From: "Michael Walle" <mwalle@kernel.org>
To: "Khairul Anuar Romli" <khairul.anuar.romli@altera.com>,
"Tudor Ambarus" <tudor.ambarus@linaro.org>,
"Pratyush Yadav" <pratyush@kernel.org>,
"Miquel Raynal" <miquel.raynal@bootlin.com>,
"Richard Weinberger" <richard@nod.at>,
"Vignesh Raghavendra" <vigneshr@ti.com>,
"open list:SPI NOR SUBSYSTEM" <linux-mtd@lists.infradead.org>,
"open list" <linux-kernel@vger.kernel.org>,
"Matthew Gerlach" <matthew.gerlach@altera.com>
Subject: Re: [PATCH v3 1/1] mtd: spi-nor: core: Prevent oops during driver removal with active read or write operations
Date: Wed, 30 Jul 2025 09:30:06 +0200 [thread overview]
Message-ID: <DBP7P3RWX17B.14Q27IBS3T3FL@kernel.org> (raw)
In-Reply-To: <566fc1168db723672ab0bc6482ec7b72b4b8fe2b.1753839339.git.khairul.anuar.romli@altera.com>
[-- Attachment #1.1: Type: text/plain, Size: 5141 bytes --]
Hi,
On Wed Jul 30, 2025 at 3:39 AM CEST, Khairul Anuar Romli wrote:
> From: kromli <khairul.anuar.romli@altera.com>
>
> Ensure that the pointer passed to module_put() in spi_nor_put_device() is
> not NULL before use. This change adds a guard clause to return early,
> preventing the kernel crash below when the cadence-qspi driver is removed
> during a dd operation:
As already asked in v2. This needs a (more detailed) description
what is going on and what is going wrong.
-michael
> [ 200.448732] Unable to handle kernel NULL pointer deref
> erence at virtual address 0000000000000010
> [ 200.457576] Mem abort info:
> [ 200.460370] ESR = 0x0000000096000004
> [ 200.464136] EC = 0x25: DABT (current EL), IL = 32 bits
> [ 200.469527] SET = 0, FnV = 0
> [ 200.472609] EA = 0, S1PTW = 0
> [ 200.475904] FSC = 0x04: level 0 translation fault
> [ 200.480786] Data abort info:
> [ 200.483659] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
> [ 200.489141] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
> [ 200.494189] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
> [ 200.499500] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000185df8000
> [ 200.505932] [0000000000000010] pgd=0000000000000000, p4d=0000000000000000
> [ 200.512720] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
> [ 200.518968] Modules linked in: 8021q garp mrp stp llc bluetooth ecdh_generic
> ecc rfkill crct10dif_ce rtc_ds1307 at24 stratix10_soc soc64_hwmon gpio_altera of
> _fpga_region fpga_region fpga_bridge uio_pdrv_genirq uio fuse drm backlight ipv6
> [ 200.540016] CPU: 0 UID: 0 PID: 372 Comm: dd Not tainted 6.12.19-altera-gb6b26
> c4179a6 #1
> [ 200.547996] Hardware name: SoCFPGA Stratix 10 SoCDK (DT)
> [ 200.553292] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [ 200.560234] pc : spi_nor_put_device+0x30/0x60
> [ 200.564594] lr : __put_mtd_device+0x8c/0x120
> [ 200.568856] sp : ffff80008411bc20
> [ 200.572161] x29: ffff80008411bc20 x28: ffff000185e2c500 x27: 0000000000000000
> [ 200.579282] x26: 0000000000000000 x25: ffff000185e2cb00 x24: ffff000185e2cc88
> [ 200.586404] x23: ffff00018034c620 x22: 0000000000000001 x21: ffff00018873e080
> [ 200.593524] x20: 0000000000000000 x19: ffff00018873e080 x18: ffffffffffffffff
> [ 200.600645] x17: 0030393d524f4a41 x16: 4d0064746d3d4d45 x15: ffff000185757700
> [ 200.607767] x14: 0000000000000000 x13: ffff000180045010 x12: ffff0001857576c0
> [ 200.614888] x11: 000000000000003a x10: ffff000180045018 x9 : ffff000180045010
> [ 200.622009] x8 : ffff80008411bb70 x7 : 0000000000000000 x6 : ffff000181325048
> [ 200.629129] x5 : 00000000820001cf x4 : fffffdffc60095e0 x3 : 0000000000000000
> [ 200.636250] x2 : 0000000000000000 x1 : ffff00018873e080 x0 : 0000000000000000
> [ 200.643371] Call trace:
> [ 200.645811] spi_nor_put_device+0x30/0x60
> [ 200.649816] __put_mtd_device+0x8c/0x120
> [ 200.653731] put_mtd_device+0x30/0x48
> [ 200.657387] mtdchar_close+0x30/0x78
> [ 200.660958] __fput+0xc8/0x2d0
> [ 200.664011] ____fput+0x14/0x20
> [ 200.667146] task_work_run+0x70/0xdc
> [ 200.670718] do_exit+0x2b4/0x8e4
> [ 200.673944] do_group_exit+0x34/0x90
> [ 200.677512] pid_child_should_wake+0x0/0x60
> [ 200.681686] invoke_syscall+0x48/0x104
> [ 200.685432] el0_svc_common.constprop.0+0xc0/0xe0
> [ 200.690128] do_el0_svc+0x1c/0x28
> [ 200.693439] el0_svc+0x30/0xcc
> [ 200.696454] dw_mmc ff808000.mmc: Unexpected interrupt latency
> [ 200.696485] el0t_64_sync_handler+0x120/0x12c
> [ 200.706552] el0t_64_sync+0x190/0x194
> [ 200.710213] Code: f9400000 f9417c00 f9402000 f9403400 (f9400800)
> [ 200.716290] ---[ end trace 0000000000000000 ]---
> [ 200.720948] Fixing recursive fault but reboot is needed!
>
> Fixes: be94215be1ab ("mtd: spi-nor: core: Fix an issue of releasing resources during read/write")
> CC: stable@vger.kernel.org # 6.12+
> Signed-off-by: Khairul Anuar Romli <khairul.anuar.romli@altera.com>
> Reviewed-by: Matthew Gerlach <matthew.gerlach@altera.com>
> ---
> Changes in v3:
> - exclude !dev && !dev->driver check in spi_nor_get_device to
> resolve kernel test robot smatchwarnings.
> Changes in v2:
> - Move the null check prior to try_module_get().
> ---
> drivers/mtd/spi-nor/core.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/spi-nor/core.c b/drivers/mtd/spi-nor/core.c
> index ac4b960101cc..eb21d660036b 100644
> --- a/drivers/mtd/spi-nor/core.c
> +++ b/drivers/mtd/spi-nor/core.c
> @@ -3210,6 +3210,9 @@ static int spi_nor_get_device(struct mtd_info *mtd)
> else
> dev = nor->dev;
>
> + if (!dev->driver->owner)
> + return -EINVAL;
> +
> if (!try_module_get(dev->driver->owner))
> return -ENODEV;
>
> @@ -3227,7 +3230,8 @@ static void spi_nor_put_device(struct mtd_info *mtd)
> else
> dev = nor->dev;
>
> - module_put(dev->driver->owner);
> + if (dev && dev->driver && dev->driver->owner)
> + module_put(dev->driver->owner);
> }
>
> static void spi_nor_restore(struct spi_nor *nor)
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 297 bytes --]
[-- Attachment #2: Type: text/plain, Size: 144 bytes --]
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
WARNING: multiple messages have this Message-ID (diff)
From: "Michael Walle" <mwalle@kernel.org>
To: "Khairul Anuar Romli" <khairul.anuar.romli@altera.com>,
"Tudor Ambarus" <tudor.ambarus@linaro.org>,
"Pratyush Yadav" <pratyush@kernel.org>,
"Miquel Raynal" <miquel.raynal@bootlin.com>,
"Richard Weinberger" <richard@nod.at>,
"Vignesh Raghavendra" <vigneshr@ti.com>,
"open list:SPI NOR SUBSYSTEM" <linux-mtd@lists.infradead.org>,
"open list" <linux-kernel@vger.kernel.org>,
"Matthew Gerlach" <matthew.gerlach@altera.com>
Subject: Re: [PATCH v3 1/1] mtd: spi-nor: core: Prevent oops during driver removal with active read or write operations
Date: Wed, 30 Jul 2025 09:30:06 +0200 [thread overview]
Message-ID: <DBP7P3RWX17B.14Q27IBS3T3FL@kernel.org> (raw)
In-Reply-To: <566fc1168db723672ab0bc6482ec7b72b4b8fe2b.1753839339.git.khairul.anuar.romli@altera.com>
[-- Attachment #1: Type: text/plain, Size: 5141 bytes --]
Hi,
On Wed Jul 30, 2025 at 3:39 AM CEST, Khairul Anuar Romli wrote:
> From: kromli <khairul.anuar.romli@altera.com>
>
> Ensure that the pointer passed to module_put() in spi_nor_put_device() is
> not NULL before use. This change adds a guard clause to return early,
> preventing the kernel crash below when the cadence-qspi driver is removed
> during a dd operation:
As already asked in v2. This needs a (more detailed) description
what is going on and what is going wrong.
-michael
> [ 200.448732] Unable to handle kernel NULL pointer deref
> erence at virtual address 0000000000000010
> [ 200.457576] Mem abort info:
> [ 200.460370] ESR = 0x0000000096000004
> [ 200.464136] EC = 0x25: DABT (current EL), IL = 32 bits
> [ 200.469527] SET = 0, FnV = 0
> [ 200.472609] EA = 0, S1PTW = 0
> [ 200.475904] FSC = 0x04: level 0 translation fault
> [ 200.480786] Data abort info:
> [ 200.483659] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
> [ 200.489141] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
> [ 200.494189] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
> [ 200.499500] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000185df8000
> [ 200.505932] [0000000000000010] pgd=0000000000000000, p4d=0000000000000000
> [ 200.512720] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
> [ 200.518968] Modules linked in: 8021q garp mrp stp llc bluetooth ecdh_generic
> ecc rfkill crct10dif_ce rtc_ds1307 at24 stratix10_soc soc64_hwmon gpio_altera of
> _fpga_region fpga_region fpga_bridge uio_pdrv_genirq uio fuse drm backlight ipv6
> [ 200.540016] CPU: 0 UID: 0 PID: 372 Comm: dd Not tainted 6.12.19-altera-gb6b26
> c4179a6 #1
> [ 200.547996] Hardware name: SoCFPGA Stratix 10 SoCDK (DT)
> [ 200.553292] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [ 200.560234] pc : spi_nor_put_device+0x30/0x60
> [ 200.564594] lr : __put_mtd_device+0x8c/0x120
> [ 200.568856] sp : ffff80008411bc20
> [ 200.572161] x29: ffff80008411bc20 x28: ffff000185e2c500 x27: 0000000000000000
> [ 200.579282] x26: 0000000000000000 x25: ffff000185e2cb00 x24: ffff000185e2cc88
> [ 200.586404] x23: ffff00018034c620 x22: 0000000000000001 x21: ffff00018873e080
> [ 200.593524] x20: 0000000000000000 x19: ffff00018873e080 x18: ffffffffffffffff
> [ 200.600645] x17: 0030393d524f4a41 x16: 4d0064746d3d4d45 x15: ffff000185757700
> [ 200.607767] x14: 0000000000000000 x13: ffff000180045010 x12: ffff0001857576c0
> [ 200.614888] x11: 000000000000003a x10: ffff000180045018 x9 : ffff000180045010
> [ 200.622009] x8 : ffff80008411bb70 x7 : 0000000000000000 x6 : ffff000181325048
> [ 200.629129] x5 : 00000000820001cf x4 : fffffdffc60095e0 x3 : 0000000000000000
> [ 200.636250] x2 : 0000000000000000 x1 : ffff00018873e080 x0 : 0000000000000000
> [ 200.643371] Call trace:
> [ 200.645811] spi_nor_put_device+0x30/0x60
> [ 200.649816] __put_mtd_device+0x8c/0x120
> [ 200.653731] put_mtd_device+0x30/0x48
> [ 200.657387] mtdchar_close+0x30/0x78
> [ 200.660958] __fput+0xc8/0x2d0
> [ 200.664011] ____fput+0x14/0x20
> [ 200.667146] task_work_run+0x70/0xdc
> [ 200.670718] do_exit+0x2b4/0x8e4
> [ 200.673944] do_group_exit+0x34/0x90
> [ 200.677512] pid_child_should_wake+0x0/0x60
> [ 200.681686] invoke_syscall+0x48/0x104
> [ 200.685432] el0_svc_common.constprop.0+0xc0/0xe0
> [ 200.690128] do_el0_svc+0x1c/0x28
> [ 200.693439] el0_svc+0x30/0xcc
> [ 200.696454] dw_mmc ff808000.mmc: Unexpected interrupt latency
> [ 200.696485] el0t_64_sync_handler+0x120/0x12c
> [ 200.706552] el0t_64_sync+0x190/0x194
> [ 200.710213] Code: f9400000 f9417c00 f9402000 f9403400 (f9400800)
> [ 200.716290] ---[ end trace 0000000000000000 ]---
> [ 200.720948] Fixing recursive fault but reboot is needed!
>
> Fixes: be94215be1ab ("mtd: spi-nor: core: Fix an issue of releasing resources during read/write")
> CC: stable@vger.kernel.org # 6.12+
> Signed-off-by: Khairul Anuar Romli <khairul.anuar.romli@altera.com>
> Reviewed-by: Matthew Gerlach <matthew.gerlach@altera.com>
> ---
> Changes in v3:
> - exclude !dev && !dev->driver check in spi_nor_get_device to
> resolve kernel test robot smatchwarnings.
> Changes in v2:
> - Move the null check prior to try_module_get().
> ---
> drivers/mtd/spi-nor/core.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/spi-nor/core.c b/drivers/mtd/spi-nor/core.c
> index ac4b960101cc..eb21d660036b 100644
> --- a/drivers/mtd/spi-nor/core.c
> +++ b/drivers/mtd/spi-nor/core.c
> @@ -3210,6 +3210,9 @@ static int spi_nor_get_device(struct mtd_info *mtd)
> else
> dev = nor->dev;
>
> + if (!dev->driver->owner)
> + return -EINVAL;
> +
> if (!try_module_get(dev->driver->owner))
> return -ENODEV;
>
> @@ -3227,7 +3230,8 @@ static void spi_nor_put_device(struct mtd_info *mtd)
> else
> dev = nor->dev;
>
> - module_put(dev->driver->owner);
> + if (dev && dev->driver && dev->driver->owner)
> + module_put(dev->driver->owner);
> }
>
> static void spi_nor_restore(struct spi_nor *nor)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 297 bytes --]
next prev parent reply other threads:[~2025-07-30 7:30 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1753839339.git.khairul.anuar.romli@altera.com>
2025-07-30 1:39 ` [PATCH v3 1/1] mtd: spi-nor: core: Prevent oops during driver removal with active read or write operations Khairul Anuar Romli
2025-07-30 1:39 ` Khairul Anuar Romli
2025-07-30 7:30 ` Michael Walle [this message]
2025-07-30 7:30 ` Michael Walle
2025-07-30 7:46 ` Romli, Khairul Anuar
2025-07-30 7:46 ` Romli, Khairul Anuar
[not found] ` < <MN2PR03MB49271E2D022D305BC149BA4FC624A@MN2PR03MB4927.namprd03.prod.outlook.com>
2025-07-30 7:50 ` Michael Walle
2025-07-30 7:50 ` Michael Walle
2025-08-21 0:32 ` Romli, Khairul Anuar
2025-08-21 0:32 ` Romli, Khairul Anuar
[not found] ` < <MN2PR03MB4927D29E06586CCE7D0547FEC632A@MN2PR03MB4927.namprd03.prod.outlook.com>
2025-08-21 6:44 ` Michael Walle
2025-08-21 6:44 ` Michael Walle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DBP7P3RWX17B.14Q27IBS3T3FL@kernel.org \
--to=mwalle@kernel.org \
--cc=khairul.anuar.romli@altera.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=matthew.gerlach@altera.com \
--cc=miquel.raynal@bootlin.com \
--cc=pratyush@kernel.org \
--cc=richard@nod.at \
--cc=tudor.ambarus@linaro.org \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.