From patchwork Thu Aug 25 21:18:51 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathieu Poirier X-Patchwork-Id: 74744 Delivered-To: patch@linaro.org Received: by 10.140.29.52 with SMTP id a49csp1047555qga; Thu, 25 Aug 2016 14:21:38 -0700 (PDT) X-Received: by 10.66.123.105 with SMTP id lz9mr20579107pab.56.1472160096792; Thu, 25 Aug 2016 14:21:36 -0700 (PDT) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id i5si17332200pan.9.2016.08.25.14.21.36 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Aug 2016 14:21:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux)) id 1bd245-0006MN-3q; Thu, 25 Aug 2016 21:19:57 +0000 Received: from mail-it0-x22c.google.com ([2607:f8b0:4001:c0b::22c]) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1bd23t-0006JF-R1 for linux-arm-kernel@lists.infradead.org; Thu, 25 Aug 2016 21:19:46 +0000 Received: by mail-it0-x22c.google.com with SMTP id f6so112861708ith.0 for ; Thu, 25 Aug 2016 14:19:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=aqZuiSF2Fn7+Dr/M7EJPWCdcEtHj2frCt3KlZSZ7TGs=; b=Y4y+HLDH/044tQh1e3bvcSnbYIAJ5kIq6W+cH09p6UwbzzVCP1tCepFtqanuVpUp15 UxzkEUy2pfbvXQKbPUNbAm+n5Cehk8YA9orFC3t5R8fuFRm8USJZMF2PcUwK1L7sJhbc nvPdj8aUE38BcyL2iyU1TR0Bnvgu23TNtemI8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=aqZuiSF2Fn7+Dr/M7EJPWCdcEtHj2frCt3KlZSZ7TGs=; b=i7tQgGh0q3EsBhhKG3d3RqZVacRszx7dgH8+WbDpW6pf9Ytgs1HRNjKn/TtEui9DIe +Vr80PtDWUKANUa0xTRRdGNPInWEwGczxxLiKBV+QByUuRCBLCU8VtCeBYlmJ07eryJi aRKkSGzPvywX0CYw3/+01xq9W4yHXeDYLJvg9mhv4RxlmdRLoLll1VvYtbS5hvVuIdtr LdKpqR+dnbGXVyPaAjH04VLUekIWwtSflM3UbVzt+zKCJkXgxNWYwy5cM8cqB5BYPCxv xsrYOek+7BY7N5dfV0vUcyLXyqNGS9Sm5obvsm1w4qAbwCoIqf03tHV/mWAnKOPFCV1b OtQg== X-Gm-Message-State: AEkoouuSKneE53m+qnd1h2xKfGQdAEZjJhzTi0Y6i7yeHhVSlNz0iK3kaRTMZKjQYpNMkVSa X-Received: by 10.107.18.154 with SMTP id 26mr12331374ios.85.1472159964525; Thu, 25 Aug 2016 14:19:24 -0700 (PDT) Received: from t430.cg.shawcable.net (S0106002369de4dac.cg.shawcable.net. [68.147.8.254]) by smtp.gmail.com with ESMTPSA id o5sm14506120ith.20.2016.08.25.14.19.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 25 Aug 2016 14:19:21 -0700 (PDT) From: Mathieu Poirier To: gregkh@linuxfoundation.org Subject: [PATCH 01/28] coresight: access conn->child_name only if it's initialised Date: Thu, 25 Aug 2016 15:18:51 -0600 Message-Id: <1472159958-5981-2-git-send-email-mathieu.poirier@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1472159958-5981-1-git-send-email-mathieu.poirier@linaro.org> References: <1472159958-5981-1-git-send-email-mathieu.poirier@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160825_141945_991974_F2FD1661 X-CRM114-Status: GOOD ( 15.71 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2607:f8b0:4001:c0b:0:0:0:22c listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org From: Sudeep Holla If the addition of the coresight devices get deferred, then there's a window before child_name is populated by of_get_coresight_platform_data from the respective component driver's probe and the attempted to access the same from coresight_orphan_match resulting in kernel NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0x0 Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1038 Comm: kworker/0:1 Not tainted 4.7.0-rc3 #124 Hardware name: ARM Juno development board (r2) (DT) Workqueue: events amba_deferred_retry_func PC is at strcmp+0x1c/0x160 LR is at coresight_orphan_match+0x7c/0xd0 Call trace: strcmp+0x1c/0x160 bus_for_each_dev+0x60/0xa0 coresight_register+0x264/0x2e0 tmc_probe+0x130/0x310 amba_probe+0xd4/0x1c8 driver_probe_device+0x22c/0x418 __device_attach_driver+0xbc/0x158 bus_for_each_drv+0x58/0x98 __device_attach+0xc4/0x160 device_initial_probe+0x10/0x18 bus_probe_device+0x94/0xa0 device_add+0x344/0x580 amba_device_try_add+0x194/0x238 amba_deferred_retry_func+0x48/0xd0 process_one_work+0x118/0x378 worker_thread+0x48/0x498 kthread+0xd0/0xe8 ret_from_fork+0x10/0x40 This patch adds a check for non-NULL conn->child_name before accessing the same. Cc: Mathieu Poirier Signed-off-by: Sudeep Holla Signed-off-by: Mathieu Poirier --- drivers/hwtracing/coresight/coresight.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.7.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/drivers/hwtracing/coresight/coresight.c b/drivers/hwtracing/coresight/coresight.c index d08d1ab9bba5..ceeaaea41ed6 100644 --- a/drivers/hwtracing/coresight/coresight.c +++ b/drivers/hwtracing/coresight/coresight.c @@ -725,7 +725,8 @@ static int coresight_orphan_match(struct device *dev, void *data) /* We have found at least one orphan connection */ if (conn->child_dev == NULL) { /* Does it match this newly added device? */ - if (!strcmp(dev_name(&csdev->dev), conn->child_name)) { + if (conn->child_name && + !strcmp(dev_name(&csdev->dev), conn->child_name)) { conn->child_dev = csdev; } else { /* This component still has an orphan */