Re: [PATCH] gpio / ACPI: Don't crash on NULL chip->dev

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sabrina Dubroca <sd@queasysnail.net>
To: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Linus Walleij <linus.walleij@linaro.org>,
	Alexandre Courbot <gnurou@gmail.com>,
	linux-gpio@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] gpio / ACPI: Don't crash on NULL chip->dev
Date: Mon, 31 Mar 2014 18:25:47 +0200	[thread overview]
Message-ID: <20140331162547.GA25802@kria> (raw)
In-Reply-To: <1396268209-19108-1-git-send-email-mika.westerberg@linux.intel.com>

2014-03-31, 15:16:49 +0300, Mika Westerberg wrote:
> Commit aa92b6f689ac (gpio / ACPI: Allocate ACPI specific data directly in
> acpi_gpiochip_add()) moved ACPI handle checking to acpi_gpiochip_add() but
> forgot to check whether chip->dev is NULL before dereferencing it.
> 
> Since chip->dev pointer is optional we can end up with crash like following:
> 
>  BUG: unable to handle kernel NULL pointer dereference at 00000138
>  IP: [<c126c2b3>] acpi_gpiochip_add+0x13/0x190
>  *pde = 00000000
>  Oops: 0000 [#1] PREEMPT SMP
>  Modules linked in: ssb(+) ...
>  CPU: 0 PID: 512 Comm: modprobe Tainted: G        W     3.14.0-rc7-next-20140324-t1 #24
>  Hardware name: Dell Inc. Latitude D830                   /0UY141, BIOS A02 06/07/2007
>  task: f5799900 ti: f543e000 task.ti: f543e000
>  EIP: 0060:[<c126c2b3>] EFLAGS: 00010282 CPU: 0
>  EIP is at acpi_gpiochip_add+0x13/0x190
>  EAX: 00000000 EBX: f57824c4 ECX: 00000000 EDX: 00000000
>  ESI: f57824c4 EDI: 00000010 EBP: f543fc54 ESP: f543fc40
>   DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
>  CR0: 8005003b CR2: 00000138 CR3: 355f8000 CR4: 000007d0
>  Stack:
>   f543fc5c fd1f7790 f57824c4 000000be 00000010 f543fc84 c1269f4e f543fc74
>   fd1f78bd 00008002 f57822b0 f5782090 fd1f8400 00000286 fd1f9994 00000000
>   f5782000 f543fc8c fd1f7e39 f543fcc8 fd1f0bd8 000000c0 00000000 00000000
>  Call Trace:
>   [<fd1f7790>] ? ssb_pcie_mdio_write+0xa0/0xd0 [ssb]
>   [<c1269f4e>] gpiochip_add+0xee/0x300
>   [<fd1f78bd>] ? ssb_pcicore_serdes_workaround+0xfd/0x140 [ssb]
>   [<fd1f7e39>] ssb_gpio_init+0x89/0xa0 [ssb]
>   [<fd1f0bd8>] ssb_attach_queued_buses+0xc8/0x2d0 [ssb]
>   [<fd1f0f65>] ssb_bus_register+0x185/0x1f0 [ssb]
>   [<fd1f3120>] ? ssb_pci_xtal+0x220/0x220 [ssb]
>   [<fd1f106c>] ssb_bus_pcibus_register+0x2c/0x80 [ssb]
>   [<fd1f40dc>] ssb_pcihost_probe+0x9c/0x110 [ssb]
>   [<c1276c8f>] pci_device_probe+0x6f/0xc0
>   [<c11bdb55>] ? sysfs_create_link+0x25/0x40
>   [<c131d8b9>] driver_probe_device+0x79/0x360
>   [<c1276512>] ? pci_match_device+0xb2/0xc0
>   [<c131dc51>] __driver_attach+0x71/0x80
>   [<c131dbe0>] ? __device_attach+0x40/0x40
>   [<c131bd87>] bus_for_each_dev+0x47/0x80
>   [<c131d3ae>] driver_attach+0x1e/0x20
>   [<c131dbe0>] ? __device_attach+0x40/0x40
>   [<c131d007>] bus_add_driver+0x157/0x230
>   [<c131e219>] driver_register+0x59/0xe0
>   ...
> 
> Fix this by checking chip->dev pointer against NULL first. Also we can now
> remove redundant check in acpi_gpiochip_request/free_interrupts().
> 
> Reported-by: Sabrina Dubroca <sd@queasysnail.net>
> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
> ---
> Sabrina,
> 
> Can you please re-test this and provide your tested-by? I changed the patch
> a bit to remove redundant checks. Just to be sure that I don't accidentally
> break something.
> 
> Thanks.

Everything looks good.

Tested-by: Sabrina Dubroca <sd@queasysnail.net>


Thanks,
-- 
Sabrina

next prev parent reply	other threads:[~2014-03-31 16:26 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-31 12:16 [PATCH] gpio / ACPI: Don't crash on NULL chip->dev Mika Westerberg
2014-03-31 16:25 ` Sabrina Dubroca [this message]
2014-03-31 19:33 ` Alexandre Courbot
2014-04-10 16:06 ` Linus Walleij

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140331162547.GA25802@kria \
    --to=sd@queasysnail.net \
    --cc=gnurou@gmail.com \
    --cc=linus.walleij@linaro.org \
    --cc=linux-gpio@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mika.westerberg@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.