From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Zheyu Ma <zheyuma97@gmail.com>,
Ulf Hansson <ulf.hansson@linaro.org>,
Sasha Levin <sashal@kernel.org>,
linux-mmc@vger.kernel.org
Subject: [PATCH AUTOSEL 5.12 50/80] mmc: via-sdmmc: add a check against NULL pointer dereference
Date: Sun, 4 Jul 2021 19:05:46 -0400 [thread overview]
Message-ID: <20210704230616.1489200-50-sashal@kernel.org> (raw)
In-Reply-To: <20210704230616.1489200-1-sashal@kernel.org>
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 45c8ddd06c4b729c56a6083ab311bfbd9643f4a6 ]
Before referencing 'host->data', the driver needs to check whether it is
null pointer, otherwise it will cause a null pointer reference.
This log reveals it:
[ 29.355199] BUG: kernel NULL pointer dereference, address:
0000000000000014
[ 29.357323] #PF: supervisor write access in kernel mode
[ 29.357706] #PF: error_code(0x0002) - not-present page
[ 29.358088] PGD 0 P4D 0
[ 29.358280] Oops: 0002 [#1] PREEMPT SMP PTI
[ 29.358595] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 5.12.4-
g70e7f0549188-dirty #102
[ 29.359164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[ 29.359978] RIP: 0010:via_sdc_isr+0x21f/0x410
[ 29.360314] Code: ff ff e8 84 aa d0 fd 66 45 89 7e 28 66 41 f7 c4 00
10 75 56 e8 72 aa d0 fd 66 41 f7 c4 00 c0 74 10 e8 65 aa d0 fd 48 8b 43
18 <c7> 40 14 ac ff ff ff e8 55 aa d0 fd 48 89 df e8 ad fb ff ff e9 77
[ 29.361661] RSP: 0018:ffffc90000118e98 EFLAGS: 00010046
[ 29.362042] RAX: 0000000000000000 RBX: ffff888107d77880
RCX: 0000000000000000
[ 29.362564] RDX: 0000000000000000 RSI: ffffffff835d20bb
RDI: 00000000ffffffff
[ 29.363085] RBP: ffffc90000118ed8 R08: 0000000000000001
R09: 0000000000000001
[ 29.363604] R10: 0000000000000000 R11: 0000000000000001
R12: 0000000000008600
[ 29.364128] R13: ffff888107d779c8 R14: ffffc90009c00200
R15: 0000000000008000
[ 29.364651] FS: 0000000000000000(0000) GS:ffff88817bc80000(0000)
knlGS:0000000000000000
[ 29.365235] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.365655] CR2: 0000000000000014 CR3: 0000000005a2e000
CR4: 00000000000006e0
[ 29.366170] DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
[ 29.366683] DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400
[ 29.367197] Call Trace:
[ 29.367381] <IRQ>
[ 29.367537] __handle_irq_event_percpu+0x53/0x3e0
[ 29.367916] handle_irq_event_percpu+0x35/0x90
[ 29.368247] handle_irq_event+0x39/0x60
[ 29.368632] handle_fasteoi_irq+0xc2/0x1d0
[ 29.368950] __common_interrupt+0x7f/0x150
[ 29.369254] common_interrupt+0xb4/0xd0
[ 29.369547] </IRQ>
[ 29.369708] asm_common_interrupt+0x1e/0x40
[ 29.370016] RIP: 0010:native_safe_halt+0x17/0x20
[ 29.370360] Code: 07 0f 00 2d db 80 43 00 f4 5d c3 0f 1f 84 00 00 00
00 00 8b 05 c2 37 e5 01 55 48 89 e5 85 c0 7e 07 0f 00 2d bb 80 43 00 fb
f4 <5d> c3 cc cc cc cc cc cc cc 55 48 89 e5 e8 67 53 ff ff 8b 0d f9 91
[ 29.371696] RSP: 0018:ffffc9000008fe90 EFLAGS: 00000246
[ 29.372079] RAX: 0000000000000000 RBX: 0000000000000002
RCX: 0000000000000000
[ 29.372595] RDX: 0000000000000000 RSI: ffffffff854f67a4
RDI: ffffffff85403406
[ 29.373122] RBP: ffffc9000008fe90 R08: 0000000000000001
R09: 0000000000000001
[ 29.373646] R10: 0000000000000000 R11: 0000000000000001
R12: ffffffff86009188
[ 29.374160] R13: 0000000000000000 R14: 0000000000000000
R15: ffff888100258000
[ 29.374690] default_idle+0x9/0x10
[ 29.374944] arch_cpu_idle+0xa/0x10
[ 29.375198] default_idle_call+0x6e/0x250
[ 29.375491] do_idle+0x1f0/0x2d0
[ 29.375740] cpu_startup_entry+0x18/0x20
[ 29.376034] start_secondary+0x11f/0x160
[ 29.376328] secondary_startup_64_no_verify+0xb0/0xbb
[ 29.376705] Modules linked in:
[ 29.376939] Dumping ftrace buffer:
[ 29.377187] (ftrace buffer empty)
[ 29.377460] CR2: 0000000000000014
[ 29.377712] ---[ end trace 51a473dffb618c47 ]---
[ 29.378056] RIP: 0010:via_sdc_isr+0x21f/0x410
[ 29.378380] Code: ff ff e8 84 aa d0 fd 66 45 89 7e 28 66 41 f7 c4 00
10 75 56 e8 72 aa d0 fd 66 41 f7 c4 00 c0 74 10 e8 65 aa d0 fd 48 8b 43
18 <c7> 40 14 ac ff ff ff e8 55 aa d0 fd 48 89 df e8 ad fb ff ff e9 77
[ 29.379714] RSP: 0018:ffffc90000118e98 EFLAGS: 00010046
[ 29.380098] RAX: 0000000000000000 RBX: ffff888107d77880
RCX: 0000000000000000
[ 29.380614] RDX: 0000000000000000 RSI: ffffffff835d20bb
RDI: 00000000ffffffff
[ 29.381134] RBP: ffffc90000118ed8 R08: 0000000000000001
R09: 0000000000000001
[ 29.381653] R10: 0000000000000000 R11: 0000000000000001
R12: 0000000000008600
[ 29.382176] R13: ffff888107d779c8 R14: ffffc90009c00200
R15: 0000000000008000
[ 29.382697] FS: 0000000000000000(0000) GS:ffff88817bc80000(0000)
knlGS:0000000000000000
[ 29.383277] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.383697] CR2: 0000000000000014 CR3: 0000000005a2e000
CR4: 00000000000006e0
[ 29.384223] DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
[ 29.384736] DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400
[ 29.385260] Kernel panic - not syncing: Fatal exception in interrupt
