[PATCH RESEND] leds: netxbig: fix oops at probe time

[PATCH RESEND] leds: netxbig: fix oops at probe time

[Simon Guinot]

This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to
this bug, a kernel oops can be observed at probe time on the LaCie 2Big
and 5Big v2 boards:

Unable to handle kernel NULL pointer dereference at virtual address 00000008
[...]
[<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c)
[<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c)
[<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90)
[<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94)
[<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc)
[<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8)
[<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc)
[<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4)
[<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec)
[<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24)
[...]

This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1
("leds: netxbig: fix attribute-creation race").

Signed-off-by: Simon Guinot <simon.guinot@sequanux.org>
Cc: <stable@vger.kernel.org> # 3.17+
Acked-by: Johan Hovold <johan@kernel.org>
---
 drivers/leds/leds-netxbig.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/leds/leds-netxbig.c b/drivers/leds/leds-netxbig.c
index 64fde485dcaa..4c794f15a57f 100644
--- a/drivers/leds/leds-netxbig.c
+++ b/drivers/leds/leds-netxbig.c
@@ -330,18 +330,18 @@ create_netxbig_led(struct platform_device *pdev,
 	led_dat->sata = 0;
 	led_dat->cdev.brightness = LED_OFF;
 	led_dat->cdev.flags |= LED_CORE_SUSPENDRESUME;
-	/*
-	 * If available, expose the SATA activity blink capability through
-	 * a "sata" sysfs attribute.
-	 */
-	if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE)
-		led_dat->cdev.groups = netxbig_led_groups;
 	led_dat->mode_addr = template->mode_addr;
 	led_dat->mode_val = template->mode_val;
 	led_dat->bright_addr = template->bright_addr;
 	led_dat->bright_max = (1 << pdata->gpio_ext->num_data) - 1;
 	led_dat->timer = pdata->timer;
 	led_dat->num_timer = pdata->num_timer;
+	/*
+	 * If available, expose the SATA activity blink capability through
+	 * a "sata" sysfs attribute.
+	 */
+	if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE)
+		led_dat->cdev.groups = netxbig_led_groups;
 
 	return led_classdev_register(&pdev->dev, &led_dat->cdev);
 }
-- 
2.1.1

[PATCH RESEND] leds: netxbig: fix oops at probe time

[Simon Guinot]

This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to
this bug, a kernel oops can be observed at probe time on the LaCie 2Big
and 5Big v2 boards:

Unable to handle kernel NULL pointer dereference at virtual address 00000008
[...]
[<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c)
[<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c)
[<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90)
[<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94)
[<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc)
[<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8)
[<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc)
[<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4)
[<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec)
[<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24)
[...]

This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1
("leds: netxbig: fix attribute-creation race").

Signed-off-by: Simon Guinot <simon.guinot@sequanux.org>
Cc: <stable@vger.kernel.org> # 3.17+
Acked-by: Johan Hovold <johan@kernel.org>
---
 drivers/leds/leds-netxbig.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/leds/leds-netxbig.c b/drivers/leds/leds-netxbig.c
index 64fde485dcaa..4c794f15a57f 100644
--- a/drivers/leds/leds-netxbig.c
+++ b/drivers/leds/leds-netxbig.c
@@ -330,18 +330,18 @@ create_netxbig_led(struct platform_device *pdev,
 	led_dat->sata = 0;
 	led_dat->cdev.brightness = LED_OFF;
 	led_dat->cdev.flags |= LED_CORE_SUSPENDRESUME;
-	/*
-	 * If available, expose the SATA activity blink capability through
-	 * a "sata" sysfs attribute.
-	 */
-	if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE)
-		led_dat->cdev.groups = netxbig_led_groups;
 	led_dat->mode_addr = template->mode_addr;
 	led_dat->mode_val = template->mode_val;
 	led_dat->bright_addr = template->bright_addr;
 	led_dat->bright_max = (1 << pdata->gpio_ext->num_data) - 1;
 	led_dat->timer = pdata->timer;
 	led_dat->num_timer = pdata->num_timer;
+	/*
+	 * If available, expose the SATA activity blink capability through
+	 * a "sata" sysfs attribute.
+	 */
+	if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE)
+		led_dat->cdev.groups = netxbig_led_groups;
 
 	return led_classdev_register(&pdev->dev, &led_dat->cdev);
 }
-- 
2.1.1

Re: [PATCH RESEND] leds: netxbig: fix oops at probe time

[Andrew Lunn]

On Tue, Dec 23, 2014 at 05:39:24PM +0100, Simon Guinot wrote:
> This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to
> this bug, a kernel oops can be observed at probe time on the LaCie 2Big
> and 5Big v2 boards:
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000008
> [...]
> [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c)
> [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c)
> [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90)
> [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94)
> [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc)
> [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8)
> [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc)
> [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4)
> [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec)
> [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24)
> [...]
> 
> This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1
> ("leds: netxbig: fix attribute-creation race").
> 
> Signed-off-by: Simon Guinot <simon.guinot@sequanux.org>
> Cc: <stable@vger.kernel.org> # 3.17+
> Acked-by: Johan Hovold <johan@kernel.org>

Hi Bryan, Richard

Simon has asked that this be taken via mvebu, since there has not been
any response from the LED maintainers. I will queue it up as part of
my next set of fixes for -rc3, and Cc: you on the pull request.

If this is not O.K. with you, please let me know.

Thanks
	Andrew

> ---
>  drivers/leds/leds-netxbig.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/leds/leds-netxbig.c b/drivers/leds/leds-netxbig.c
> index 64fde485dcaa..4c794f15a57f 100644
> --- a/drivers/leds/leds-netxbig.c
> +++ b/drivers/leds/leds-netxbig.c
> @@ -330,18 +330,18 @@ create_netxbig_led(struct platform_device *pdev,
>  	led_dat->sata = 0;
>  	led_dat->cdev.brightness = LED_OFF;
>  	led_dat->cdev.flags |= LED_CORE_SUSPENDRESUME;
> -	/*
> -	 * If available, expose the SATA activity blink capability through
> -	 * a "sata" sysfs attribute.
> -	 */
> -	if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE)
> -		led_dat->cdev.groups = netxbig_led_groups;
>  	led_dat->mode_addr = template->mode_addr;
>  	led_dat->mode_val = template->mode_val;
>  	led_dat->bright_addr = template->bright_addr;
>  	led_dat->bright_max = (1 << pdata->gpio_ext->num_data) - 1;
>  	led_dat->timer = pdata->timer;
>  	led_dat->num_timer = pdata->num_timer;
> +	/*
> +	 * If available, expose the SATA activity blink capability through
> +	 * a "sata" sysfs attribute.
> +	 */
> +	if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE)
> +		led_dat->cdev.groups = netxbig_led_groups;
>  
>  	return led_classdev_register(&pdev->dev, &led_dat->cdev);
>  }
> -- 
> 2.1.1
> 

[PATCH RESEND] leds: netxbig: fix oops at probe time

[Andrew Lunn]

On Tue, Dec 23, 2014 at 05:39:24PM +0100, Simon Guinot wrote:
> This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to
> this bug, a kernel oops can be observed at probe time on the LaCie 2Big
> and 5Big v2 boards:
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000008
> [...]
> [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c)
> [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c)
> [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90)
> [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94)
> [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc)
> [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8)
> [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc)
> [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4)
> [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec)
> [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24)
> [...]
> 
> This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1
> ("leds: netxbig: fix attribute-creation race").
> 
> Signed-off-by: Simon Guinot <simon.guinot@sequanux.org>
> Cc: <stable@vger.kernel.org> # 3.17+
> Acked-by: Johan Hovold <johan@kernel.org>

Hi Bryan, Richard

Simon has asked that this be taken via mvebu, since there has not been
any response from the LED maintainers. I will queue it up as part of
my next set of fixes for -rc3, and Cc: you on the pull request.

If this is not O.K. with you, please let me know.

Thanks
	Andrew

> ---
>  drivers/leds/leds-netxbig.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/leds/leds-netxbig.c b/drivers/leds/leds-netxbig.c
> index 64fde485dcaa..4c794f15a57f 100644
> --- a/drivers/leds/leds-netxbig.c
> +++ b/drivers/leds/leds-netxbig.c
> @@ -330,18 +330,18 @@ create_netxbig_led(struct platform_device *pdev,
>  	led_dat->sata = 0;
>  	led_dat->cdev.brightness = LED_OFF;
>  	led_dat->cdev.flags |= LED_CORE_SUSPENDRESUME;
> -	/*
> -	 * If available, expose the SATA activity blink capability through
> -	 * a "sata" sysfs attribute.
> -	 */
> -	if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE)
> -		led_dat->cdev.groups = netxbig_led_groups;
>  	led_dat->mode_addr = template->mode_addr;
>  	led_dat->mode_val = template->mode_val;
>  	led_dat->bright_addr = template->bright_addr;
>  	led_dat->bright_max = (1 << pdata->gpio_ext->num_data) - 1;
>  	led_dat->timer = pdata->timer;
>  	led_dat->num_timer = pdata->num_timer;
> +	/*
> +	 * If available, expose the SATA activity blink capability through
> +	 * a "sata" sysfs attribute.
> +	 */
> +	if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE)
> +		led_dat->cdev.groups = netxbig_led_groups;
>  
>  	return led_classdev_register(&pdev->dev, &led_dat->cdev);
>  }
> -- 
> 2.1.1
>