From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg KH Subject: Re: [PATCH] driver core: platform: Fix the usage of platform device name(pdev->name) Date: Mon, 29 Apr 2019 19:50:22 +0200 Message-ID: <20190429175022.GB21757@kroah.com> References: <1555978589-4998-1-git-send-email-vnkgutta@codeaurora.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Krzysztof Kozlowski Cc: Venkata Narendra Kumar Gutta , davem@davemloft.net, alexander.deucher@amd.com, tsoni@codeaurora.org, psodagud@codeaurora.org, jshriram@codeaurora.org, linux-kernel@vger.kernel.org, Russell King , Liviu Dudau , Sudeep Holla , Lorenzo Pieralisi , linux-mmc@vger.kernel.org, linux-arm-kernel@lists.infradead.org List-Id: linux-mmc@vger.kernel.org On Mon, Apr 29, 2019 at 05:07:56PM +0200, Krzysztof Kozlowski wrote: > On Tue, 23 Apr 2019 at 05:36, Venkata Narendra Kumar Gutta > wrote: > > > > Platform core is using pdev->name as the platform device name to do > > the binding of the devices with the drivers. But, when the platform > > driver overrides the platform device name with dev_set_name(), > > the pdev->name is pointing to a location which is freed and becomes > > If pdev->name is invalid then it should be removed/fixed. Why leaving > it pointing to wrong place and changing the users to something else? > This looks like either duct-tape for real problem. > > > an invalid parameter to do the binding match. > > > > use-after-free instance: > > > > [ 33.325013] BUG: KASAN: use-after-free in strcmp+0x8c/0xb0 > > [ 33.330646] Read of size 1 at addr ffffffc10beae600 by task modprobe > > [ 33.339068] CPU: 5 PID: 518 Comm: modprobe Tainted: > > G S W O 4.19.30+ #3 > > [ 33.346835] Hardware name: MTP (DT) > > [ 33.350419] Call trace: > > [ 33.352941] dump_backtrace+0x0/0x3b8 > > [ 33.356713] show_stack+0x24/0x30 > > [ 33.360119] dump_stack+0x160/0x1d8 > > [ 33.363709] print_address_description+0x84/0x2e0 > > [ 33.368549] kasan_report+0x26c/0x2d0 > > [ 33.372322] __asan_report_load1_noabort+0x2c/0x38 > > [ 33.377248] strcmp+0x8c/0xb0 > > [ 33.380306] platform_match+0x70/0x1f8 > > [ 33.384168] __driver_attach+0x78/0x3a0 > > [ 33.388111] bus_for_each_dev+0x13c/0x1b8 > > [ 33.392237] driver_attach+0x4c/0x58 > > [ 33.395910] bus_add_driver+0x350/0x560 > > [ 33.399854] driver_register+0x23c/0x328 > > [ 33.403886] __platform_driver_register+0xd0/0xe0 > > > > So, use dev_name(&pdev->dev), which fetches the platform device name from > > the kobject(dev->kobj->name) of the device instead of the pdev->name. > > > > Signed-off-by: Venkata Narendra Kumar Gutta > > --- > > drivers/base/platform.c | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/base/platform.c b/drivers/base/platform.c > > index dab0a5a..0e23aa2 100644 > > --- a/drivers/base/platform.c > > +++ b/drivers/base/platform.c > > @@ -888,7 +888,7 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *a, > > if (len != -ENODEV) > > return len; > > > > - len = snprintf(buf, PAGE_SIZE, "platform:%s\n", pdev->name); > > + len = snprintf(buf, PAGE_SIZE, "platform:%s\n", dev_name(&pdev->dev)); > > > > return (len >= PAGE_SIZE) ? (PAGE_SIZE - 1) : len; > > } > > @@ -964,7 +964,7 @@ static int platform_uevent(struct device *dev, struct kobj_uevent_env *env) > > return rc; > > > > add_uevent_var(env, "MODALIAS=%s%s", PLATFORM_MODULE_PREFIX, > > - pdev->name); > > + dev_name(&pdev->dev)); > > This is wrong fix and it causes ARM Vexpress board fail to boot under > QEMU (but probably in real world as well). The problem is in not > mached drivers. For example the pdev->name is "vexpress-syscfg" and > dev_name(&pdev->dev) is "vexpress-syscfg.6.auto". The effect - none of > AMBA devices are registered, including missing MMC device (mmci.c, > arm,pl180). > > One can see the error of missing root device: > [ 13.458982] VFS: Cannot open root device "mmcblk0" or > unknown-block(0,0): error -6 > > ... also before there is a warning like: > [ 0.285029] ------------[ cut here ]------------ > [ 0.285507] WARNING: CPU: 0 PID: 1 at > /home/krzk/dev/yocto-proceq/build/workspace/sources/linux-mainline-next/drivers/bus/vexpress-config.c:183 > vexpress_config_init+0x90/0xe0 > [ 0.285936] Modules linked in: > [ 0.286251] CPU: 0 PID: 1 Comm: swapper Tainted: G W > 5.1.0-rc6-next-20190429-g0593ae1f5df5 #27 > [ 0.286507] Hardware name: ARM-Versatile Express > [ 0.286977] [<8010e05c>] (unwind_backtrace) from [<8010b76c>] > (show_stack+0x10/0x14) > [ 0.287219] [<8010b76c>] (show_stack) from [<8011ac64>] (__warn+0xf8/0x110) > [ 0.287400] [<8011ac64>] (__warn) from [<8011ad94>] > (warn_slowpath_null+0x40/0x48) > [ 0.287579] [<8011ad94>] (warn_slowpath_null) from [<809151bc>] > (vexpress_config_init+0x90/0xe0) > [ 0.287811] [<809151bc>] (vexpress_config_init) from [<80102710>] > (do_one_initcall+0x54/0x1b4) > [ 0.288014] [<80102710>] (do_one_initcall) from [<80900e84>] > (kernel_init_freeable+0x12c/0x1c8) > [ 0.288214] [<80900e84>] (kernel_init_freeable) from [<80634048>] > (kernel_init+0x8/0x110) > [ 0.288388] [<80634048>] (kernel_init) from [<801010e8>] > (ret_from_fork+0x14/0x2c) > [ 0.288597] Exception stack(0x86835fb0 to 0x86835ff8) > [ 0.288882] 5fa0: 00000000 > 00000000 00000000 00000000 > [ 0.289193] 5fc0: 00000000 00000000 00000000 00000000 00000000 > 00000000 00000000 00000000 > [ 0.289479] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 > [ 0.289776] ---[ end trace 3f0995a2bae83983 ]--- Ick, that's not good, I've now reverted this patch from my tree, thanks for letting me know. greg k-h From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57E9FC43219 for ; Mon, 29 Apr 2019 17:50:35 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 251B42087B for ; Mon, 29 Apr 2019 17:50:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="KIHNKyhe"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="Oywe6CyI" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 251B42087B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=FMn1kiUMYqNeDQ9SO62x0NcPifNW5F5+2xvyVwXv7pk=; b=KIHNKyheH4jV/k ldk+71us8btGTXlWe+PQkSOxBoOl+sZk3rpGz3vNkMAQtxAavVhhLyFdz2FT3IlbUVgcNjsDlawKQ DbUUtFTnXs7IH/lNWvjikOlATiW+NP3q3aDOVOIAPyILvtGmk2gxyks/SqizRGnNWyboHZoXpxA1G CA7mgZ6kq12HlZzdML41ab9ho415mCmBfdhw58zqQvgh5uEWPGSqZqlhDz9/9k2MdQlHl7R31SaV0 S6DB6FHVwPD0Musmqr+7YcvHgi5U+3kyxK5k888dGOZtjjPjUVMGO6K3kSz4FHWV0zpKj1aF0dz9k gfQm8t5jtDR70mFFLfoA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hLAQ7-0003uG-Vi; Mon, 29 Apr 2019 17:50:27 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hLAQ4-0003ti-Fu for linux-arm-kernel@lists.infradead.org; Mon, 29 Apr 2019 17:50:25 +0000 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9D5E32087B; Mon, 29 Apr 2019 17:50:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556560224; bh=yxChAYiU/YL3D5H4BnSnqXUynWtFGwWprVZ0YhYmTGk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Oywe6CyITKsV6cgAiskNlTfC8QbsQ0ol7Rb6n81m6wATNA5YKA4uMkouLC9c1ItHG 9jySRzfKSKhvCZj2aqLPpMuVy+fJWHcPxD1wtIAGHlc3HmrwtZ96k3EZbpffBAJOsT o7Ctm3ss4HaqHhH7QUIrNaAz7PVlurJFUb98dRFc= Date: Mon, 29 Apr 2019 19:50:22 +0200 From: Greg KH To: Krzysztof Kozlowski Subject: Re: [PATCH] driver core: platform: Fix the usage of platform device name(pdev->name) Message-ID: <20190429175022.GB21757@kroah.com> References: <1555978589-4998-1-git-send-email-vnkgutta@codeaurora.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.4 (2019-03-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190429_105024_565685_492D4DE3 X-CRM114-Status: GOOD ( 25.33 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: tsoni@codeaurora.org, Lorenzo Pieralisi , jshriram@codeaurora.org, Liviu Dudau , Venkata Narendra Kumar Gutta , linux-kernel@vger.kernel.org, Russell King , Sudeep Holla , alexander.deucher@amd.com, linux-mmc@vger.kernel.org, psodagud@codeaurora.org, davem@davemloft.net, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Apr 29, 2019 at 05:07:56PM +0200, Krzysztof Kozlowski wrote: > On Tue, 23 Apr 2019 at 05:36, Venkata Narendra Kumar Gutta > wrote: > > > > Platform core is using pdev->name as the platform device name to do > > the binding of the devices with the drivers. But, when the platform > > driver overrides the platform device name with dev_set_name(), > > the pdev->name is pointing to a location which is freed and becomes > > If pdev->name is invalid then it should be removed/fixed. Why leaving > it pointing to wrong place and changing the users to something else? > This looks like either duct-tape for real problem. > > > an invalid parameter to do the binding match. > > > > use-after-free instance: > > > > [ 33.325013] BUG: KASAN: use-after-free in strcmp+0x8c/0xb0 > > [ 33.330646] Read of size 1 at addr ffffffc10beae600 by task modprobe > > [ 33.339068] CPU: 5 PID: 518 Comm: modprobe Tainted: > > G S W O 4.19.30+ #3 > > [ 33.346835] Hardware name: MTP (DT) > > [ 33.350419] Call trace: > > [ 33.352941] dump_backtrace+0x0/0x3b8 > > [ 33.356713] show_stack+0x24/0x30 > > [ 33.360119] dump_stack+0x160/0x1d8 > > [ 33.363709] print_address_description+0x84/0x2e0 > > [ 33.368549] kasan_report+0x26c/0x2d0 > > [ 33.372322] __asan_report_load1_noabort+0x2c/0x38 > > [ 33.377248] strcmp+0x8c/0xb0 > > [ 33.380306] platform_match+0x70/0x1f8 > > [ 33.384168] __driver_attach+0x78/0x3a0 > > [ 33.388111] bus_for_each_dev+0x13c/0x1b8 > > [ 33.392237] driver_attach+0x4c/0x58 > > [ 33.395910] bus_add_driver+0x350/0x560 > > [ 33.399854] driver_register+0x23c/0x328 > > [ 33.403886] __platform_driver_register+0xd0/0xe0 > > > > So, use dev_name(&pdev->dev), which