From: Maud Spierings <maudspierings@gocontroll.com>
To: Jonathan Cameron <Jonathan.Cameron@huawei.com>,
Maud Spierings via B4 Relay
<devnull+maudspierings.gocontroll.com@kernel.org>
Cc: "Jonathan Cameron" <jic23@kernel.org>,
"David Lechner" <dlechner@baylibre.com>,
"Nuno Sá" <nuno.sa@analog.com>,
"Andy Shevchenko" <andy@kernel.org>,
"Christian Heusel" <christian@heusel.eu>,
"Linus Walleij" <linus.walleij@linaro.org>,
linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org, gregkh@linuxfoundation.org,
dsimic@manjaro.com
Subject: Re: [PATCH v2] iio: common: st_sensors: Fix use of uninitialize device structs
Date: Fri, 23 May 2025 08:36:43 +0200 [thread overview]
Message-ID: <d764e4b3-9c9b-4fbf-8257-be0afd43df58@gocontroll.com> (raw)
In-Reply-To: <20250522181236.00006dda@huawei.com>
On 5/22/25 19:12, Jonathan Cameron wrote:
> On Thu, 22 May 2025 13:18:55 +0200
> Maud Spierings via B4 Relay <devnull+maudspierings.gocontroll.com@kernel.org> wrote:
>
>> From: Maud Spierings <maudspierings@gocontroll.com>
>>
>> Throughout the various probe functions &indio_dev->dev is used before it
>> is initialized. This caused a kernel panic in st_sensors_power_enable
>> when the call to devm_regulator_bulk_get_enable() fails and then calls
>> dev_err_probe() with the uninitialized device.
> Hi Maud,
>
>
> Curious. Given the device_initialize() is in the allocation function
> it isn't immediately obvious that something needed might not have been initialized.
> Any idea what is being accessed in there that fails? (i.e. any idea if my
> shallow detective work found it ;)
It is indeed what you describe below, in the stack trace from my initial
bug report it can indeed be seen that the panic happens in
device_set_deferred_probe_reason(), __device_set_deferred_probe_reason()
to be specific.
> https://elixir.bootlin.com/linux/v6.14.7/source/drivers/iio/industrialio-core.c#L1675
> in iio_device_alloc() is where device_initialize() is called.
>
> Using the device in the iio_dev structure is almost certainly wrong
> but I'm surprised it crashes... So I had a quick dig.
>
> The only path that isn't a simple print that I can spot
> is device_set_deferred_reason() That accesses dev->p (device private
> data) Which is initialized only in device_add().
>
> I wonder if we should harden device_set_deferred_reason()
> against p == NULL, perhaps with a message strongly advising against
> using it with a device that hasn't been added?
>
> Being in error paths this is the sort of subtle bug that
> rarely rears it's head :(
>
> +CC Greg and Dragan for thoughts before anyone spins a patch.
>
> This change is good either way. I'm just on wrong computer to pick it up
> right now.
I think I may need to send a v3, I didn't add the stable cc in my commit
message above the SoB tag which the kernel test bot is informing me about.
next prev parent reply other threads:[~2025-05-23 6:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-22 11:18 [PATCH v2] iio: common: st_sensors: Fix use of uninitialize device structs Maud Spierings via B4 Relay
2025-05-22 17:12 ` Jonathan Cameron
2025-05-23 6:36 ` Maud Spierings [this message]
2025-05-23 16:46 ` Andy Shevchenko
2025-05-23 16:45 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d764e4b3-9c9b-4fbf-8257-be0afd43df58@gocontroll.com \
--to=maudspierings@gocontroll.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=andy@kernel.org \
--cc=christian@heusel.eu \
--cc=devnull+maudspierings.gocontroll.com@kernel.org \
--cc=dlechner@baylibre.com \
--cc=dsimic@manjaro.com \
--cc=gregkh@linuxfoundation.org \
--cc=jic23@kernel.org \
--cc=linus.walleij@linaro.org \
--cc=linux-iio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nuno.sa@analog.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox