comedi: comedi_8255: Correct error in subdevice initialization

Message ID 20240211175822.1357-1-frej.drejhammar@gmail.com
State New
Headers
Series comedi: comedi_8255: Correct error in subdevice initialization |

Commit Message

Frej Drejhammar Feb. 11, 2024, 5:58 p.m. UTC
  The refactoring done in commit 5c57b1ccecc7 ("comedi: comedi_8255: Rework
subdevice initialization functions") to the initialization of the io
field of struct subdev_8255_private broke all cards using the
drivers/comedi/drivers/comedi_8255.c module.

Prior to 5c57b1ccecc7, __subdev_8255_init() initialized the io field
in the newly allocated struct subdev_8255_private to the non-NULL
callback given to the function, otherwise it used a flag parameter to
select between subdev_8255_mmio and subdev_8255_io. The refactoring
removed that logic and the flag, as subdev_8255_mm_init() and
subdev_8255_io_init() now explicitly pass subdev_8255_mmio and
subdev_8255_io respectively to __subdev_8255_init(), only
__subdev_8255_init() never sets spriv->io to the supplied
callback. That spriv->io is NULL leads to a later BUG:

BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0010 [#1] SMP PTI
CPU: 1 PID: 1210 Comm: systemd-udevd Not tainted 6.7.3-x86_64 #1
Hardware name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b
RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00
RBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000
R13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8
FS:  00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0
Call Trace:
 <TASK>
 ? __die_body+0x15/0x57
 ? page_fault_oops+0x2ef/0x33c
 ? insert_vmap_area.constprop.0+0xb6/0xd5
 ? alloc_vmap_area+0x529/0x5ee
 ? exc_page_fault+0x15a/0x489
 ? asm_exc_page_fault+0x22/0x30
 __subdev_8255_init+0x79/0x8d [comedi_8255]
 pci_8255_auto_attach+0x11a/0x139 [8255_pci]
 comedi_auto_config+0xac/0x117 [comedi]
 ? __pfx___driver_attach+0x10/0x10
 pci_device_probe+0x88/0xf9
 really_probe+0x101/0x248
 __driver_probe_device+0xbb/0xed
 driver_probe_device+0x1a/0x72
 __driver_attach+0xd4/0xed
 bus_for_each_dev+0x76/0xb8
 bus_add_driver+0xbe/0x1be
 driver_register+0x9a/0xd8
 comedi_pci_driver_register+0x28/0x48 [comedi_pci]
 ? __pfx_pci_8255_driver_init+0x10/0x10 [8255_pci]
 do_one_initcall+0x72/0x183
 do_init_module+0x5b/0x1e8
 init_module_from_file+0x86/0xac
 __do_sys_finit_module+0x151/0x218
 do_syscall_64+0x72/0xdb
 entry_SYSCALL_64_after_hwframe+0x6e/0x76
RIP: 0033:0x7f72f50a0cb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 47 71 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffd47e512d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000562dd06ae070 RCX: 00007f72f50a0cb9
RDX: 0000000000000000 RSI: 00007f72f52d32df RDI: 000000000000000e
RBP: 0000000000000000 R08: 00007f72f5168b20 R09: 0000000000000000
R10: 0000000000000050 R11: 0000000000000246 R12: 00007f72f52d32df
R13: 0000000000020000 R14: 0000562dd06785c0 R15: 0000562dcfd0e9a8
 </TASK>
Modules linked in: 8255_pci(+) comedi_8255 comedi_pci comedi intel_gtt e100(+) acpi_cpufreq rtc_cmos usbhid
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b
RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00
RBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000
R13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8
FS:  00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0

This patch simply corrects the above mistake by initializing spriv->io
to the given io callback.

Fixes: 5c57b1ccecc7 ("comedi: comedi_8255: Rework subdevice initialization functions")
Signed-off-by: Frej Drejhammar <frej.drejhammar@gmail.com>
Cc: <stable@vger.kernel.org>
---
 drivers/comedi/drivers/comedi_8255.c | 1 +
 1 file changed, 1 insertion(+)
  

Comments

Ian Abbott Feb. 12, 2024, 10:03 a.m. UTC | #1
On 11/02/2024 17:58, Frej Drejhammar wrote:
> The refactoring done in commit 5c57b1ccecc7 ("comedi: comedi_8255: Rework
> subdevice initialization functions") to the initialization of the io
> field of struct subdev_8255_private broke all cards using the
> drivers/comedi/drivers/comedi_8255.c module.
> 
> Prior to 5c57b1ccecc7, __subdev_8255_init() initialized the io field
> in the newly allocated struct subdev_8255_private to the non-NULL
> callback given to the function, otherwise it used a flag parameter to
> select between subdev_8255_mmio and subdev_8255_io. The refactoring
> removed that logic and the flag, as subdev_8255_mm_init() and
> subdev_8255_io_init() now explicitly pass subdev_8255_mmio and
> subdev_8255_io respectively to __subdev_8255_init(), only
> __subdev_8255_init() never sets spriv->io to the supplied
> callback. That spriv->io is NULL leads to a later BUG:
> 
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> PGD 0 P4D 0
> Oops: 0010 [#1] SMP PTI
> CPU: 1 PID: 1210 Comm: systemd-udevd Not tainted 6.7.3-x86_64 #1
> Hardware name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> RIP: 0010:0x0
> Code: Unable to access opcode bytes at 0xffffffffffffffd6.
> RSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202
> RAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b
> RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00
> RBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001
> R10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000
> R13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8
> FS:  00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0
> Call Trace:
>   <TASK>
>   ? __die_body+0x15/0x57
>   ? page_fault_oops+0x2ef/0x33c
>   ? insert_vmap_area.constprop.0+0xb6/0xd5
>   ? alloc_vmap_area+0x529/0x5ee
>   ? exc_page_fault+0x15a/0x489
>   ? asm_exc_page_fault+0x22/0x30
>   __subdev_8255_init+0x79/0x8d [comedi_8255]
>   pci_8255_auto_attach+0x11a/0x139 [8255_pci]
>   comedi_auto_config+0xac/0x117 [comedi]
>   ? __pfx___driver_attach+0x10/0x10
>   pci_device_probe+0x88/0xf9
>   really_probe+0x101/0x248
>   __driver_probe_device+0xbb/0xed
>   driver_probe_device+0x1a/0x72
>   __driver_attach+0xd4/0xed
>   bus_for_each_dev+0x76/0xb8
>   bus_add_driver+0xbe/0x1be
>   driver_register+0x9a/0xd8
>   comedi_pci_driver_register+0x28/0x48 [comedi_pci]
>   ? __pfx_pci_8255_driver_init+0x10/0x10 [8255_pci]
>   do_one_initcall+0x72/0x183
>   do_init_module+0x5b/0x1e8
>   init_module_from_file+0x86/0xac
>   __do_sys_finit_module+0x151/0x218
>   do_syscall_64+0x72/0xdb
>   entry_SYSCALL_64_after_hwframe+0x6e/0x76
> RIP: 0033:0x7f72f50a0cb9
> Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 47 71 0c 00 f7 d8 64 89 01 48
> RSP: 002b:00007ffd47e512d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> RAX: ffffffffffffffda RBX: 0000562dd06ae070 RCX: 00007f72f50a0cb9
> RDX: 0000000000000000 RSI: 00007f72f52d32df RDI: 000000000000000e
> RBP: 0000000000000000 R08: 00007f72f5168b20 R09: 0000000000000000
> R10: 0000000000000050 R11: 0000000000000246 R12: 00007f72f52d32df
> R13: 0000000000020000 R14: 0000562dd06785c0 R15: 0000562dcfd0e9a8
>   </TASK>
> Modules linked in: 8255_pci(+) comedi_8255 comedi_pci comedi intel_gtt e100(+) acpi_cpufreq rtc_cmos usbhid
> CR2: 0000000000000000
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:0x0
> Code: Unable to access opcode bytes at 0xffffffffffffffd6.
> RSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202
> RAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b
> RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00
> RBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001
> R10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000
> R13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8
> FS:  00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0
> 
> This patch simply corrects the above mistake by initializing spriv->io
> to the given io callback.
> 
> Fixes: 5c57b1ccecc7 ("comedi: comedi_8255: Rework subdevice initialization functions")
> Signed-off-by: Frej Drejhammar <frej.drejhammar@gmail.com>
> Cc: <stable@vger.kernel.org>
> ---
>   drivers/comedi/drivers/comedi_8255.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/comedi/drivers/comedi_8255.c b/drivers/comedi/drivers/comedi_8255.c
> index e4974b508328..a933ef53845a 100644
> --- a/drivers/comedi/drivers/comedi_8255.c
> +++ b/drivers/comedi/drivers/comedi_8255.c
> @@ -159,6 +159,7 @@ static int __subdev_8255_init(struct comedi_device *dev,
>   		return -ENOMEM;
>   
>   	spriv->context = context;
> +	spriv->io      = io;
>   
>   	s->type		= COMEDI_SUBD_DIO;
>   	s->subdev_flags	= SDF_READABLE | SDF_WRITABLE;

Thanks for the fix. I screwed up!

Acked-by: Ian Abbott <abbotti@mev.co.uk>
Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
  

Patch

diff --git a/drivers/comedi/drivers/comedi_8255.c b/drivers/comedi/drivers/comedi_8255.c
index e4974b508328..a933ef53845a 100644
--- a/drivers/comedi/drivers/comedi_8255.c
+++ b/drivers/comedi/drivers/comedi_8255.c
@@ -159,6 +159,7 @@  static int __subdev_8255_init(struct comedi_device *dev,
 		return -ENOMEM;
 
 	spriv->context = context;
+	spriv->io      = io;
 
 	s->type		= COMEDI_SUBD_DIO;
 	s->subdev_flags	= SDF_READABLE | SDF_WRITABLE;