* Re: [BUG 6.4-rc3] BUG: kernel NULL pointer dereference in __dev_fwnode
[not found] <20230524131200.0f6fb318@rorschach.local.home>
@ 2023-05-24 18:28 ` Linus Torvalds
2023-05-25 16:42 ` Sebastian Reichel
0 siblings, 1 reply; 3+ messages in thread
From: Linus Torvalds @ 2023-05-24 18:28 UTC (permalink / raw)
To: Steven Rostedt
Cc: LKML, Masami Hiramatsu, Sebastian Reichel, Linus Walleij,
Matti Vaittinen, linux-pm
On Wed, May 24, 2023 at 10:12 AM Steven Rostedt <rostedt@goodmis.org> wrote:
>
> I started adding fixes to my urgent branch rebased on top of v6.4-rc3
> and ran my tests. Unfortunately they crashed on unrelated code.
>
> Here's the dump:
>
> BUG: kernel NULL pointer dereference, address: 00000000000003e8
> RIP: 0010:__dev_fwnode+0x9/0x2a
> Code: ff 85 c0 78 16 48 8b 3c 24 89 c6 59 e9 e0 f7 ff ff b8 ea ff ff ff c3 cc cc cc cc 5a c3 cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 <48> 8b 87 e8 03 00 00 48
> 83 c0 18 c3 cc cc cc cc 48
That disassembles to
endbr64
nopl 0x0(%rax,%rax,1)
mov 0x3e8(%rdi),%rax
add $0x18,%rax
ret
which looks like it must be the
return dev->fwnode;
with a NULL 'dev'. Which makes sense for __dev_fwnode with CONFIG_OF
not enabled.
Except I have no idea what that odd 'add $0x18" is all about. Strange.
Anyway, the caller seems to be this code in power_supply_get_battery_info():
if (psy->of_node) {
.. presumably not this ..
} else {
err = fwnode_property_get_reference_args(
dev_fwnode(psy->dev.parent),
"monitored-battery", NULL, 0, 0, &args);
...
so I suspect we have psy->dev.parent being NULL.
> I ran a bisect and it found it to be this commit:
>
> 27a2195efa8d2 ("power: supply: core: auto-exposure of simple-battery data")
>
> I checked out that commit and tested it, and it crashed. I then
> reverted that commit, and the crash goes away.
At a guess, it's
(a) the new code to expose battery info at registration time:
+ /*
+ * Expose constant battery info, if it is available. While there are
+ * some chargers accessing constant battery data, we only want to
+ * expose battery data to userspace for battery devices.
+ */
+ if (desc->type == POWER_SUPPLY_TYPE_BATTERY) {
+ rc = power_supply_get_battery_info(psy, &psy->battery_info);
+ if (rc && rc != -ENODEV && rc != -ENOENT)
+ goto check_supplies_failed;
+ }
interacting with
(b) the test_power_init() that does that
test_power_supplies[i] = power_supply_register(NULL,
&test_power_desc[i],
&test_power_configs[i]);
which passes in NULL for the "parent" pointer.
So it looks like a dodgy test that was a bit lazy. But maybe a NULL
parent is supposed to work.
Linus
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUG 6.4-rc3] BUG: kernel NULL pointer dereference in __dev_fwnode
2023-05-24 18:28 ` [BUG 6.4-rc3] BUG: kernel NULL pointer dereference in __dev_fwnode Linus Torvalds
@ 2023-05-25 16:42 ` Sebastian Reichel
2023-05-26 2:08 ` Steven Rostedt
0 siblings, 1 reply; 3+ messages in thread
From: Sebastian Reichel @ 2023-05-25 16:42 UTC (permalink / raw)
To: Linus Torvalds
Cc: Steven Rostedt, LKML, Masami Hiramatsu, Linus Walleij,
Matti Vaittinen, linux-pm
[-- Attachment #1: Type: text/plain, Size: 3112 bytes --]
Hi,
On Wed, May 24, 2023 at 11:28:41AM -0700, Linus Torvalds wrote:
> On Wed, May 24, 2023 at 10:12 AM Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> > I started adding fixes to my urgent branch rebased on top of v6.4-rc3
> > and ran my tests. Unfortunately they crashed on unrelated code.
