[PATCH] gpio: mvebu: fix NULL pointer dereference in suspend/resume

[PATCH] gpio: mvebu: fix NULL pointer dereference in suspend/resume

[Yun Zhou]

mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO
banks during suspend/resume, but not all banks have PWM functionality.
GPIO banks without PWM have mvchip->mvpwm set to NULL.

Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer
dereference when it tries to access mvpwm->blink_select.

  Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write
  [00000020] *pgd=00000000
  Internal error: Oops: 815 [#1] PREEMPT ARM
  Modules linked in:
  CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353
  Hardware name: Marvell Armada 370/XP (Device Tree)
  PC is at regmap_mmio_read+0x38/0x54
  LR is at regmap_mmio_read+0x38/0x54
  pc : [<c05fd2ac>]    lr : [<c05fd2ac>]    psr: 200f0013
  sp : f0c11d10  ip : 00000000  fp : c100d2f0
  r10: c14fb854  r9 : 00000000  r8 : 00000000
  r7 : c1799c00  r6 : 00000020  r5 : 00000020  r4 : c179c7c0
  r3 : f0a231a0  r2 : 00000020  r1 : 00000020  r0 : 00000000
  Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
  Control: 10c5387d  Table: 135ec059  DAC: 00000051
  Call trace:
   regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac
   _regmap_bus_reg_read from _regmap_read+0x60/0x154
   _regmap_read from regmap_read+0x3c/0x60
   regmap_read from mvebu_gpio_suspend+0xa4/0x14c
   mvebu_gpio_suspend from dpm_run_callback+0x54/0x180
   dpm_run_callback from device_suspend+0x124/0x630
   device_suspend from dpm_suspend+0x124/0x270
   dpm_suspend from dpm_suspend_start+0x64/0x6c
   dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8
   suspend_devices_and_enter from pm_suspend+0x2fc/0x308
   pm_suspend from state_store+0x6c/0xc8
   state_store from kernfs_fop_write_iter+0x10c/0x1f8
   kernfs_fop_write_iter from vfs_write+0x270/0x468
   vfs_write from ksys_write+0x70/0xf0
   ksys_write from ret_fast_syscall+0x0/0x54

Add a NULL check for mvchip->mvpwm before calling the PWM
suspend/resume functions.

Fixes: 85b7d8abfec7 ("gpio: mvebu: add pwm support for Armada 370/XP/38x")
Signed-off-by: Yun Zhou <yun.zhou@windriver.com>
---
 drivers/gpio/gpio-mvebu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpio/gpio-mvebu.c b/drivers/gpio/gpio-mvebu.c
index 22c36b79e249..c030d1f00abc 100644
--- a/drivers/gpio/gpio-mvebu.c
+++ b/drivers/gpio/gpio-mvebu.c
@@ -996,7 +996,7 @@ static int mvebu_gpio_suspend(struct platform_device *pdev, pm_message_t state)
 		BUG();
 	}
 
-	if (IS_REACHABLE(CONFIG_PWM))
+	if (IS_REACHABLE(CONFIG_PWM) && mvchip->mvpwm)
 		mvebu_pwm_suspend(mvchip);
 
 	return 0;
@@ -1048,7 +1048,7 @@ static int mvebu_gpio_resume(struct platform_device *pdev)
 		BUG();
 	}
 
-	if (IS_REACHABLE(CONFIG_PWM))
+	if (IS_REACHABLE(CONFIG_PWM) && mvchip->mvpwm)
 		mvebu_pwm_resume(mvchip);
 
 	return 0;
-- 
2.43.0

Re: [PATCH] gpio: mvebu: fix NULL pointer dereference in suspend/resume

[Baruch Siach]

Hi Yun Zhou,

On Mon, Jun 08 2026, Yun Zhou wrote:
> mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO
> banks during suspend/resume, but not all banks have PWM functionality.
> GPIO banks without PWM have mvchip->mvpwm set to NULL.
>
> Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer
> dereference when it tries to access mvpwm->blink_select.
>
>   Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write
>   [00000020] *pgd=00000000
>   Internal error: Oops: 815 [#1] PREEMPT ARM
>   Modules linked in:
>   CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353
>   Hardware name: Marvell Armada 370/XP (Device Tree)
>   PC is at regmap_mmio_read+0x38/0x54
>   LR is at regmap_mmio_read+0x38/0x54
>   pc : [<c05fd2ac>]    lr : [<c05fd2ac>]    psr: 200f0013
>   sp : f0c11d10  ip : 00000000  fp : c100d2f0
>   r10: c14fb854  r9 : 00000000  r8 : 00000000
>   r7 : c1799c00  r6 : 00000020  r5 : 00000020  r4 : c179c7c0
>   r3 : f0a231a0  r2 : 00000020  r1 : 00000020  r0 : 00000000
>   Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
>   Control: 10c5387d  Table: 135ec059  DAC: 00000051
>   Call trace:
>    regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac
>    _regmap_bus_reg_read from _regmap_read+0x60/0x154
>    _regmap_read from regmap_read+0x3c/0x60
>    regmap_read from mvebu_gpio_suspend+0xa4/0x14c
>    mvebu_gpio_suspend from dpm_run_callback+0x54/0x180
>    dpm_run_callback from device_suspend+0x124/0x630
>    device_suspend from dpm_suspend+0x124/0x270
>    dpm_suspend from dpm_suspend_start+0x64/0x6c
>    dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8
>    suspend_devices_and_enter from pm_suspend+0x2fc/0x308
>    pm_suspend from state_store+0x6c/0xc8
>    state_store from kernfs_fop_write_iter+0x10c/0x1f8
>    kernfs_fop_write_iter from vfs_write+0x270/0x468
>    vfs_write from ksys_write+0x70/0xf0
>    ksys_write from ret_fast_syscall+0x0/0x54
>
> Add a NULL check for mvchip->mvpwm before calling the PWM
> suspend/resume functions.
>
> Fixes: 85b7d8abfec7 ("gpio: mvebu: add pwm support for Armada 370/XP/38x")

Commit summary for 85b7d8abfec7 is "gpio: mvebu: add pwm support for
Armada 8K/7K". I could not find a commit matching the summary line above
in upstream git. Commit 757642f9a584e ("gpio: mvebu: Add limited PWM
support") introduced mvebu_pwm_suspend() and mvebu_pwm_resume(). I think
that is the one being fixed.

baruch

> Signed-off-by: Yun Zhou <yun.zhou@windriver.com>
> ---
>  drivers/gpio/gpio-mvebu.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpio/gpio-mvebu.c b/drivers/gpio/gpio-mvebu.c
> index 22c36b79e249..c030d1f00abc 100644
> --- a/drivers/gpio/gpio-mvebu.c
> +++ b/drivers/gpio/gpio-mvebu.c
> @@ -996,7 +996,7 @@ static int mvebu_gpio_suspend(struct platform_device *pdev, pm_message_t state)
>  		BUG();
>  	}
>  
> -	if (IS_REACHABLE(CONFIG_PWM))
> +	if (IS_REACHABLE(CONFIG_PWM) && mvchip->mvpwm)
>  		mvebu_pwm_suspend(mvchip);
>  
>  	return 0;
> @@ -1048,7 +1048,7 @@ static int mvebu_gpio_resume(struct platform_device *pdev)
>  		BUG();
>  	}
>  
> -	if (IS_REACHABLE(CONFIG_PWM))
> +	if (IS_REACHABLE(CONFIG_PWM) && mvchip->mvpwm)
>  		mvebu_pwm_resume(mvchip);
>  
>  	return 0;

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -

Re: [PATCH] gpio: mvebu: fix NULL pointer dereference in suspend/resume

[Zhou, Yun]

On 6/8/26 16:26, Baruch Siach wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> Hi Yun Zhou,
>
> On Mon, Jun 08 2026, Yun Zhou wrote:
>> mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO
>> banks during suspend/resume, but not all banks have PWM functionality.
>> GPIO banks without PWM have mvchip->mvpwm set to NULL.
>>
>> Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer
>> dereference when it tries to access mvpwm->blink_select.
>>
>>    Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write
>>    [00000020] *pgd=00000000
>>    Internal error: Oops: 815 [#1] PREEMPT ARM
>>    Modules linked in:
>>    CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353
>>    Hardware name: Marvell Armada 370/XP (Device Tree)
>>    PC is at regmap_mmio_read+0x38/0x54
>>    LR is at regmap_mmio_read+0x38/0x54
>>    pc : [<c05fd2ac>]    lr : [<c05fd2ac>]    psr: 200f0013
>>    sp : f0c11d10  ip : 00000000  fp : c100d2f0
>>    r10: c14fb854  r9 : 00000000  r8 : 00000000
>>    r7 : c1799c00  r6 : 00000020  r5 : 00000020  r4 : c179c7c0
>>    r3 : f0a231a0  r2 : 00000020  r1 : 00000020  r0 : 00000000
>>    Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
>>    Control: 10c5387d  Table: 135ec059  DAC: 00000051
>>    Call trace:
>>     regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac
>>     _regmap_bus_reg_read from _regmap_read+0x60/0x154
>>     _regmap_read from regmap_read+0x3c/0x60
>>     regmap_read from mvebu_gpio_suspend+0xa4/0x14c
>>     mvebu_gpio_suspend from dpm_run_callback+0x54/0x180
>>     dpm_run_callback from device_suspend+0x124/0x630
>>     device_suspend from dpm_suspend+0x124/0x270
>>     dpm_suspend from dpm_suspend_start+0x64/0x6c
>>     dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8
>>     suspend_devices_and_enter from pm_suspend+0x2fc/0x308
>>     pm_suspend from state_store+0x6c/0xc8
>>     state_store from kernfs_fop_write_iter+0x10c/0x1f8
>>     kernfs_fop_write_iter from vfs_write+0x270/0x468
>>     vfs_write from ksys_write+0x70/0xf0
>>     ksys_write from ret_fast_syscall+0x0/0x54
>>
>> Add a NULL check for mvchip->mvpwm before calling the PWM
>> suspend/resume functions.
>>
>> Fixes: 85b7d8abfec7 ("gpio: mvebu: add pwm support for Armada 370/XP/38x")
> Commit summary for 85b7d8abfec7 is "gpio: mvebu: add pwm support for
> Armada 8K/7K". I could not find a commit matching the summary line above
> in upstream git. Commit 757642f9a584e ("gpio: mvebu: Add limited PWM
> support") introduced mvebu_pwm_suspend() and mvebu_pwm_resume(). I think
> that is the one being fixed.
>
> baruch
>
You are right. I will fix it in v2.

Thanks,
Yun