From: 未君 <1742789905@qq.com>
To: "Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
"qiang.zhao" <qiang.zhao@nxp.com>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Cc: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] soc: fsl: qe: Fix potential NULL pointer dereference inqe_reset()
Date: Mon, 16 Mar 2026 11:28:47 +0800 [thread overview]
Message-ID: <tencent_89405091B7744EA070AC53E11A3FFA355609@qq.com> (raw)
In-Reply-To: <7e0425c2-debe-448a-a5f9-26039de71db5@kernel.org>
[-- Attachment #1: Type: text/plain, Size: 5244 bytes --]
Hi,
Thank you for the detailed review. You are completely right.
My commit message was confusing, and returning early in qe_reset() just shifts the NULL pointer dereference to the dependent drivers later on, without actually fixing the root cause.
To achieve what you suggested ("if qe_immr remap fails, all drivers depending on it don't get probed"), I plan to do the following in the v2 patch:
1. Change the return type of qe_reset() from `void` to `int`.
2. Return `-ENOMEM` if the ioremap() fails.
3. Update the callers of qe_reset() (e.g., qe_probe() and other board-specific setup functions) to check this return value. If qe_reset() fails, the callers will abort their initialization/probing, which will properly prevent the child devices from being probed.
Does this approach sound correct to you? If so, I will prepare and submit the v2 patch accordingly.
Best regards,
Wang Jun
未君
1742789905@qq.com
Original
From: Christophe Leroy (CS GROUP) <chleroy@kernel.org>
Date: 2026-03-13 17:48
To: Wang Jun <1742789905@qq.com>, Qiang Zhao <qiang.zhao@nxp.com>, linuxppc-dev <linuxppc-dev@lists.ozlabs.org>, linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Cc: linux-kernel <linux-kernel@vger.kernel.org>, gszhai <gszhai@bjtu.edu.cn>, 25125332 <25125332@bjtu.edu.cn>, 25125283 <25125283@bjtu.edu.cn>, 23120469 <23120469@bjtu.edu.cn>
Subject: Re: [PATCH] soc: fsl: qe: Fix potential NULL pointer dereference inqe_reset()
Le 10/03/2026 à 13:11, Wang Jun a écrit :
> [Vous ne recevez pas souvent de courriers de 1742789905@qq.com. Découvrez pourquoi ceci est important à https://aka.ms/LearnAboutSenderIdentification ]
>
> The function qe_reset() uses qe_immr without checking if it is NULL,
> which could happen if ioremap() failed earlier. Add a NULL check and
> perform ioremap() if needed; if it still fails, print an error and
> return to avoid crashing the system.
I don't understand what you are trying to say here. What you say is
already what qe_reset() does: it does a NULL check and performs
ioremap() when it is NULL:
if (qe_immr == NULL)
qe_immr = ioremap(get_qe_base(), QE_IMMAP_SIZE);
You are adding a second NULL check and return early from qe_reset(). But
it doesn't really fix the problem because qe_immr is used in many other
places so you are just delaying the problem.
What needs to be done is that if qe_immr remap fails, all drivers
depending on it don't get probed.
>
> Signed-off-by: Wang Jun <1742789905@qq.com>
> ---
> drivers/soc/fsl/qe/qe.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/soc/fsl/qe/qe.c b/drivers/soc/fsl/qe/qe.c
> index 70b6eddb867b..6dcfa340970a 100644
> --- a/drivers/soc/fsl/qe/qe.c
> +++ b/drivers/soc/fsl/qe/qe.c
> @@ -86,8 +86,13 @@ static phys_addr_t get_qe_base(void)
>
> void qe_reset(void)
> {
> - if (qe_immr == NULL)
> + if (qe_immr == NULL) {
> qe_immr = ioremap(get_qe_base(), QE_IMMAP_SIZE);
> + if (qe_immr == NULL) {
> + pr_err("QE: cannot remap IMMR\n");
> + return;
> + }
> + }
>
> qe_snums_init();
>
> --
> 2.43.0
>
[-- Attachment #2: Type: text/html, Size: 11091 bytes --]
next prev parent reply other threads:[~2026-03-16 4:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 12:11 [PATCH] soc: fsl: qe: Fix potential NULL pointer dereference in qe_reset() Wang Jun
2026-03-13 9:48 ` Christophe Leroy (CS GROUP)
2026-03-16 3:28 ` 未君 [this message]
2026-03-24 13:47 ` [PATCH] soc: fsl: qe: Fix potential NULL pointer dereference inqe_reset() Christophe Leroy (CS GROUP)
2026-03-27 0:12 ` [PATCH v2] soc: fsl: qe: panic on ioremap() failure in qe_reset() Wang Jun
2026-03-28 12:09 ` Christophe Leroy (CS GROUP)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tencent_89405091B7744EA070AC53E11A3FFA355609@qq.com \
--to=1742789905@qq.com \
--cc=chleroy@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=qiang.zhao@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox