From: Greg KH <gregkh@suse.de>
To: Jaroslav Kysela <perex@suse.cz>
Cc: Andrew Morton <akpm@osdl.org>,
ALSA development <alsa-devel@alsa-project.org>,
Takashi Iwai <tiwai@suse.de>, LKML <linux-kernel@vger.kernel.org>,
Jiri Kosina <jikos@jikos.cz>,
Alan Stern <stern@rowland.harvard.edu>,
Castet Matthieu <castet.matthieu@free.fr>
Subject: Re: [PATCH] ALSA: fix kernel panic in initialization of mpu401 driver
Date: Thu, 5 Oct 2006 10:58:52 -0700 [thread overview]
Message-ID: <20061005175852.GC15180@suse.de> (raw)
In-Reply-To: <Pine.LNX.4.61.0610051614220.9351@tm8103.perex-int.cz>
On Thu, Oct 05, 2006 at 04:16:01PM +0200, Jaroslav Kysela wrote:
> On Thu, 5 Oct 2006, Alan Stern wrote:
>
> > On Thu, 5 Oct 2006, Jaroslav Kysela wrote:
> >
> > > On Wed, 4 Oct 2006, Jiri Kosina wrote:
> > >
> > > > I am getting kernel panic (NULL pointer dereference) on boot, with kernel
> > > > compiled with CONFIG_SND_MPU401_UART=y, on machine which does not have
> > > > this piece of hardware.
> > > >
> > > > I have traced the problem down to
> > > > sound/drivers/mpu401/mpu401.c:snd_mpu401_probe() returning EINVAL, when
> > > > either port or IRQ parameters are not specified.
> > > >
> > > > In such case, the drivers/base/bus.c:bus_attach_device() does not perform
> > > > klist_add_tail() call, but rather sets dev->is_registered to 0. This flag
> > > > is however not checked by the driver, so later on, when
> > > > alsa_card_mpu401_init() is called and platform_device_register_simple()
> > > > fails, the following callchain happens, causing NULL pointer dereference:
> > > > alsa_card_mpu401_init() -> platform_device_unregister() ->
> > > > platform_device_del() -> device_del() -> bus_remove_device() ->
> > > > klist_del() -> BOOM (the entry was not added to klist in
> > > > bus_attach_device()).
> > > >
> > > > Proper solution is returning ENODEV from the ->probe() routine, which will
> > > > be correctly handled then by the rest of the device-driver attaching
> > > > subsystem (namely the retval check in bus_attach_device()). The following
> > > > patch fixes the problem, please apply.
> > >
> > > Unfortunately, I do not think that it's a proper solution. I think that
> > > platform device layer should play more nicely and if probe() fails for
> > > a reason and if platform_device_register_simple() does not set
> > > IS_ERR(), then platform_device_unregister() must be callable to free
> > > all resources.
> > >
> > > Also, you've proposed to not fix all returns in snd_mpu401_probe() only
> > > first two.
> > >
> > > I would reject this patch and fix drivers/base/bus.c. The problematic
> > > change is in commit f2eaae197f4590c4d96f31b09b0ee9067421a95c and this
> > > patch will probably fix it:
> >
> > Your patch is right as far as it goes, but it misses part of the problem.
> > device_add() shouldn't ignore the return value from bus_attach_device().
> > That's why we ended up trying to unregister a device which never was
> > properly registered in the first place.
> >
> > What do you think of this addition to your patch (untested)?
>
> Your addition looks good. Acked from me.
Great, Alan, care to resend with a better description and the proper
signed-off-by lines?
thanks,
greg k-h
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@suse.de>
To: Jaroslav Kysela <perex@suse.cz>
Cc: Alan Stern <stern@rowland.harvard.edu>,
Jiri Kosina <jikos@jikos.cz>,
Castet Matthieu <castet.matthieu@free.fr>,
Takashi Iwai <tiwai@suse.de>, LKML <linux-kernel@vger.kernel.org>,
ALSA development <alsa-devel@alsa-project.org>,
Andrew Morton <akpm@osdl.org>
Subject: Re: [PATCH] ALSA: fix kernel panic in initialization of mpu401 driver
Date: Thu, 5 Oct 2006 10:58:52 -0700 [thread overview]
Message-ID: <20061005175852.GC15180@suse.de> (raw)
In-Reply-To: <Pine.LNX.4.61.0610051614220.9351@tm8103.perex-int.cz>
On Thu, Oct 05, 2006 at 04:16:01PM +0200, Jaroslav Kysela wrote:
> On Thu, 5 Oct 2006, Alan Stern wrote:
>
> > On Thu, 5 Oct 2006, Jaroslav Kysela wrote:
> >
> > > On Wed, 4 Oct 2006, Jiri Kosina wrote:
> > >
> > > > I am getting kernel panic (NULL pointer dereference) on boot, with kernel
> > > > compiled with CONFIG_SND_MPU401_UART=y, on machine which does not have
> > > > this piece of hardware.
