Re: [PATCH] dma-debug: Do not add notifier when dma debugging is disabled.

[Joerg Roedel <joerg.roedel@amd.com>]

On Thu, Dec 17, 2009 at 06:00:36PM -0600, Shaun Ruffell wrote:
> If CONFIG_HAVE_DMA_API_DEBUG is defined and "dma_debug=off" is
> specified on the kernel command line, when you detach a driver from a
> device you can cause the following NULL pointer dereference:
> 
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: [<c0580d35>] dma_debug_device_change+0x5d/0x117
> 
> The problem is that the dma_debug_device_change notifier function is
> added to the bus notifier chain even though the dma_entry_hash array
> was never initialized.  If dma debugging is disabled, this patch both
> prevents dma_debug_device_change notifiers from being added to the
> chain, and additionally ensures that the dma_entry_hash array is always
> initialized to a valid state.

Thanks for the fix. I applied a slightly different version to
dma-debug/fixes branch of my tree. See below for the patch I applied.

>From d9c18bf39cd45ff1e68b9b357eca08b4556d66c1 Mon Sep 17 00:00:00 2001
From: Shaun Ruffell <sruffell@digium.com>
Date: Thu, 17 Dec 2009 18:00:36 -0600
Subject: [PATCH 123/123] dma-debug: Do not add notifier when dma debugging is disabled.

If CONFIG_HAVE_DMA_API_DEBUG is defined and "dma_debug=off" is
specified on the kernel command line, when you detach a driver from a
device you can cause the following NULL pointer dereference:

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<c0580d35>] dma_debug_device_change+0x5d/0x117

The problem is that the dma_debug_device_change notifier function is
added to the bus notifier chain even though the dma_entry_hash array
was never initialized.  If dma debugging is disabled, this patch both
prevents dma_debug_device_change notifiers from being added to the
chain, and additionally ensures that the dma_debug_device_change
notifier function is a no-op.

Signed-off-by: Shaun Ruffell <sruffell@digium.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
 lib/dma-debug.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/lib/dma-debug.c b/lib/dma-debug.c
index d9b08e0..7399744 100644
--- a/lib/dma-debug.c
+++ b/lib/dma-debug.c
@@ -676,6 +676,8 @@ static int dma_debug_device_change(struct notifier_block *nb,
 	struct device *dev = data;
 	int count;
 
+	if (global_disable)
+		return;
 
 	switch (action) {
 	case BUS_NOTIFY_UNBOUND_DRIVER:
@@ -697,6 +699,9 @@ void dma_debug_add_bus(struct bus_type *bus)
 {
 	struct notifier_block *nb;
 
+	if (global_disable)
+		return;
+
 	nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL);
 	if (nb == NULL) {
 		pr_err("dma_debug_add_bus: out of memory\n");
-- 
1.6.5.4