From patchwork Mon Dec  2 15:37:28 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Koch <stefan-koch@siemens.com>
X-Patchwork-Id: 11269323
Return-Path: <SRS0=fkfK=ZY=lists.cip-project.org=cip-dev-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 481C71593
	for <patchwork-cip-dev@patchwork.kernel.org>;
 Mon,  2 Dec 2019 15:56:03 +0000 (UTC)
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 1F4EB20717
	for <patchwork-cip-dev@patchwork.kernel.org>;
 Mon,  2 Dec 2019 15:56:03 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1F4EB20717
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=siemens.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=cip-dev-bounces@lists.cip-project.org
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id E6ADC20780;
	Mon,  2 Dec 2019 15:56:02 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id TLQ1ljD8x3Jo; Mon,  2 Dec 2019 15:56:02 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by silver.osuosl.org (Postfix) with ESMTP id 35FAC204BC;
	Mon,  2 Dec 2019 15:56:02 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 1A6BBC087F;
	Mon,  2 Dec 2019 15:56:02 +0000 (UTC)
X-Original-To: cip-dev@lists.cip-project.org
Delivered-To: cip-dev@lists.linuxfoundation.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id ABB64C087F
 for <cip-dev@lists.cip-project.org>; Mon,  2 Dec 2019 15:56:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by silver.osuosl.org (Postfix) with ESMTP id A72D620780
 for <cip-dev@lists.cip-project.org>; Mon,  2 Dec 2019 15:56:00 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id HjuJ+RkbQtCW for <cip-dev@lists.cip-project.org>;
 Mon,  2 Dec 2019 15:55:59 +0000 (UTC)
X-Greylist: delayed 00:18:20 by SQLgrey-1.7.6
Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2])
 by silver.osuosl.org (Postfix) with ESMTPS id AB85D204BC
 for <cip-dev@lists.cip-project.org>; Mon,  2 Dec 2019 15:55:58 +0000 (UTC)
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
 by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id xB2FbU61032536
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Mon, 2 Dec 2019 16:37:31 +0100
Received: from DEFTHW99ER2MSX.ww902.siemens.net
 (defthw99er2msx.ww902.siemens.net [139.22.70.75])
 by mail1.sbs.de (8.15.2/8.15.2) with ESMTPS id xB2FbTeS026050
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Mon, 2 Dec 2019 16:37:29 +0100
Received: from DENBGAT9ER5MSX.ww902.siemens.net (139.22.70.80) by
 DEFTHW99ER2MSX.ww902.siemens.net (139.22.70.75) with Microsoft SMTP Server
 (TLS) id 14.3.468.0; Mon, 2 Dec 2019 16:37:29 +0100
Received: from DENBGAT9EL1MSX.ww902.siemens.net ([169.254.8.31]) by
 DENBGAT9ER5MSX.ww902.siemens.net ([139.22.70.80]) with mapi id
 14.03.0468.000; Mon, 2 Dec 2019 16:37:28 +0100
From: "Koch, Stefan" <stefan-koch@siemens.com>
To: "cip-dev@lists.cip-project.org" <cip-dev@lists.cip-project.org>
Thread-Topic: [PATCH 4.4.y-cip] gpiolib: Fix invalid access of nullptr
Thread-Index: AQHVqSZndmcm6tTyH0SbLPJlmclcGg==
Date: Mon, 2 Dec 2019 15:37:28 +0000
Message-ID: <14717888-518c-3643-b98e-4a052c14c102@siemens.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [139.22.70.29]
MIME-Version: 1.0
Subject: [cip-dev] [PATCH 4.4.y-cip] gpiolib: Fix invalid access of nullptr
X-BeenThere: cip-dev@lists.cip-project.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <cip-dev.lists.cip-project.org>
List-Unsubscribe: <https://lists.cip-project.org/mailman/options/cip-dev>,
 <mailto:cip-dev-request@lists.cip-project.org?subject=unsubscribe>
List-Archive: <http://lists.cip-project.org/pipermail/cip-dev/>
List-Post: <mailto:cip-dev@lists.cip-project.org>
List-Help: <mailto:cip-dev-request@lists.cip-project.org?subject=help>
List-Subscribe: <https://lists.cip-project.org/mailman/listinfo/cip-dev>,
 <mailto:cip-dev-request@lists.cip-project.org?subject=subscribe>
Errors-To: cip-dev-bounces@lists.cip-project.org
Sender: "cip-dev" <cip-dev-bounces@lists.cip-project.org>

Hi

There is a NULL pointer exception issue within the gpiolib of the CIP 
4.4 kernel.
The CIP kernel output and a patch that fix the invalid null pointer 
access are attached.

The vanilla 4.4 kernel is not affected by this bug, because this 
regression affects only CIP 4.4.176-cip32 or newer kernels that contain 
back ported code for the gpiolib. The upstream vanilla kernel contains 
similar code beginning with version 4.17.

The following commits introduce the new functionality for the CIP 
4.4.176-cip32 kernel:
gpiolib: Avoid calling chip->request() for unused gpios, 
ed4f40244354af7b19b3bae5c56cce2620877b7c
gpiolib: Support 'gpio-reserved-ranges' property, 
baff4777cdb80256cd24dede2a3d0af761356307
gpiolib: Extract mask allocation into subroutine, 
171aad2d8519db9940d84e337da96aac8b1eb36c

Thank you.

From 876e624bab1f8be84221f9bdb6a69a42d47ff085 Mon Sep 17 00:00:00 2001
From: Stefan Koch <stefan-koch@siemens.com>
Date: Mon, 2 Dec 2019 15:00:58 +0100
Subject: [PATCH] gpiolib: Fix invalid access of nullptr

This patch fixes a kernel panic exception because of invalid nullptr access.
The error was caused by backporting of new gpiolib functionality from kernel 4.17.

The upstream vanilla kernel 4.4 is not affected by this issue.

Signed-off-by: Stefan Koch <stefan-koch@siemens.com>
---
 drivers/gpio/gpiolib-of.c |  6 +++++-
 drivers/gpio/gpiolib.c    | 12 +++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c
index ec642bf1d976..eb8b595f9b9b 100644
--- a/drivers/gpio/gpiolib-of.c
+++ b/drivers/gpio/gpiolib-of.c
@@ -338,8 +338,12 @@ static void of_gpiochip_init_valid_mask(struct gpio_chip *chip)
 {
 	int len, i;
 	u32 start, count;
-	struct device_node *np = chip->dev->of_node;
+	struct device_node *np;
+
+	if (!chip->dev)
+		return;
 
+	np = chip->dev->of_node;
 	len = of_property_count_u32_elems(np,  "gpio-reserved-ranges");
 	if (len < 0 || len % 2 != 0)
 		return;
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index d72218fcaeeb..c3ec4372c439 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -295,12 +295,14 @@ static unsigned long *gpiochip_allocate_mask(struct gpio_chip *chip)
 static int gpiochip_init_valid_mask(struct gpio_chip *gpiochip)
 {
 #ifdef CONFIG_OF_GPIO
-	int size;
-	struct device_node *np = gpiochip->dev->of_node;
+	if (gpiochip->dev) {
+		int size;
+		struct device_node *np = gpiochip->dev->of_node;
 
-	size = of_property_count_u32_elems(np,  "gpio-reserved-ranges");
-	if (size > 0 && size % 2 == 0)
-		gpiochip->need_valid_mask = true;
+		size = of_property_count_u32_elems(np,  "gpio-reserved-ranges");
+		if (size > 0 && size % 2 == 0)
+			gpiochip->need_valid_mask = true;
+	}
 #endif
 
 	if (!gpiochip->need_valid_mask)
-- 
2.20.1