[PATCH 01/13] coresight: access conn->child_name only if it's initialised

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

From: mathieu.poirier@linaro.org (Mathieu Poirier)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 01/13] coresight: access conn->child_name only if it's initialised
Date: Thu, 30 Jun 2016 10:22:07 -0600	[thread overview]
Message-ID: <1467303739-12543-2-git-send-email-mathieu.poirier@linaro.org> (raw)
In-Reply-To: <1467303739-12543-1-git-send-email-mathieu.poirier@linaro.org>

From: Sudeep Holla <sudeep.holla@arm.com>

If the addition of the coresight devices get deferred, then there's a
window before child_name is populated by of_get_coresight_platform_data
from the respective component driver's probe and the attempted to access
the same from coresight_orphan_match resulting in kernel NULL pointer
dereference as below:

Unable to handle kernel NULL pointer dereference at virtual address 0x0
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 1038 Comm: kworker/0:1 Not tainted 4.7.0-rc3 #124
Hardware name: ARM Juno development board (r2) (DT)
Workqueue: events amba_deferred_retry_func
PC is at strcmp+0x1c/0x160
LR is at coresight_orphan_match+0x7c/0xd0
Call trace:
 strcmp+0x1c/0x160
 bus_for_each_dev+0x60/0xa0
 coresight_register+0x264/0x2e0
 tmc_probe+0x130/0x310
 amba_probe+0xd4/0x1c8
 driver_probe_device+0x22c/0x418
 __device_attach_driver+0xbc/0x158
 bus_for_each_drv+0x58/0x98
 __device_attach+0xc4/0x160
 device_initial_probe+0x10/0x18
 bus_probe_device+0x94/0xa0
 device_add+0x344/0x580
 amba_device_try_add+0x194/0x238
 amba_deferred_retry_func+0x48/0xd0
 process_one_work+0x118/0x378
 worker_thread+0x48/0x498
 kthread+0xd0/0xe8
 ret_from_fork+0x10/0x40

This patch adds a check for non-NULL conn->child_name before accessing
the same.

Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
---
 drivers/hwtracing/coresight/coresight.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c
index d08d1ab9bba5..ceeaaea41ed6 100644
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -725,7 +725,8 @@ static int coresight_orphan_match(struct device *dev, void *data)
 		/* We have found at least one orphan connection */
 		if (conn->child_dev == NULL) {
 			/* Does it match this newly added device? */
-			if (!strcmp(dev_name(&csdev->dev), conn->child_name)) {
+			if (conn->child_name &&
+			    !strcmp(dev_name(&csdev->dev), conn->child_name)) {
 				conn->child_dev = csdev;
 			} else {
 				/* This component still has an orphan */
-- 
2.7.4

next prev parent reply	other threads:[~2016-06-30 16:22 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-30 16:22 [PATCH 00/13] coresight: next v4.7-rc5 Mathieu Poirier
2016-06-30 16:22 ` Mathieu Poirier [this message]
2016-06-30 16:22 ` [PATCH 02/13] coresight-stm: support mmapping channel regions with mmio_addr Mathieu Poirier
2016-06-30 16:22 ` [PATCH 03/13] coresight: always use stashed trace id value in etm4_trace_id Mathieu Poirier
2016-06-30 16:22 ` [PATCH 04/13] coresight: Remove erroneous dma_free_coherent in tmc_probe Mathieu Poirier
2016-06-30 16:22 ` [PATCH 05/13] coresight: Consolidate error handling path for tmc_probe Mathieu Poirier
2016-06-30 16:22 ` [PATCH 06/13] coresight: Fix csdev connections initialisation Mathieu Poirier
2016-06-30 16:22 ` [PATCH 07/13] coresight: tmc: Limit the trace to available data Mathieu Poirier
2016-06-30 16:22 ` [PATCH 08/13] coresight: etmv4: Fix ETMv4x peripheral ID table Mathieu Poirier
2016-06-30 16:22 ` [PATCH 09/13] coresight: Cleanup TMC status check Mathieu Poirier
2016-06-30 16:22 ` [PATCH 10/13] coresight: Add better messages for coresight_timeout Mathieu Poirier
2016-06-30 16:22 ` [PATCH 11/13] coresight: delay initialisation when children are missing Mathieu Poirier
2016-06-30 16:22 ` [PATCH 12/13] coresight: document binding acronyms Mathieu Poirier
2016-06-30 16:22 ` [PATCH 13/13] coresight: add PM runtime calls to coresight_simple_func() Mathieu Poirier

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d08d1ab9bba dfblob:ceeaaea41ed )
 OR (
bs:"[PATCH 01/13] coresight: access conn->child_name only if it's initialised" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1467303739-12543-2-git-send-email-mathieu.poirier@linaro.org \
    --to=mathieu.poirier@linaro.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).