> > > >
> > > > I have traced the problem down to
> > > > sound/drivers/mpu401/mpu401.c:snd_mpu401_probe() returning EINVAL, when
> > > > either port or IRQ parameters are not specified.
> > > >
> > > > In such case, the drivers/base/bus.c:bus_attach_device() does not perform
> > > > klist_add_tail() call, but rather sets dev->is_registered to 0. This flag
> > > > is however not checked by the driver, so later on, when
> > > > alsa_card_mpu401_init() is called and platform_device_register_simple()
> > > > fails, the following callchain happens, causing NULL pointer dereference:
> > > > alsa_card_mpu401_init() -> platform_device_unregister() ->
> > > > platform_device_del() -> device_del() -> bus_remove_device() ->
> > > > klist_del() -> BOOM (the entry was not added to klist in
> > > > bus_attach_device()).
> > > >
> > > > Proper solution is returning ENODEV from the ->probe() routine, which will
> > > > be correctly handled then by the rest of the device-driver attaching
> > > > subsystem (namely the retval check in bus_attach_device()). The following
> > > > patch fixes the problem, please apply.
> > >
> > > Unfortunately, I do not think that it's a proper solution. I think that
> > > platform device layer should play more nicely and if probe() fails for
> > > a reason and if platform_device_register_simple() does not set
> > > IS_ERR(), then platform_device_unregister() must be callable to free
> > > all resources.
> > >
> > > Also, you've proposed to not fix all returns in snd_mpu401_probe() only
> > > first two.
> > >
> > > I would reject this patch and fix drivers/base/bus.c. The problematic
> > > change is in commit f2eaae197f4590c4d96f31b09b0ee9067421a95c and this
> > > patch will probably fix it:
> >
> > Your patch is right as far as it goes, but it misses part of the problem.
> > device_add() shouldn't ignore the return value from bus_attach_device().
> > That's why we ended up trying to unregister a device which never was
> > properly registered in the first place.
> >
> > What do you think of this addition to your patch (untested)?
>
> Your addition looks good. Acked from me.
Great, Alan, care to resend with a better description and the proper
signed-off-by lines?
thanks,
greg k-h
next prev parent reply other threads:[~2006-10-05 18:48 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-04 20:22 [PATCH] ALSA: fix kernel panic in initialization of mpu401 driver Jiri Kosina
2006-10-04 20:22 ` Jiri Kosina
2006-10-05 8:07 ` Jaroslav Kysela
2006-10-05 8:07 ` Jaroslav Kysela
2006-10-05 9:57 ` Jiri Kosina
2006-10-05 9:57 ` Jiri Kosina
2006-10-05 14:02 ` Alan Stern
2006-10-05 14:16 ` Jaroslav Kysela
2006-10-05 14:16 ` Jaroslav Kysela
2006-10-05 17:58 ` Greg KH [this message]
2006-10-05 17:58 ` Greg KH
2006-10-05 21:03 ` [PATCH] Driver core: Don't ignore error returns from probing Alan Stern
2006-10-05 21:03 ` Alan Stern
2006-10-06 7:53 ` Cornelia Huck
2006-10-06 7:53 ` Cornelia Huck
2006-10-06 7:57 ` [PATCH] driver core: bus_attach_device() retval check Cornelia Huck
2006-10-06 9:41 ` [PATCH] Driver core: Don't ignore error returns from probing Jaroslav Kysela
2006-10-06 9:41 ` [Alsa-devel] " Jaroslav Kysela
2006-10-06 11:14 ` Cornelia Huck
2006-10-06 11:14 ` [Alsa-devel] " Cornelia Huck
2006-10-06 11:46 ` Jaroslav Kysela
2006-10-06 11:46 ` [Alsa-devel] " Jaroslav Kysela
2006-10-06 18:12 ` Alan Stern
2006-10-06 18:12 ` [Alsa-devel] " Alan Stern
2006-10-09 11:10 ` Cornelia Huck
2006-10-09 11:10 ` Cornelia Huck
2006-10-09 11:14 ` [PATCH] Driver core: Don't ignore bus_attach_device() retval Cornelia Huck
2006-10-09 14:10 ` Alan Stern
2006-10-11 14:49 ` Alan Stern
2006-10-12 9:30 ` Cornelia Huck
2006-10-12 15:59 ` Alan Stern
2006-10-12 17:17 ` Cornelia Huck
2006-10-12 21:41 ` Alan Stern
2006-10-13 6:37 ` Cornelia Huck
2006-10-05 14:02 ` [PATCH] ALSA: fix kernel panic in initialization of mpu401 driver Alan Stern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061005175852.GC15180@suse.de \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=alsa-devel@alsa-project.org \
--cc=castet.matthieu@free.fr \
--cc=jikos@jikos.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@suse.cz \
--cc=stern@rowland.harvard.edu \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.