From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Yihang Li <liyihang9@huawei.com>,
Xingui Yang <yangxingui@huawei.com>,
Xiang Chen <chenxiang66@hisilicon.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
jejb@linux.ibm.com, linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 6.6 10/36] scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
Date: Tue, 7 Nov 2023 10:45:52 -0500 [thread overview]
Message-ID: <20231107154654.3765336-10-sashal@kernel.org> (raw)
In-Reply-To: <20231107154654.3765336-1-sashal@kernel.org>
From: Yihang Li <liyihang9@huawei.com>
[ Upstream commit 6de426f9276c448e2db7238911c97fb157cb23be ]
If init debugfs failed during device registration due to memory allocation
failure, debugfs_remove_recursive() is called, after which debugfs_dir is
not set to NULL. debugfs_remove_recursive() will be called again during
device removal. As a result, illegal pointer is accessed.
[ 1665.467244] hisi_sas_v3_hw 0000:b4:02.0: failed to init debugfs!
...
[ 1669.836708] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0
[ 1669.872669] pc : down_write+0x24/0x70
[ 1669.876315] lr : down_write+0x1c/0x70
[ 1669.879961] sp : ffff000036f53a30
[ 1669.883260] x29: ffff000036f53a30 x28: ffffa027c31549f8
[ 1669.888547] x27: ffffa027c3140000 x26: 0000000000000000
[ 1669.893834] x25: ffffa027bf37c270 x24: ffffa027bf37c270
[ 1669.899122] x23: ffff0000095406b8 x22: ffff0000095406a8
[ 1669.904408] x21: 0000000000000000 x20: ffffa027bf37c310
[ 1669.909695] x19: 00000000000000a0 x18: ffff8027dcd86f10
[ 1669.914982] x17: 0000000000000000 x16: 0000000000000000
[ 1669.920268] x15: 0000000000000000 x14: ffffa0274014f870
[ 1669.925555] x13: 0000000000000040 x12: 0000000000000228
[ 1669.930842] x11: 0000000000000020 x10: 0000000000000bb0
[ 1669.936129] x9 : ffff000036f537f0 x8 : ffff80273088ca10
[ 1669.941416] x7 : 000000000000001d x6 : 00000000ffffffff
[ 1669.946702] x5 : ffff000008a36310 x4 : ffff80273088be00
[ 1669.951989] x3 : ffff000009513e90 x2 : 0000000000000000
[ 1669.957276] x1 : 00000000000000a0 x0 : ffffffff00000001
[ 1669.962563] Call trace:
[ 1669.965000] down_write+0x24/0x70
[ 1669.968301] debugfs_remove_recursive+0x5c/0x1b0
[ 1669.972905] hisi_sas_debugfs_exit+0x24/0x30 [hisi_sas_main]
[ 1669.978541] hisi_sas_v3_remove+0x130/0x150 [hisi_sas_v3_hw]
[ 1669.984175] pci_device_remove+0x48/0xd8
[ 1669.988082] device_release_driver_internal+0x1b4/0x250
[ 1669.993282] device_release_driver+0x28/0x38
[ 1669.997534] pci_stop_bus_device+0x84/0xb8
[ 1670.001611] pci_stop_and_remove_bus_device_locked+0x24/0x40
[ 1670.007244] remove_store+0xfc/0x140
[ 1670.010802] dev_attr_store+0x44/0x60
[ 1670.014448] sysfs_kf_write+0x58/0x80
[ 1670.018095] kernfs_fop_write+0xe8/0x1f0
[ 1670.022000] __vfs_write+0x60/0x190
[ 1670.025472] vfs_write+0xac/0x1c0
[ 1670.028771] ksys_write+0x6c/0xd8
[ 1670.032071] __arm64_sys_write+0x24/0x30
[ 1670.035977] el0_svc_common+0x78/0x130
[ 1670.039710] el0_svc_handler+0x38/0x78
[ 1670.043442] el0_svc+0x8/0xc
To fix this, set debugfs_dir to NULL after debugfs_remove_recursive().
Signed-off-by: Yihang Li <liyihang9@huawei.com>
Signed-off-by: Xingui Yang <yangxingui@huawei.com>
Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
Link: https://lore.kernel.org/r/1694571327-78697-2-git-send-email-chenxiang66@hisilicon.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
index bbb64ee6afd7c..089186fe17915 100644
--- a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
+++ b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
@@ -4865,6 +4865,12 @@ static void debugfs_bist_init_v3_hw(struct hisi_hba *hisi_hba)
hisi_hba->debugfs_bist_linkrate = SAS_LINK_RATE_1_5_GBPS;
}
+static void debugfs_exit_v3_hw(struct hisi_hba *hisi_hba)
+{
+ debugfs_remove_recursive(hisi_hba->debugfs_dir);
+ hisi_hba->debugfs_dir = NULL;
+}
+
static void debugfs_init_v3_hw(struct hisi_hba *hisi_hba)
{
struct device *dev = hisi_hba->dev;
@@ -4888,18 +4894,13 @@ static void debugfs_init_v3_hw(struct hisi_hba *hisi_hba)
for (i = 0; i < hisi_sas_debugfs_dump_count; i++) {
if (debugfs_alloc_v3_hw(hisi_hba, i)) {
- debugfs_remove_recursive(hisi_hba->debugfs_dir);
+ debugfs_exit_v3_hw(hisi_hba);
dev_dbg(dev, "failed to init debugfs!\n");
break;
}
}
}
-static void debugfs_exit_v3_hw(struct hisi_hba *hisi_hba)
-{
- debugfs_remove_recursive(hisi_hba->debugfs_dir);
-}
-
static int
hisi_sas_v3_probe(struct pci_dev *pdev, const struct pci_device_id *id)
{
--
2.42.0
next prev parent reply other threads:[~2023-11-07 15:47 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-07 15:45 [PATCH AUTOSEL 6.6 01/36] ASoC: mediatek: mt8188-mt6359: support dynamic pinctrl Sasha Levin
2023-11-07 15:45 ` Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 02/36] ASoC: soc-card: Add storage for PCI SSID Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 03/36] ASoC: SOF: Pass PCI SSID to machine driver Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 04/36] ASoC: Intel: sof_sdw: Copy PCI SSID to struct snd_soc_card Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 05/36] ASoC: cs35l56: Use PCI SSID as the firmware UID Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 06/36] crypto: pcrypt - Fix hungtask for PADATA_RESET Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 07/36] ALSA: scarlett2: Move USB IDs out from device_info struct Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 08/36] ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 09/36] RDMA/hfi1: Use FIELD_GET() to extract Link Width Sasha Levin
2023-11-07 15:45 ` Sasha Levin [this message]
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 11/36] scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool Sasha Levin
2023-11-07 15:45 ` Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 12/36] fs/jfs: Add check for negative db_l2nbperpage Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 13/36] fs/jfs: Add validity check for db_maxag and db_agpref Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 14/36] jfs: fix array-index-out-of-bounds in dbFindLeaf Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 15/36] jfs: fix array-index-out-of-bounds in diAlloc Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 16/36] HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround Sasha Levin
2023-11-07 15:45 ` [PATCH AUTOSEL 6.6 17/36] ARM: 9320/1: fix stack depot IRQ stack filter Sasha Levin
2023-11-07 15:45 ` Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 18/36] ALSA: hda: Fix possible null-ptr-deref when assigning a stream Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 19/36] gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound Sasha Levin
2023-11-07 15:46 ` Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 20/36] PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 21/36] PCI: mvebu: Use FIELD_PREP() with Link Width Sasha Levin
2023-11-07 15:46 ` Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 22/36] atm: iphase: Do PCI error checks on own line Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 23/36] PCI: Do error check on own line to split long "if" conditions Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 24/36] scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 25/36] PCI: Use FIELD_GET() to extract Link Width Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 26/36] PCI: Extract ATS disabling to a helper function Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 27/36] PCI: Disable ATS for specific Intel IPU E2000 devices Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 28/36] PCI: dwc: Add dw_pcie_link_set_max_link_width() Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 29/36] PCI: dwc: Add missing PCI_EXP_LNKCAP_MLW handling Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 30/36] misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 31/36] PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 32/36] ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 33/36] crypto: hisilicon/qm - prevent soft lockup in receive loop Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 34/36] HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 35/36] exfat: support handle zero-size directory Sasha Levin
2023-11-07 15:46 ` [PATCH AUTOSEL 6.6 36/36] mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231107154654.3765336-10-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=chenxiang66@hisilicon.com \
--cc=jejb@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=liyihang9@huawei.com \
--cc=martin.petersen@oracle.com \
--cc=stable@vger.kernel.org \
--cc=yangxingui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.