fetches the platform device name from > > the kobject(dev->kobj->name) of the device instead of the pdev->name. > > > > Signed-off-by: Venkata Narendra Kumar Gutta > > --- > > drivers/base/platform.c | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/base/platform.c b/drivers/base/platform.c > > index dab0a5a..0e23aa2 100644 > > --- a/drivers/base/platform.c > > +++ b/drivers/base/platform.c > > @@ -888,7 +888,7 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *a, > > if (len != -ENODEV) > > return len; > > > > - len = snprintf(buf, PAGE_SIZE, "platform:%s\n", pdev->name); > > + len = snprintf(buf, PAGE_SIZE, "platform:%s\n", dev_name(&pdev->dev)); > > > > return (len >= PAGE_SIZE) ? (PAGE_SIZE - 1) : len; > > } > > @@ -964,7 +964,7 @@ static int platform_uevent(struct device *dev, struct kobj_uevent_env *env) > > return rc; > > > > add_uevent_var(env, "MODALIAS=%s%s", PLATFORM_MODULE_PREFIX, > > - pdev->name); > > + dev_name(&pdev->dev)); > > This is wrong fix and it causes ARM Vexpress board fail to boot under > QEMU (but probably in real world as well). The problem is in not > mached drivers. For example the pdev->name is "vexpress-syscfg" and > dev_name(&pdev->dev) is "vexpress-syscfg.6.auto". The effect - none of > AMBA devices are registered, including missing MMC device (mmci.c, > arm,pl180). > > One can see the error of missing root device: > [ 13.458982] VFS: Cannot open root device "mmcblk0" or > unknown-block(0,0): error -6 > > ... also before there is a warning like: > [ 0.285029] ------------[ cut here ]------------ > [ 0.285507] WARNING: CPU: 0 PID: 1 at > /home/krzk/dev/yocto-proceq/build/workspace/sources/linux-mainline-next/drivers/bus/vexpress-config.c:183 > vexpress_config_init+0x90/0xe0 > [ 0.285936] Modules linked in: > [ 0.286251] CPU: 0 PID: 1 Comm: swapper Tainted: G W > 5.1.0-rc6-next-20190429-g0593ae1f5df5 #27 > [ 0.286507] Hardware name: ARM-Versatile Express > [ 0.286977] [<8010e05c>] (unwind_backtrace) from [<8010b76c>] > (show_stack+0x10/0x14) > [ 0.287219] [<8010b76c>] (show_stack) from [<8011ac64>] (__warn+0xf8/0x110) > [ 0.287400] [<8011ac64>] (__warn) from [<8011ad94>] > (warn_slowpath_null+0x40/0x48) > [ 0.287579] [<8011ad94>] (warn_slowpath_null) from [<809151bc>] > (vexpress_config_init+0x90/0xe0) > [ 0.287811] [<809151bc>] (vexpress_config_init) from [<80102710>] > (do_one_initcall+0x54/0x1b4) > [ 0.288014] [<80102710>] (do_one_initcall) from [<80900e84>] > (kernel_init_freeable+0x12c/0x1c8) > [ 0.288214] [<80900e84>] (kernel_init_freeable) from [<80634048>] > (kernel_init+0x8/0x110) > [ 0.288388] [<80634048>] (kernel_init) from [<801010e8>] > (ret_from_fork+0x14/0x2c) > [ 0.288597] Exception stack(0x86835fb0 to 0x86835ff8) > [ 0.288882] 5fa0: 00000000 > 00000000 00000000 00000000 > [ 0.289193] 5fc0: 00000000 00000000 00000000 00000000 00000000 > 00000000 00000000 00000000 > [ 0.289479] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 > [ 0.289776] ---[ end trace 3f0995a2bae83983 ]--- Ick, that's not good, I've now reverted this patch from my tree, thanks for letting me know. greg k-h _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel