From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sabrina Dubroca Subject: Re: [PATCH] gpio / ACPI: Don't crash on NULL chip->dev Date: Mon, 31 Mar 2014 18:25:47 +0200 Message-ID: <20140331162547.GA25802@kria> References: <1396268209-19108-1-git-send-email-mika.westerberg@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Return-path: Received: from smtp4-g21.free.fr ([212.27.42.4]:59282 "EHLO smtp4-g21.free.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752640AbaCaQ0C (ORCPT ); Mon, 31 Mar 2014 12:26:02 -0400 Content-Disposition: inline In-Reply-To: <1396268209-19108-1-git-send-email-mika.westerberg@linux.intel.com> Sender: linux-gpio-owner@vger.kernel.org List-Id: linux-gpio@vger.kernel.org To: Mika Westerberg Cc: Linus Walleij , Alexandre Courbot , linux-gpio@vger.kernel.org, linux-kernel@vger.kernel.org 2014-03-31, 15:16:49 +0300, Mika Westerberg wrote: > Commit aa92b6f689ac (gpio / ACPI: Allocate ACPI specific data directly in > acpi_gpiochip_add()) moved ACPI handle checking to acpi_gpiochip_add() but > forgot to check whether chip->dev is NULL before dereferencing it. > > Since chip->dev pointer is optional we can end up with crash like following: > > BUG: unable to handle kernel NULL pointer dereference at 00000138 > IP: [] acpi_gpiochip_add+0x13/0x190 > *pde = 00000000 > Oops: 0000 [#1] PREEMPT SMP > Modules linked in: ssb(+) ... > CPU: 0 PID: 512 Comm: modprobe Tainted: G W 3.14.0-rc7-next-20140324-t1 #24 > Hardware name: Dell Inc. Latitude D830 /0UY141, BIOS A02 06/07/2007 > task: f5799900 ti: f543e000 task.ti: f543e000 > EIP: 0060:[] EFLAGS: 00010282 CPU: 0 > EIP is at acpi_gpiochip_add+0x13/0x190 > EAX: 00000000 EBX: f57824c4 ECX: 00000000 EDX: 00000000 > ESI: f57824c4 EDI: 00000010 EBP: f543fc54 ESP: f543fc40 > DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 > CR0: 8005003b CR2: 00000138 CR3: 355f8000 CR4: 000007d0 > Stack: > f543fc5c fd1f7790 f57824c4 000000be 00000010 f543fc84 c1269f4e f543fc74 > fd1f78bd 00008002 f57822b0 f5782090 fd1f8400 00000286 fd1f9994 00000000 > f5782000 f543fc8c fd1f7e39 f543fcc8 fd1f0bd8 000000c0 00000000 00000000 > Call Trace: > [] ? ssb_pcie_mdio_write+0xa0/0xd0 [ssb] > [] gpiochip_add+0xee/0x300 > [] ? ssb_pcicore_serdes_workaround+0xfd/0x140 [ssb] > [] ssb_gpio_init+0x89/0xa0 [ssb] > [] ssb_attach_queued_buses+0xc8/0x2d0 [ssb] > [] ssb_bus_register+0x185/0x1f0 [ssb] > [] ? ssb_pci_xtal+0x220/0x220 [ssb] > [] ssb_bus_pcibus_register+0x2c/0x80 [ssb] > [] ssb_pcihost_probe+0x9c/0x110 [ssb] > [] pci_device_probe+0x6f/0xc0 > [] ? sysfs_create_link+0x25/0x40 > [] driver_probe_device+0x79/0x360 > [] ? pci_match_device+0xb2/0xc0 > [] __driver_attach+0x71/0x80 > [] ? __device_attach+0x40/0x40 > [] bus_for_each_dev+0x47/0x80 > [] driver_attach+0x1e/0x20 > [] ? __device_attach+0x40/0x40 > [] bus_add_driver+0x157/0x230 > [] driver_register+0x59/0xe0 > ... > > Fix this by checking chip->dev pointer against NULL first. Also we can now > remove redundant check in acpi_gpiochip_request/free_interrupts(). > > Reported-by: Sabrina Dubroca > Signed-off-by: Mika Westerberg > --- > Sabrina, > > Can you please re-test this and provide your tested-by? I changed the patch > a bit to remove redundant checks. Just to be sure that I don't accidentally > break something. > > Thanks. Everything looks good. Tested-by: Sabrina Dubroca Thanks, -- Sabrina