Message ID | 20231219171903.3530985-2-hugo@hugovil.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-5669-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:24d3:b0:fb:cd0c:d3e with SMTP id r19csp2094855dyi; Tue, 19 Dec 2023 09:23:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IHmkRPFv6BowgdT3av99dOWB5PMMvzcm6z94pXFa8DBLRnThc2JmqycVr2pba3maQnLTQTY X-Received: by 2002:a17:906:5306:b0:a23:75e2:76b with SMTP id h6-20020a170906530600b00a2375e2076bmr700466ejo.118.1703006596681; Tue, 19 Dec 2023 09:23:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703006596; cv=none; d=google.com; s=arc-20160816; b=bWJJWmKK1IUu/6ojDSeKeit1SZwiTMCtBx7khJaoECXBWoAqMjfQATeJbwqq75hF4e czCZpnZbTVQknzJEmjmPc6Imgs5L5q/DXZftnolvX0XPvnS3UHzy23iuG3vW5bgK2Wb4 TmTTWEzhckYrjGa14umkEUPulWUlmlmaOIil3ckrAbayV9zzIMmSCk0wyGtfrYcttori 6ZuAl5h1boOxoMUDlgs1vaW1C19cij6rE7iu6xNBgVc025uPty8CE+NxqSOgHe3X9zQg TiI2OkIFjx9tW87IsTMhwgCZeYprr1sxKJQAL6KJQNKBRjeQMblgSPFM7copUp0KQMvD vEpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:cc:to:from:dkim-signature; bh=dhOqiUDo6hWsxc+Eqa46nTmCA1Ktb3a/vQZ2WSiGGX4=; fh=ZhVoJUXUplWtbBNTeiJkgl42QzUYK2Vp2MLuE9KlSEQ=; b=DmfX1d09/QctdxOHEdaSFzshCk9yqFHOdHIFn/tkpfE7SQIGu2/3X4KWg0xmx65vGC fY49OYyg6+XgclpFQbMI/yi/UgnLAJJfFH39B9IK4kI1sfmCq30dlj1WUtcN/qYuOgUH /Uk/Kle8ZqUIrIZq4p6GhTE+6kxwiy3Vy3KsrVaLap+SkzxzI1dgzxcz43hceBDCKV0C 5ste+scudNybPk7KU6+XdQDEgX/BvQ1d1LkKpOWX4eA62ynVJ7YslNYmstAtCv40/sed gVgeJHcFvExNu3utGPP7jOfa2ITtwKKhQDRP6BRFvLC6Mk4qo26LLpLYlZ5zTLq6OnmF N6Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hugovil.com header.s=x header.b=M23ZXpdK; spf=pass (google.com: domain of linux-kernel+bounces-5669-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-5669-ouuuleilei=gmail.com@vger.kernel.org" Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id lf17-20020a170906ae5100b00a236475a606si1376714ejb.441.2023.12.19.09.23.16 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Dec 2023 09:23:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-5669-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@hugovil.com header.s=x header.b=M23ZXpdK; spf=pass (google.com: domain of linux-kernel+bounces-5669-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-5669-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 32F8A1F23371 for <ouuuleilei@gmail.com>; Tue, 19 Dec 2023 17:22:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C1CC73BB36; Tue, 19 Dec 2023 17:19:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=hugovil.com header.i=@hugovil.com header.b="M23ZXpdK" X-Original-To: linux-kernel@vger.kernel.org Received: from mail.hugovil.com (mail.hugovil.com [162.243.120.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A5B63714B; Tue, 19 Dec 2023 17:19:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hugovil.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hugovil.com DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=hugovil.com ; s=x; h=Subject:Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Cc:To :From:subject:date:message-id:reply-to; bh=dhOqiUDo6hWsxc+Eqa46nTmCA1Ktb3a/vQZ2WSiGGX4=; b=M23ZXpdKMsedpAYQeE1rlM1NqN eNC/VKIIK9P391JSVFHBlDFSDlvRY8Iyaw/hiGb2GJT8n6ROJIyv15xlet510U4EKkq/hKvLuIpx7 0yzhvZ4aLmxNQ5YoprkkXtMfX/j7LNJN8Kf1Bwl9C4+jWRrS/un1Wfen9CbIqyF6MMWk=; Received: from modemcable168.174-80-70.mc.videotron.ca ([70.80.174.168]:40128 helo=pettiford.lan) by mail.hugovil.com with esmtpa (Exim 4.92) (envelope-from <hugo@hugovil.com>) id 1rFdkJ-0007Ao-AQ; Tue, 19 Dec 2023 12:19:07 -0500 From: Hugo Villeneuve <hugo@hugovil.com> To: gregkh@linuxfoundation.org, jirislaby@kernel.org, jringle@gridpoint.com, kubakici@wp.pl, phil@raspberrypi.org, bo.svangard@embeddedart.se Cc: linux-kernel@vger.kernel.org, linux-serial@vger.kernel.org, hugo@hugovil.com, Hugo Villeneuve <hvilleneuve@dimonoff.com>, stable@vger.kernel.org Date: Tue, 19 Dec 2023 12:18:45 -0500 Message-Id: <20231219171903.3530985-2-hugo@hugovil.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231219171903.3530985-1-hugo@hugovil.com> References: <20231219171903.3530985-1-hugo@hugovil.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 70.80.174.168 X-SA-Exim-Mail-From: hugo@hugovil.com X-Spam-Level: X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * -0.0 T_SCC_BODY_TEXT_LINE No description available. Subject: [PATCH 01/18] serial: sc16is7xx: fix segfault when removing driver X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.hugovil.com) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785731845506120174 X-GMAIL-MSGID: 1785731845506120174 |
Series |
serial: sc16is7xx: fixes, cleanups and improvements
|
|
Commit Message
Hugo Villeneuve
Dec. 19, 2023, 5:18 p.m. UTC
From: Hugo Villeneuve <hvilleneuve@dimonoff.com> If a problem with a device occurs during probing, and we subsequently try to remove the driver, we get the following error: $ rmmod sc16is7xx [ 62.783166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 [ 62.994226] Call trace: [ 62.996672] serial_core_unregister_port+0x58/0x2b0 [ 63.001558] serial_ctrl_unregister_port+0x18/0x30 [ 63.006354] uart_remove_one_port+0x18/0x30 [ 63.010542] sc16is7xx_spi_remove+0xc0/0x190 [sc16is7xx] Segmentation fault Tested on a custom board with two SC16IS742 ICs, and by simulating a fault when probing channel (port) B of the second device. The reason is that uart_remove_one_port() has already been called during probe in the out_ports: error path, and is called again in sc16is7xx_remove(). Fix the problem by clearing the device drvdata in probe error path to indicate that all resources have been deallocated. And only deallocate resources in sc16is7xx_remove() if device drvdata is non-null. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable@vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve@dimonoff.com> --- drivers/tty/serial/sc16is7xx.c | 5 +++++ 1 file changed, 5 insertions(+)
Comments
On Tue, Dec 19, 2023 at 12:18:45PM -0500, Hugo Villeneuve wrote: > From: Hugo Villeneuve <hvilleneuve@dimonoff.com> > > If a problem with a device occurs during probing, and we subsequently > try to remove the driver, we get the following error: > > $ rmmod sc16is7xx > [ 62.783166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 > [ 62.994226] Call trace: > [ 62.996672] serial_core_unregister_port+0x58/0x2b0 > [ 63.001558] serial_ctrl_unregister_port+0x18/0x30 > [ 63.006354] uart_remove_one_port+0x18/0x30 > [ 63.010542] sc16is7xx_spi_remove+0xc0/0x190 [sc16is7xx] > Segmentation fault > > Tested on a custom board with two SC16IS742 ICs, and by simulating a fault > when probing channel (port) B of the second device. > > The reason is that uart_remove_one_port() has already been called during > probe in the out_ports: error path, and is called again in > sc16is7xx_remove(). > > Fix the problem by clearing the device drvdata in probe error path to > indicate that all resources have been deallocated. And only deallocate > resources in sc16is7xx_remove() if device drvdata is non-null. ... > + dev_set_drvdata(dev, NULL); I believe this is wrong approach to fix the issue as this one is prone to be cleaned up in the future as we don't do this call explicitly for the past ~15 years.
On Wed, Dec 20, 2023 at 05:34:29PM +0200, Andy Shevchenko wrote: > On Tue, Dec 19, 2023 at 12:18:45PM -0500, Hugo Villeneuve wrote: > > From: Hugo Villeneuve <hvilleneuve@dimonoff.com> ... > > + dev_set_drvdata(dev, NULL); > > I believe this is wrong approach to fix the issue as this one is prone > to be cleaned up in the future as we don't do this call explicitly for > the past ~15 years. On top of that the ->remove() is not the only uart_remove_one_port() call. It has a lot of other stuff to go with. It seems that ->remove() doesn't check the bit in &sc16is7xx_lines, that might be the proper fix for the issue you have.
diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index e40e4a99277e..b585663c1e6e 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -1663,6 +1663,8 @@ static int sc16is7xx_probe(struct device *dev, out_clk: clk_disable_unprepare(s->clk); + dev_set_drvdata(dev, NULL); + return ret; } @@ -1671,6 +1673,9 @@ static void sc16is7xx_remove(struct device *dev) struct sc16is7xx_port *s = dev_get_drvdata(dev); int i; + if (!s) + return; + #ifdef CONFIG_GPIOLIB if (s->gpio_valid_mask) gpiochip_remove(&s->gpio);