[ 29.385882] Dumping ftrace buffer:
[ 29.386135] (ftrace buffer empty)
[ 29.386401] Kernel Offset: disabled
[ 29.386656] Rebooting in 1 seconds..
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Link: https://lore.kernel.org/r/1622727200-15808-1-git-send-email-zheyuma97@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/via-sdmmc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mmc/host/via-sdmmc.c b/drivers/mmc/host/via-sdmmc.c
index 4f4c0813f9fd..350e67056fa6 100644
--- a/drivers/mmc/host/via-sdmmc.c
+++ b/drivers/mmc/host/via-sdmmc.c
@@ -857,6 +857,9 @@ static void via_sdc_data_isr(struct via_crdr_mmc_host *host, u16 intmask)
{
BUG_ON(intmask == 0);
+ if (!host->data)
+ return;
+
if (intmask & VIA_CRDR_SDSTS_DT)
host->data->error = -ETIMEDOUT;
else if (intmask & (VIA_CRDR_SDSTS_RC | VIA_CRDR_SDSTS_WC))
--
2.30.2
next prev parent reply other threads:[~2021-07-04 23:07 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-04 23:04 [PATCH AUTOSEL 5.12 01/80] spi: Make of_register_spi_device also set the fwnode Sasha Levin
2021-07-04 23:04 ` [PATCH AUTOSEL 5.12 02/80] Add a reference to ucounts for each cred Sasha Levin
2021-07-04 23:04 ` [PATCH AUTOSEL 5.12 03/80] staging: media: rkvdec: fix pm_runtime_get_sync() usage count Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 04/80] media: i2c: imx334: fix the pm runtime get logic Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 05/80] media: marvel-ccic: fix some issues when getting pm_runtime Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 06/80] media: mdk-mdp: fix pm_runtime_get_sync() usage count Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 07/80] media: s5p: " Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 08/80] media: am437x: " Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 09/80] media: sh_vou: " Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 10/80] media: mtk-vcodec: fix PM runtime get logic Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 11/80] media: s5p-jpeg: fix pm_runtime_get_sync() usage count Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 12/80] media: sunxi: " Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 13/80] media: sti/bdisp: " Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 14/80] media: exynos4-is: " Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 15/80] media: exynos-gsc: " Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 16/80] spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 17/80] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 18/80] spi: omap-100k: Fix the length judgment problem Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 19/80] regulator: uniphier: Add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 20/80] sched/core: Initialize the idle task with preemption disabled Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 21/80] hwrng: exynos - Fix runtime PM imbalance on error Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 22/80] crypto: nx - add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 23/80] regmap-i2c: Set regmap max raw r/w from quirks Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 24/80] media: sti: fix obj-$(config) targets Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 25/80] sched: Make the idle task quack like a per-CPU kthread Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 26/80] media: cpia2: fix memory leak in cpia2_usb_probe Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 27/80] media: cobalt: fix race condition in setting HPD Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 28/80] media: hevc: Fix dependent slice segment flags Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 29/80] media: pvrusb2: fix warning in pvr2_i2c_core_done Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 30/80] media: imx: imx7_mipi_csis: Fix logging of only error event counters Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 31/80] crypto: qat - check return code of qat_hal_rd_rel_reg() Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 32/80] crypto: qat - remove unused macro in FW loader Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 33/80] crypto: qce: skcipher: Fix incorrect sg count for dma transfers Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 34/80] arm64: perf: Convert snprintf to sysfs_emit Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 35/80] sched/fair: Fix ascii art by relpacing tabs Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 36/80] ima: Don't remove security.ima if file must not be appraised Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 37/80] media: i2c: ov2659: Use clk_{prepare_enable,disable_unprepare}() to set xvclk on/off Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 38/80] media: bt878: do not schedule tasklet when it is not setup Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 39/80] media: em28xx: Fix possible memory leak of em28xx struct Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 40/80] media: hantro: Fix .buf_prepare Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 41/80] media: cedrus: " Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 42/80] media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 43/80] media: bt8xx: Fix a missing check bug in bt878_probe Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 44/80] media: st-hva: Fix potential NULL pointer dereferences Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 45/80] crypto: hisilicon/sec - fixup 3des minimum key size declaration Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 46/80] Makefile: fix GDB warning with CONFIG_RELR Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 47/80] media: dvd_usb: memory leak in cinergyt2_fe_attach Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 48/80] memstick: rtsx_usb_ms: fix UAF Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 49/80] mmc: sdhci-sprd: use sdhci_sprd_writew Sasha Levin
2021-07-04 23:05 ` Sasha Levin [this message]
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 51/80] mmc: sdhci-of-aspeed: Turn down a phase correction warning Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 52/80] spi: meson-spicc: fix a wrong goto jump for avoiding memory leak Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 53/80] spi: meson-spicc: fix memory leak in meson_spicc_probe Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 54/80] regulator: mt6315: Fix checking return value of devm_regmap_init_spmi_ext Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 55/80] crypto: shash - avoid comparing pointers to exported functions under CFI Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 56/80] media: dvb_net: avoid speculation from net slot Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 57/80] media: dvbdev: fix error logic at dvb_register_device() Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 58/80] media: siano: fix device register error path Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 59/80] media: imx-csi: Skip first few frames from a BT.656 source Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 60/80] hwmon: (max31790) Report correct current pwm duty cycles Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 61/80] hwmon: (max31790) Fix pwmX_enable attributes Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 62/80] sched/fair: Take thermal pressure into account while estimating energy Sasha Levin
2021-07-05 8:13 ` Lukasz Luba
2021-07-05 10:12 ` Sasha Levin
2021-07-04 23:05 ` [PATCH AUTOSEL 5.12 63/80] drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe() Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 64/80] KVM: arm64: Restore PMU configuration on first run Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 65/80] KVM: PPC: Book3S HV: Fix TLB management on SMT8 POWER9 and POWER10 processors Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 66/80] btrfs: fix error handling in __btrfs_update_delayed_inode Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 67/80] btrfs: abort transaction if we fail to update the delayed inode Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 68/80] btrfs: always abort the transaction if we abort a trans handle Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 69/80] btrfs: sysfs: fix format string for some discard stats Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 70/80] btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 71/80] btrfs: make Private2 lifespan more consistent Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 72/80] btrfs: fix the filemap_range_has_page() call in btrfs_punch_hole_lock_range() Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 73/80] btrfs: don't clear page extent mapped if we're not invalidating the full page Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 74/80] btrfs: disable build on platforms having page size 256K Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 75/80] locking/lockdep: Fix the dep path printing for backwards BFS Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 76/80] lockding/lockdep: Avoid to find wrong lock dep path in check_irq_usage() Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 77/80] KVM: s390: get rid of register asm usage Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 78/80] regulator: mt6358: Fix vdram2 .vsel_mask Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 79/80] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel Sasha Levin
2021-07-04 23:06 ` [PATCH AUTOSEL 5.12 80/80] media: Fix Media Controller API config checks Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210704230616.1489200-50-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=ulf.hansson@linaro.org \
--cc=zheyuma97@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox