Message ID | 20230629134306.95823-1-jonas.gorski@gmail.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp9653117vqr; Thu, 29 Jun 2023 06:54:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5lhZ4ygstLilhSMU7JBZH0pyf6+UCcpXorauOJYyv+uRy2AjAuvG4uukxo/9RkYLpoA30C X-Received: by 2002:a05:6a20:3d1d:b0:12b:bc21:65b9 with SMTP id y29-20020a056a203d1d00b0012bbc2165b9mr9603487pzi.0.1688046842765; Thu, 29 Jun 2023 06:54:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688046842; cv=none; d=google.com; s=arc-20160816; b=Uxjbwnty+J+Zac7+erS0E3aVo/N7ZegZVYqSwdxKq3479BypSrEZxuTc16yjA71qAL gZoJqrBrttfept6mQuKMoWzIzqcq5NgkMcPTW/1SkxPvULiMQ36voGm5DUw9+w9coHxz e0kIWC5Z3G26PrXbcVbBIokbDc4Mv+39t0P5VVve4GeA8UUoNINPp/omoERyEBXcX2k7 4VpSSa9R/edrYO4XnbSrjiJWawXJ8+An1nIfTfnlC5HcforGELYxKc1SX26da5miZMfs dgtlO3m0Fjime+Of/Z4gN7g8Q8NYe5cn55GyLpR+PismaVMHCAH2EARnAVfIAmExI/Or eimw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=XudmxwalV4AlT0qJLqOHnMWwuiigipmsi3w0OPbf44c=; fh=9k1QJh4J5/6PyZgZGybL4axXkUSHEkIm6LaZ6Ykoku8=; b=qQrih5v0Ok9TAFWY8tXKGMuRO2x7pxNpAFjBOiJL+59WdpBU1MCOzBNRlsI0tPAv+n Ofnkva/6McUFgoffLP1XfjHEfiHTe+a7AeoTBcCrGgYIpF06xVuiyMKipnJyDb1kVoN7 NqfAC55GD35og9Y66OX4V4ewhldnpyiscnWgsBGD342jKX2DkEszehWEYZWpUmgp9ADv Y8i6ETU7BxCdP5na8u4SmNXNAqbf3iShdcYhUSdIKeU2BhfowC+UE8jiJ7M0YFR4Uodr Lh+yVW5fihCLkt1HDII2qR/z58H06SGH4YC0r8hIUf38HLhRQL3dRsNA31mC8yGIyJPU yTaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=Zhs3fgvt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eg20-20020a056a00801400b006765f19e479si7952738pfb.132.2023.06.29.06.53.46; Thu, 29 Jun 2023 06:54:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=Zhs3fgvt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230198AbjF2Nnq (ORCPT <rfc822;ivan.orlov0322@gmail.com> + 99 others); Thu, 29 Jun 2023 09:43:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47324 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232037AbjF2Nnn (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 29 Jun 2023 09:43:43 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B0B52681; Thu, 29 Jun 2023 06:43:42 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-992ac92aed9so86202166b.3; Thu, 29 Jun 2023 06:43:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688046220; x=1690638220; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=XudmxwalV4AlT0qJLqOHnMWwuiigipmsi3w0OPbf44c=; b=Zhs3fgvt1G+iCtnPEYMZxQ2g9jPDRO3yYUKeQozSK4MYqD1FqZAD+nuCS5ym+L+RaI duD2pbR+p9OqO0RZ7ZxLtZYd6CPenExqZnZYiuu56oq1o2LLnAquDIlc2cJMFiQP2ybs e7RWYdvhlftVKPRbfklEKIRL1lBIwKpmck78AUGng5zriDs5STsE7UNui+ZJMhj01hoG BeFERNcE7f2efp4qQvMMo47Kx1g24QC34yHyusdKDyl4Xof34yUtH1dcdkwRppvLj8D+ XOOgzJLMT4jJRHtEgeefKdHlhIV6RKaU+vGqmuDVmZSvzVCmLtcIVobTYui7jBy//qQW Ytyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688046220; x=1690638220; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XudmxwalV4AlT0qJLqOHnMWwuiigipmsi3w0OPbf44c=; b=YlKGm8Jsja0vBzuBONJnNVpSlw+5kEPHpBsT8Jjrqx6EwIYddrUzCjiCIVLbDeJqWk m+KtlCJsFYu2+DY3RtGaFQ1RDtEjxchDQQzkthPPYQ4GL6uxyXihJ0ipZ2JGQJHb1hWG jC0pxgtlVq0heak9N2cXSn5k0vXnVbPe4PZoCXpgDUqlT4AzQxQt7gNfVQFZNHZ0RH9E ioSBi0VoShbSVy9xe6hHbdi9gLEF0majSpxs1O01HMeeQWBOZbb1ISPpyNpbzVAikUv7 brvLV9bZ/pVS0IT7WVroakOjC5RYWEq24gwWjTctMtUx8Ai7CfJXaddo04Q+QevDE8u7 pt5w== X-Gm-Message-State: AC+VfDxoIjdxlFQYASKOsrR3srPPhTDq0DwBjdvx1Va4R+hwnunFoJzA vmLeO2TX8fuW7rKSsXr+dDs= X-Received: by 2002:a17:907:3f18:b0:975:942e:81d5 with SMTP id hq24-20020a1709073f1800b00975942e81d5mr39118977ejc.1.1688046220384; Thu, 29 Jun 2023 06:43:40 -0700 (PDT) Received: from localhost (dslb-094-220-187-252.094.220.pools.vodafone-ip.de. [94.220.187.252]) by smtp.gmail.com with ESMTPSA id bm6-20020a170906c04600b00988ae874fc3sm6894818ejb.40.2023.06.29.06.43.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Jun 2023 06:43:39 -0700 (PDT) From: Jonas Gorski <jonas.gorski@gmail.com> To: Kamal Dasu <kdasu.kdev@gmail.com>, Broadcom internal kernel review list <bcm-kernel-feedback-list@broadcom.com>, Mark Brown <broonie@kernel.org> Cc: linux-spi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Date: Thu, 29 Jun 2023 15:43:05 +0200 Message-Id: <20230629134306.95823-1-jonas.gorski@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770045405994594325?= X-GMAIL-MSGID: =?utf-8?q?1770045405994594325?= |
Series |
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
|
|
Commit Message
Jonas Gorski
June 29, 2023, 1:43 p.m. UTC
If neither a "hif_mspi" nor "mspi" resource is present, the driver will
just early exit in probe but still return success. Apart from not doing
anything meaningful, this would then also lead to a null pointer access
on removal, as platform_get_drvdata() would return NULL, which it would
then try to dereferce when trying to unregister the spi master.
Fix this by unconditionally calling devm_ioremap_resource(), as it can
handle a NULL res and will then return a viable ERR_PTR() if we get one.
The "return 0;" was previously a "goto qspi_resource_err;" where then
ret was returned, but since ret was still initialized to 0 at this place
this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix
use-after-free on unbind"). The issue was not introduced by this commit,
only made more obvious.
Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
---
Found by looking a the driver while comparing it to its bindings.
Only build tested, not runtested.
drivers/spi/spi-bcm-qspi.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
Comments
On Thu, Jun 29, 2023 at 9:43 AM Jonas Gorski <jonas.gorski@gmail.com> wrote: > > If neither a "hif_mspi" nor "mspi" resource is present, the driver will > just early exit in probe but still return success. Apart from not doing > anything meaningful, this would then also lead to a null pointer access > on removal, as platform_get_drvdata() would return NULL, which it would > then try to dereferce when trying to unregister the spi master. > > Fix this by unconditionally calling devm_ioremap_resource(), as it can > handle a NULL res and will then return a viable ERR_PTR() if we get one. > > The "return 0;" was previously a "goto qspi_resource_err;" where then > ret was returned, but since ret was still initialized to 0 at this place > this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix > use-after-free on unbind"). The issue was not introduced by this commit, > only made more obvious. > > Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver") > Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> > --- > Found by looking a the driver while comparing it to its bindings. > > Only build tested, not runtested. > > drivers/spi/spi-bcm-qspi.c | 10 +++------- > 1 file changed, 3 insertions(+), 7 deletions(-) > > diff --git a/drivers/spi/spi-bcm-qspi.c b/drivers/spi/spi-bcm-qspi.c > index 6b46a3b67c41..d91dfbe47aa5 100644 > --- a/drivers/spi/spi-bcm-qspi.c > +++ b/drivers/spi/spi-bcm-qspi.c > @@ -1543,13 +1543,9 @@ int bcm_qspi_probe(struct platform_device *pdev, > res = platform_get_resource_byname(pdev, IORESOURCE_MEM, > "mspi"); > > - if (res) { > - qspi->base[MSPI] = devm_ioremap_resource(dev, res); > - if (IS_ERR(qspi->base[MSPI])) > - return PTR_ERR(qspi->base[MSPI]); > - } else { > - return 0; > - } I would rather just do this in the else case } else { - return 0; + return -ENODEV; } The change below does not check the return of platform_get_resource_byname() in my opinion rather relies on devm_ioremap_resource() doing the right thing. > + qspi->base[MSPI] = devm_ioremap_resource(dev, res); > + if (IS_ERR(qspi->base[MSPI])) > + return PTR_ERR(qspi->base[MSPI]); > > res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "bspi"); > if (res) { > -- > 2.34.1 >
On Thu, 29 Jun 2023 at 17:07, Kamal Dasu <kamal.dasu@broadcom.com> wrote: > > On Thu, Jun 29, 2023 at 9:43 AM Jonas Gorski <jonas.gorski@gmail.com> wrote: > > > > If neither a "hif_mspi" nor "mspi" resource is present, the driver will > > just early exit in probe but still return success. Apart from not doing > > anything meaningful, this would then also lead to a null pointer access > > on removal, as platform_get_drvdata() would return NULL, which it would > > then try to dereferce when trying to unregister the spi master. > > > > Fix this by unconditionally calling devm_ioremap_resource(), as it can > > handle a NULL res and will then return a viable ERR_PTR() if we get one. > > > > The "return 0;" was previously a "goto qspi_resource_err;" where then > > ret was returned, but since ret was still initialized to 0 at this place > > this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix > > use-after-free on unbind"). The issue was not introduced by this commit, > > only made more obvious. > > > > Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver") > > Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> > > --- > > Found by looking a the driver while comparing it to its bindings. > > > > Only build tested, not runtested. > > > > drivers/spi/spi-bcm-qspi.c | 10 +++------- > > 1 file changed, 3 insertions(+), 7 deletions(-) > > > > diff --git a/drivers/spi/spi-bcm-qspi.c b/drivers/spi/spi-bcm-qspi.c > > index 6b46a3b67c41..d91dfbe47aa5 100644 > > --- a/drivers/spi/spi-bcm-qspi.c > > +++ b/drivers/spi/spi-bcm-qspi.c > > @@ -1543,13 +1543,9 @@ int bcm_qspi_probe(struct platform_device *pdev, > > res = platform_get_resource_byname(pdev, IORESOURCE_MEM, > > "mspi"); > > > > - if (res) { > > - qspi->base[MSPI] = devm_ioremap_resource(dev, res); > > - if (IS_ERR(qspi->base[MSPI])) > > - return PTR_ERR(qspi->base[MSPI]); > > - } else { > > - return 0; > > - } > > I would rather just do this in the else case > > } else { > - return 0; > + return -ENODEV; > } > > The change below does not check the return of > platform_get_resource_byname() in my opinion rather relies on > devm_ioremap_resource() doing the right thing. This is how devm_ioremap_resource() is intended to be used, see e.g. the example in its kernel documentation: https://elixir.bootlin.com/linux/latest/source/lib/devres.c#L167 So I don't see what's wrong with relying on functions doing the right thing. Also AFAIU the appropriate return code in this case would be rather -EINVAL, not -ENODEV. > > > + qspi->base[MSPI] = devm_ioremap_resource(dev, res); > > + if (IS_ERR(qspi->base[MSPI])) > > + return PTR_ERR(qspi->base[MSPI]); > > > > res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "bspi"); > > if (res) { > > -- > > 2.34.1 > > Regards, Jonas
On Thu, Jun 29, 2023 at 11:38 AM Jonas Gorski <jonas.gorski@gmail.com> wrote: > > On Thu, 29 Jun 2023 at 17:07, Kamal Dasu <kamal.dasu@broadcom.com> wrote: > > > > On Thu, Jun 29, 2023 at 9:43 AM Jonas Gorski <jonas.gorski@gmail.com> wrote: > > > > > > If neither a "hif_mspi" nor "mspi" resource is present, the driver will > > > just early exit in probe but still return success. Apart from not doing > > > anything meaningful, this would then also lead to a null pointer access > > > on removal, as platform_get_drvdata() would return NULL, which it would > > > then try to dereferce when trying to unregister the spi master. s/dereferce/ dereference > > > > > > Fix this by unconditionally calling devm_ioremap_resource(), as it can > > > handle a NULL res and will then return a viable ERR_PTR() if we get one. > > > > > > The "return 0;" was previously a "goto qspi_resource_err;" where then > > > ret was returned, but since ret was still initialized to 0 at this place > > > this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix > > > use-after-free on unbind"). The issue was not introduced by this commit, > > > only made more obvious. > > > > > > Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver") > > > Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> > > > --- Reviewed-by: Kamal Dasu <kamal.dasu@broadcom.com> > > > Found by looking a the driver while comparing it to its bindings. > > > > > > Only build tested, not runtested. > > > > > > drivers/spi/spi-bcm-qspi.c | 10 +++------- > > > 1 file changed, 3 insertions(+), 7 deletions(-) > > > > > > diff --git a/drivers/spi/spi-bcm-qspi.c b/drivers/spi/spi-bcm-qspi.c > > > index 6b46a3b67c41..d91dfbe47aa5 100644 > > > --- a/drivers/spi/spi-bcm-qspi.c > > > +++ b/drivers/spi/spi-bcm-qspi.c > > > @@ -1543,13 +1543,9 @@ int bcm_qspi_probe(struct platform_device *pdev, > > > res = platform_get_resource_byname(pdev, IORESOURCE_MEM, > > > "mspi"); > > > > > > - if (res) { > > > - qspi->base[MSPI] = devm_ioremap_resource(dev, res); > > > - if (IS_ERR(qspi->base[MSPI])) > > > - return PTR_ERR(qspi->base[MSPI]); > > > - } else { > > > - return 0; > > > - } > > > > I would rather just do this in the else case > > > > } else { > > - return 0; > > + return -ENODEV; > > } > > > > The change below does not check the return of > > platform_get_resource_byname() in my opinion rather relies on > > devm_ioremap_resource() doing the right thing. > > This is how devm_ioremap_resource() is intended to be used, see e.g. > the example in its kernel documentation: > > https://elixir.bootlin.com/linux/latest/source/lib/devres.c#L167 > > So I don't see what's wrong with relying on functions doing the right thing. > > Also AFAIU the appropriate return code in this case would be rather > -EINVAL, not -ENODEV. > > > > > > + qspi->base[MSPI] = devm_ioremap_resource(dev, res); > > > + if (IS_ERR(qspi->base[MSPI])) > > > + return PTR_ERR(qspi->base[MSPI]); > > > > > > res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "bspi"); > > > if (res) { > > > -- > > > 2.34.1 > > > > > Regards, > Jonas
On Thu, 29 Jun 2023 15:43:05 +0200, Jonas Gorski wrote: > If neither a "hif_mspi" nor "mspi" resource is present, the driver will > just early exit in probe but still return success. Apart from not doing > anything meaningful, this would then also lead to a null pointer access > on removal, as platform_get_drvdata() would return NULL, which it would > then try to dereferce when trying to unregister the spi master. > > Fix this by unconditionally calling devm_ioremap_resource(), as it can > handle a NULL res and will then return a viable ERR_PTR() if we get one. > > [...] Applied to https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git for-next Thanks! [1/1] spi: bcm-qspi: return error if neither hif_mspi nor mspi is available commit: 7c1f23ad34fcdace50275a6aa1e1969b41c6233f All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark
diff --git a/drivers/spi/spi-bcm-qspi.c b/drivers/spi/spi-bcm-qspi.c index 6b46a3b67c41..d91dfbe47aa5 100644 --- a/drivers/spi/spi-bcm-qspi.c +++ b/drivers/spi/spi-bcm-qspi.c @@ -1543,13 +1543,9 @@ int bcm_qspi_probe(struct platform_device *pdev, res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "mspi"); - if (res) { - qspi->base[MSPI] = devm_ioremap_resource(dev, res); - if (IS_ERR(qspi->base[MSPI])) - return PTR_ERR(qspi->base[MSPI]); - } else { - return 0; - } + qspi->base[MSPI] = devm_ioremap_resource(dev, res); + if (IS_ERR(qspi->base[MSPI])) + return PTR_ERR(qspi->base[MSPI]); res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "bspi"); if (res) {