> >
> > Here's the dump:
> >
> > BUG: kernel NULL pointer dereference, address: 00000000000003e8
> > RIP: 0010:__dev_fwnode+0x9/0x2a
> > Code: ff 85 c0 78 16 48 8b 3c 24 89 c6 59 e9 e0 f7 ff ff b8 ea ff ff ff c3 cc cc cc cc 5a c3 cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 <48> 8b 87 e8 03 00 00 48
> > 83 c0 18 c3 cc cc cc cc 48
>
> That disassembles to
>
> endbr64
> nopl 0x0(%rax,%rax,1)
> mov 0x3e8(%rdi),%rax
> add $0x18,%rax
> ret
>
> which looks like it must be the
>
> return dev->fwnode;
>
> with a NULL 'dev'. Which makes sense for __dev_fwnode with CONFIG_OF
> not enabled.
>
> Except I have no idea what that odd 'add $0x18" is all about. Strange.
>
> Anyway, the caller seems to be this code in power_supply_get_battery_info():
>
> if (psy->of_node) {
> .. presumably not this ..
> } else {
> err = fwnode_property_get_reference_args(
> dev_fwnode(psy->dev.parent),
> "monitored-battery", NULL, 0, 0, &args);
> ...
>
> so I suspect we have psy->dev.parent being NULL.
>
> > I ran a bisect and it found it to be this commit:
> >
> > 27a2195efa8d2 ("power: supply: core: auto-exposure of simple-battery data")
> >
> > I checked out that commit and tested it, and it crashed. I then
> > reverted that commit, and the crash goes away.
>
> At a guess, it's
>
> (a) the new code to expose battery info at registration time:
>
> + /*
> + * Expose constant battery info, if it is available. While there are
> + * some chargers accessing constant battery data, we only want to
> + * expose battery data to userspace for battery devices.
> + */
> + if (desc->type == POWER_SUPPLY_TYPE_BATTERY) {
> + rc = power_supply_get_battery_info(psy, &psy->battery_info);
> + if (rc && rc != -ENODEV && rc != -ENOENT)
> + goto check_supplies_failed;
> + }
>
> interacting with
>
> (b) the test_power_init() that does that
>
> test_power_supplies[i] = power_supply_register(NULL,
> &test_power_desc[i],
> &test_power_configs[i]);
>
> which passes in NULL for the "parent" pointer.
>
> So it looks like a dodgy test that was a bit lazy. But maybe a NULL
> parent is supposed to work.
>
> Linus
I have a fix for that in my fixes branch, that I planned to send
this week:
https://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply.git/commit/?h=fixes&id=44c524b642996148a8e94f1a1b8751076edcf577
-- Sebastian
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUG 6.4-rc3] BUG: kernel NULL pointer dereference in __dev_fwnode
2023-05-25 16:42 ` Sebastian Reichel
@ 2023-05-26 2:08 ` Steven Rostedt
0 siblings, 0 replies; 3+ messages in thread
From: Steven Rostedt @ 2023-05-26 2:08 UTC (permalink / raw)
To: Sebastian Reichel
Cc: Linus Torvalds, LKML, Masami Hiramatsu, Linus Walleij,
Matti Vaittinen, linux-pm
On Thu, 25 May 2023 18:42:48 +0200
Sebastian Reichel <sre@kernel.org> wrote:
> I have a fix for that in my fixes branch, that I planned to send
> this week:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply.git/commit/?h=fixes&id=44c524b642996148a8e94f1a1b8751076edcf577
This appears to fix the bug I reported.
Tested-by: Steven Rostedt (Google) <rostedt@goodmis.org>
-- Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-05-26 2:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20230524131200.0f6fb318@rorschach.local.home>
2023-05-24 18:28 ` [BUG 6.4-rc3] BUG: kernel NULL pointer dereference in __dev_fwnode Linus Torvalds
2023-05-25 16:42 ` Sebastian Reichel
2023-05-26 2:08 ` Steven Rostedt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox