From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04CFDC00144 for ; Mon, 1 Aug 2022 06:20:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239822AbiHAGUO (ORCPT ); Mon, 1 Aug 2022 02:20:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239069AbiHAGUJ (ORCPT ); Mon, 1 Aug 2022 02:20:09 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1791113FBA; Sun, 31 Jul 2022 23:20:08 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A843E60D35; Mon, 1 Aug 2022 06:20:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 73839C433D6; Mon, 1 Aug 2022 06:20:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659334807; bh=2KG7XYBZBzxBPhLVALrzoeS57MmXnCIHYLGHoJhZvfM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=0X1mZt9k7aRNY98Mjys5Ck9CfuWASOKhPTPC6rPhcDfNut8jXH4WeWGHBiUtUEuuX tgES+Il+D1lMcGHi/6/iD55p7aLnumwTaWuELp51SoUx6Z1+lBfHOUa3AqRm9iYROS vC3R9iLRFrGkc81TzThoPoKGC3HBHcmOOodjHjmQ= Date: Mon, 1 Aug 2022 08:20:01 +0200 From: Greg KH To: Yang Yingliang Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, logang@deltatee.com, dan.j.williams@intel.com, hans.verkuil@cisco.com, alexandre.belloni@free-electrons.com, viro@zeniv.linux.org.uk Subject: Re: [PATCH RESEND] chardev: fix error handling in cdev_device_add() Message-ID: References: <20220714092355.991306-1-yangyingliang@huawei.com> <0705d0a6-7897-c8eb-666f-711ea8be1cd6@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <0705d0a6-7897-c8eb-666f-711ea8be1cd6@huawei.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 01, 2022 at 10:05:55AM +0800, Yang Yingliang wrote: > Hi, Greg > > On 2022/7/14 17:33, Greg KH wrote: > > On Thu, Jul 14, 2022 at 05:23:55PM +0800, Yang Yingliang wrote: > > > If dev->devt is not set, cdev_add() will not be called, so if device_add() > > > fails, cdev_del() is not needed. Fix this by checking dev->devt in error > > > case. > > > > > > Fixes: 233ed09d7fda ("chardev: add helper function to register char devs with a struct device") > > > Reported-by: Hulk Robot > > > Signed-off-by: Yang Yingliang > > > --- > > > fs/char_dev.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/fs/char_dev.c b/fs/char_dev.c > > > index ba0ded7842a7..3f667292608c 100644 > > > --- a/fs/char_dev.c > > > +++ b/fs/char_dev.c > > > @@ -547,7 +547,7 @@ int cdev_device_add(struct cdev *cdev, struct device *dev) > > > } > > > rc = device_add(dev); > > > - if (rc) > > > + if (rc && dev->devt) > > > cdev_del(cdev); > > > return rc; > > > -- > > > 2.25.1 > > > > > Please see https://lore.kernel.org/r/YsLtXYa4kRYEEaX/@kroah.com for why > > I will no longer accept patches from Huawei with the "hulk robot" claim > > without the required information. > I found this bug by fault injection test and it can be reproduced in the > 5.19.0-rc6. > When inject error in device_add(), it triggers the bug. So normal operations do not cause this at all, that needs to be stated in the changelog text, right? > The FAULT_INJECTION stack is: > [   90.246918][ T1527] FAULT_INJECTION: forcing a failure. > [   90.246918][ T1527] name failslab, interval 1, probability 0, space 0, > times 0 > [   90.248546][ T1527] CPU: 3 PID: 1527 Comm: 63 Not tainted > 5.19.0-rc6-00276-g187506bb1928-dirty #668 > 3b1a4a46ce78a2173f0a10415bb4c4ff7194a867 > [   90.249993][ T1527] Hardware name: QEMU Standard PC (i440FX + PIIX, > 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 > [   90.251114][ T1527] Call Trace: > [   90.251500][ T1527]  > [   90.251889][ T1527]  dump_stack_lvl+0xe4/0x156 > [   90.252661][ T1527]  should_fail.cold.3+0x5/0x1f > [   90.253242][ T1527]  ? device_add+0x10cd/0x1de0 > [   90.253835][ T1527]  ? device_add+0x10cd/0x1de0 > [   90.254391][ T1527]  should_failslab+0xa/0x20 > [   90.254902][ T1527]  kmem_cache_alloc_trace+0x5a/0x2e0 > [   90.255496][ T1527]  device_add+0x10cd/0x1de0 > [   90.256100][ T1527]  ? rcu_read_lock_held_common+0xe/0xb0 > [   90.256951][ T1527]  ? rcu_read_lock_sched_held+0x62/0xf0 > [   90.257811][ T1527]  ? rcu_read_lock_bh_held+0xd0/0xd0 > [   90.258627][ T1527]  ? iio_dev_release+0x161/0x1c0 [industrialio] > [   90.260110][ T1527]  ? __fw_devlink_link_to_suppliers+0x2c0/0x2c0 > [   90.260818][ T1527]  ? write_comp_data+0x2a/0x90 > [   90.261366][ T1527]  ? __sanitizer_cov_trace_pc+0x1d/0x50 > [   90.262003][ T1527]  ? iio_device_register_eventset+0x6f6/0xea0 > [industrialio] > [   90.263365][ T1527]  cdev_device_add+0x130/0x1b0 > [   90.263923][ T1527]  __iio_device_register+0x1392/0x1ac0 [industrialio] > [   90.265218][ T1527]  __devm_iio_device_register+0x22/0x90 [industrialio] > [   90.266502][ T1527]  max517_probe+0x3d8/0x6b4 [max517] > [   90.267456][ T1527]  ? max517_write_raw+0x1e0/0x1e0 [max517] > [   90.268472][ T1527]  i2c_device_probe+0x974/0xae0 > [   90.269016][ T1527]  ? i2c_device_match+0x120/0x120 > [   90.269577][ T1527]  really_probe+0x44a/0xaf0 > > The kernel reported this warning: > [   90.309159][ T1527] ------------[ cut here ]------------ > [   90.309981][ T1527] kobject: '(null)' (000000008ab24cf9): is not > initialized, yet kobject_put() is being called. > [   90.311910][ T1527] WARNING: CPU: 3 PID: 1527 at kobject_put+0x24c/0x540 > [   90.312975][ T1527] Modules linked in: max517 industrialio spi_stub > i2c_stub i2c_dev joydev mousedev intel_rapl_msr input_leds led_class nfit > edac_core libnvdimm intel_rapl_common intel_uncore_frequency_common > isst_if_common ppdev serio_raw psmouse atkbd kvm_intel libps2 vivaldi_fmap > kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel > aesni_intel crypto_simd cryptd bochs drm_vram_helper drm_ttm_helper ttm > sr_mod evdev drm_kms_helper cdrom mac_hid drm sg > drm_panel_orientation_quirks cfbfillrect cfbimgblt parport_pc cfbcopyarea > parport rtc_cmos fb_sys_fops floppy syscopyarea sysfillrect i8042 serio > sysimgblt ata_generic fb pata_acpi fbdev i2c_piix4 backlight intel_agp > tiny_power_button intel_gtt agpgart qemu_fw_cfg button ip_tables x_tables > ipv6 crc_ccitt autofs4 > [   90.324844][ T1527] CPU: 3 PID: 1527 Comm: 63 Not tainted > 5.19.0-rc6-00276-g187506bb1928-dirty #668 > 3b1a4a46ce78a2173f0a10415bb4c4ff7194a867 > [   90.326763][ T1527] Hardware name: QEMU Standard PC (i440FX + PIIX, > 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 > [   90.328285][ T1527] RIP: 0010:kobject_put+0x24c/0x540 > [   90.329113][ T1527] Code: e8 c9 21 e5 fe 90 48 89 d8 48 c1 e8 03 80 3c 28 > 00 0f 85 7a 02 00 00 48 8b 33 48 89 da 48 c7 c7 a0 73 ff 88 e8 22 83 ff 00 > 90 <0f> 0b 90 90 e9 1c fe ff ff e8 96 21 e5 fe 4c 8b 0c 24 48 89 d9 4c > [   90.331985][ T1527] RSP: 0018:ffffc9000496f508 EFLAGS: 00010286 > [   90.332902][ T1527] RAX: 0000000000000000 RBX: ffff88800c1b2788 RCX: > ffffffff861ac93a > [   90.334079][ T1527] RDX: 0000000000000000 RSI: ffff888005608000 RDI: > 0000000000000002 > [   90.335248][ T1527] RBP: dffffc0000000000 R08: ffffed1021240346 R09: > ffffed1021240346 > [   90.336464][ T1527] R10: ffff888109201a2b R11: ffffed1021240345 R12: > ffff88800c1b27c4 > [   90.337640][ T1527] R13: 0000000000000000 R14: 00000000ffffffff R15: > 0000000000000000 > [   90.338827][ T1527] FS:  00007fe80c499500(0000) GS:ffff888109000000(0000) > knlGS:0000000000000000 > [   90.340190][ T1527] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [   90.341173][ T1527] CR2: 000055837fa23708 CR3: 0000000005c36001 CR4: > 0000000000770ee0 > [   90.342307][ T1527] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [   90.343140][ T1527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [   90.344024][ T1527] PKRU: 55555554 > [   90.344562][ T1527] Call Trace: > [   90.345063][ T1527]  > [   90.345529][ T1527]  cdev_device_add+0x15e/0x1b0 > [   90.346214][ T1527]  __iio_device_register+0x1392/0x1ac0 [industrialio] > [   90.347509][ T1527]  __devm_iio_device_register+0x22/0x90 [industrialio] > [   90.348840][ T1527]  max517_probe+0x3d8/0x6b4 [max517] > [   90.350091][ T1527]  ? max517_write_raw+0x1e0/0x1e0 [max517] > [   90.351093][ T1527]  i2c_device_probe+0x974/0xae0 > [   90.351633][ T1527]  ? i2c_device_match+0x120/0x120 > [   90.352255][ T1527]  really_probe+0x44a/0xaf0 > > If attached_buffers_cnt and event_interface of iio_dev_opaque is not set, > the 'cdev' is not initialized and the > dev->devt is not set, but cdev_del() is called in error path, then it > triggers this bug. > > > > Also, you did not state why this was a RESEND. > https://lore.kernel.org/lkml/1959fa74-b06c-b8bc-d14f-b71e5c4290ee@huawei.com/T/ > > This patch has been sent last year, and the bug can be reproduced, so I > tried to resend to fix it. Again, you have to state this when you send the patch, otherwise we do not know this. Also, if you do resend this, you need to provide the needed information in the changelog as the documentation says to. thanks, greg k-h