.org Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org> --- drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c index 847d1b5f2c13..3369d7a80a51 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c @@ -315,7 +315,7 @@ int tmc_read_unprepare_etr(struct tmc_drvdata *drvdata) */ vaddr = drvdata->vaddr; paddr = drvdata->paddr; - drvdata->buf = NULL; + drvdata->buf = drvdata->vaddr = NULL; } drvdata->reading = false; -- 2.5.0
WARNING: multiple messages have this Message-ID (diff)
From: mathieu.poirier@linaro.org (Mathieu Poirier) To: linux-arm-kernel@lists.infradead.org Subject: [PATCH 2/3] coresight: Fix tmc_read_unprepare_etr Date: Tue, 14 Jun 2016 11:17:13 -0600 [thread overview] Message-ID: <1465924634-22310-3-git-send-email-mathieu.poirier@linaro.org> (raw) In-Reply-To: <1465924634-22310-1-git-send-email-mathieu.poirier@linaro.org> From: Suzuki K Poulose <suzuki.poulose@arm.com> At the end of the trace capture, we free the allocated memory, resetting the drvdata->buf to NULL, to indicate that trace data was collected and the next trace session should allocate the memory in tmc_enable_etr_sink_sysfs. The tmc_enable_etr_sink_sysfs, we only allocate memory if drvdata->vaddr is not NULL (which is not performed at the end of previous session). This can cause, drvdata->vaddr getting assigned NULL and later we do memset() which causes a crash as below : Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = ffffffc9747f0000 [00000000] *pgd=00000009f402e003, *pud=00000009f402e003, *pmd=0000000000000000 Internal error: Oops: 96000046 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1592 Comm: bash Not tainted 4.7.0-rc1+ #1712 Hardware name: ARM Juno development board (r0) (DT) task: ffffffc078fe0080 ti: ffffffc974178000 task.ti: ffffffc974178000 PC is at __memset+0x1ac/0x200 LR is at tmc_enable_etr_sink+0xf8/0x304 pc : [<ffffff80083a002c>] lr : [<ffffff800859be44>] pstate: 400001c5 sp : ffffffc97417bc00 x29: ffffffc97417bc00 x28: ffffffc974178000 Call trace: Exception stack(0xffffffc97417ba40 to 0xffffffc97417bb60) ba40: 0000000000000001 ffffffc974a5d098 ffffffc97417bc00 ffffff80083a002c ba60: ffffffc974a5d118 0000000000000000 0000000000000000 0000000000000000 ba80: 0000000000000001 0000000000000000 ffffff800859bdec 0000000000000040 baa0: ffffff8008b45b58 00000000000001c0 ffffffc97417baf0 ffffff80080eddb4 bac0: 0000000000000003 ffffffc078fe0080 ffffffc078fe0960 ffffffc078fe0940 bae0: 0000000000000000 0000000000000000 00000000007fffc0 0000000000000004 bb00: 0000000000000000 0000000000000040 000000000000003f 0000000000000000 bb20: 0000000000000000 0000000000000000 0000000000000000 0000000000000001 bb40: ffffffc078fe0960 0000000000000018 ffffffffffffffff 0008669628000000 [<ffffff80083a002c>] __memset+0x1ac/0x200 [<ffffff8008599814>] coresight_enable_path+0xa8/0x1dc [<ffffff8008599b10>] coresight_enable+0x88/0x1b8 [<ffffff8008599d88>] enable_source_store+0x3c/0x6c [<ffffff800845eaf4>] dev_attr_store+0x18/0x28 [<ffffff80082829e8>] sysfs_kf_write+0x54/0x64 [<ffffff8008281c30>] kernfs_fop_write+0x148/0x1d8 [<ffffff8008200128>] __vfs_write+0x28/0x110 [<ffffff8008200e88>] vfs_write+0xa0/0x198 [<ffffff80082021b0>] SyS_write+0x44/0xa0 [<ffffff8008084e70>] el0_svc_naked+0x24/0x28 Code: 91010108 54ffff4a 8b040108 cb050042 (d50b7428) This patch fixes the issue by clearing the drvdata->vaddr while we free the allocated buffer at the end of a session, so that we allocate the memory again. Cc: mathieu.poirier at linaro.org Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org> --- drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c index 847d1b5f2c13..3369d7a80a51 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c @@ -315,7 +315,7 @@ int tmc_read_unprepare_etr(struct tmc_drvdata *drvdata) */ vaddr = drvdata->vaddr; paddr = drvdata->paddr; - drvdata->buf = NULL; + drvdata->buf = drvdata->vaddr = NULL; } drvdata->reading = false; -- 2.5.0
next prev parent reply other threads:[~2016-06-14 17:23 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2016-06-14 17:17 [PATCH 0/3] coresight: fix for v4.7-rcX Mathieu Poirier 2016-06-14 17:17 ` Mathieu Poirier 2016-06-14 17:17 ` [PATCH 1/3] coresight: Fix NULL pointer dereference in _coresight_build_path Mathieu Poirier 2016-06-14 17:17 ` Mathieu Poirier 2016-06-14 17:17 ` Mathieu Poirier [this message] 2016-06-14 17:17 ` [PATCH 2/3] coresight: Fix tmc_read_unprepare_etr Mathieu Poirier 2016-06-14 17:17 ` [PATCH 3/3] coresight: Fix erroneous memset in tmc_read_unprepare_etr Mathieu Poirier 2016-06-14 17:17 ` Mathieu Poirier
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1465924634-22310-3-git-send-email-mathieu.poirier@linaro.org \ --to=mathieu.poirier@linaro.org \ --cc=gregkh@linuxfoundation.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=suzuki.poulose@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.