Message ID | 20240302-linux-next-24-03-01-simple-clock-fixes-v1-0-25f348a5982b@linaro.org (mailing list archive) |
---|---|
Headers | show |
Series | clk: Fix a core error path and missing qcom camcc-x1e80100 enum | expand |
On Sat, 02 Mar 2024 00:52:13 +0000, Bryan O'Donoghue wrote: > Using x1e80100-camcc on a recent kernel I discovered the following NULL > pointer dereference. > > [ 1.347567] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 > [ 1.347569] Mem abort info: > [ 1.347569] ESR = 0x0000000096000004 > [ 1.347570] EC = 0x25: DABT (current EL), IL = 32 bits > [ 1.347572] SET = 0, FnV = 0 > [ 1.347572] EA = 0, S1PTW = 0 > [ 1.347573] FSC = 0x04: level 0 translation fault > [ 1.347574] Data abort info: > [ 1.347575] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 > [ 1.347576] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 > [ 1.347576] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 > [ 1.347577] [0000000000000000] user address but active_mm is swapper > [ 1.347579] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP > [ 1.347580] Modules linked in: > [ 1.347583] CPU: 1 PID: 80 Comm: kworker/u49:1 Not tainted 6.8.0-rc6-next-20240228-00163-gbe6ae77b72b2 #26 > [ 1.347586] Hardware name: Qualcomm CRD, BIOS 6.0.230809.BOOT.MXF.2.4-00174-HAMOA-1 08/ 9/2023 > [ 1.347587] Workqueue: events_unbound deferred_probe_work_func > [ 1.347595] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) > [ 1.347597] pc : clk_core_get+0xe0/0x110 > [ 1.347601] lr : clk_core_get+0x108/0x110 > [ 1.347603] sp : ffff800080353940 > [ 1.347604] x29: ffff8000803539a0 x28: 0000000000000000 x27: ffffb0aa57c4e2e0 > [ 1.347607] x26: ffffb0aa57c4e240 x25: ffff4cbd0511e4c8 x24: 0000000000000000 > [ 1.347609] x23: ffffb0aa583c3440 x22: 0000000000000000 x21: ffff4cc07e1d2ab8 > [ 1.347612] x20: 0000000000000000 x19: ffff4cbd00e28ac0 x18: 0000000000000001 > [ 1.347614] x17: 0000000000000018 x16: 0000000000000034 x15: 0000000000000002 > [ 1.347616] x14: ffffb0aa58fc6498 x13: ffffb0aa58293000 x12: 696669746f6e5f6b > [ 1.347619] x11: 0000000ad6d076a3 x10: ffffb0aa58c600fb x9 : 0000000000000008 > [ 1.347621] x8 : 0101010101010101 x7 : 00000000736c6c65 x6 : 0080f0e8e16e646c > [ 1.347624] x5 : ffff800080353958 x4 : 0000000000000000 x3 : ffff4cbd00d09100 > [ 1.347626] x2 : 0000000000000000 x1 : ffff4cbd00d09100 x0 : 0000000000000000 > [ 1.347628] Call trace: > [ 1.347630] clk_core_get+0xe0/0x110 > [ 1.347631] clk_core_get_parent_by_index+0xc8/0xe0 > [ 1.347634] __clk_register+0x1f0/0x864 > [ 1.347636] devm_clk_hw_register+0x5c/0xd4 > [ 1.347639] devm_clk_register_regmap+0x44/0x84 > [ 1.347642] qcom_cc_really_probe+0x1b4/0x25c > [ 1.347644] cam_cc_x1e80100_probe+0x14c/0x1c8 > [ 1.347646] platform_probe+0x68/0xc8 > [ 1.347649] really_probe+0x148/0x2b0 > [ 1.347651] __driver_probe_device+0x78/0x12c > [ 1.347654] driver_probe_device+0x40/0x118 > [ 1.347656] __device_attach_driver+0xb8/0x134 > [ 1.347658] bus_for_each_drv+0x88/0xe8 > [ 1.347661] __device_attach+0xa0/0x190 > [ 1.347664] device_initial_probe+0x14/0x20 > [ 1.347666] bus_probe_device+0xac/0xb0 > [ 1.347668] deferred_probe_work_func+0x88/0xc0 > [ 1.347670] process_one_work+0x148/0x29c > [ 1.347675] worker_thread+0x2fc/0x40c > [ 1.347678] kthread+0x110/0x114 > [ 1.347681] ret_from_fork+0x10/0x20 > [ 1.347684] Code: aa1303e0 97fff96f b140041f 54fffd08 (f9400000) > [ 1.347686] ---[ end trace 0000000000000000 ]--- > > [...] Applied, thanks! [2/2] clk: qcom: camcc-x1e80100: Fix missing DT_IFACE enum in x1e80100 camcc commit: 9dd7b0d351f0c6af9b69d969919a2a8b04bbfd6e Best regards,
Using x1e80100-camcc on a recent kernel I discovered the following NULL pointer dereference. [ 1.347567] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 1.347569] Mem abort info: [ 1.347569] ESR = 0x0000000096000004 [ 1.347570] EC = 0x25: DABT (current EL), IL = 32 bits [ 1.347572] SET = 0, FnV = 0 [ 1.347572] EA = 0, S1PTW = 0 [ 1.347573] FSC = 0x04: level 0 translation fault [ 1.347574] Data abort info: [ 1.347575] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1.347576] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1.347576] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1.347577] [0000000000000000] user address but active_mm is swapper [ 1.347579] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 1.347580] Modules linked in: [ 1.347583] CPU: 1 PID: 80 Comm: kworker/u49:1 Not tainted 6.8.0-rc6-next-20240228-00163-gbe6ae77b72b2 #26 [ 1.347586] Hardware name: Qualcomm CRD, BIOS 6.0.230809.BOOT.MXF.2.4-00174-HAMOA-1 08/ 9/2023 [ 1.347587] Workqueue: events_unbound deferred_probe_work_func [ 1.347595] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1.347597] pc : clk_core_get+0xe0/0x110 [ 1.347601] lr : clk_core_get+0x108/0x110 [ 1.347603] sp : ffff800080353940 [ 1.347604] x29: ffff8000803539a0 x28: 0000000000000000 x27: ffffb0aa57c4e2e0 [ 1.347607] x26: ffffb0aa57c4e240 x25: ffff4cbd0511e4c8 x24: 0000000000000000 [ 1.347609] x23: ffffb0aa583c3440 x22: 0000000000000000 x21: ffff4cc07e1d2ab8 [ 1.347612] x20: 0000000000000000 x19: ffff4cbd00e28ac0 x18: 0000000000000001 [ 1.347614] x17: 0000000000000018 x16: 0000000000000034 x15: 0000000000000002 [ 1.347616] x14: ffffb0aa58fc6498 x13: ffffb0aa58293000 x12: 696669746f6e5f6b [ 1.347619] x11: 0000000ad6d076a3 x10: ffffb0aa58c600fb x9 : 0000000000000008 [ 1.347621] x8 : 0101010101010101 x7 : 00000000736c6c65 x6 : 0080f0e8e16e646c [ 1.347624] x5 : ffff800080353958 x4 : 0000000000000000 x3 : ffff4cbd00d09100 [ 1.347626] x2 : 0000000000000000 x1 : ffff4cbd00d09100 x0 : 0000000000000000 [ 1.347628] Call trace: [ 1.347630] clk_core_get+0xe0/0x110 [ 1.347631] clk_core_get_parent_by_index+0xc8/0xe0 [ 1.347634] __clk_register+0x1f0/0x864 [ 1.347636] devm_clk_hw_register+0x5c/0xd4 [ 1.347639] devm_clk_register_regmap+0x44/0x84 [ 1.347642] qcom_cc_really_probe+0x1b4/0x25c [ 1.347644] cam_cc_x1e80100_probe+0x14c/0x1c8 [ 1.347646] platform_probe+0x68/0xc8 [ 1.347649] really_probe+0x148/0x2b0 [ 1.347651] __driver_probe_device+0x78/0x12c [ 1.347654] driver_probe_device+0x40/0x118 [ 1.347656] __device_attach_driver+0xb8/0x134 [ 1.347658] bus_for_each_drv+0x88/0xe8 [ 1.347661] __device_attach+0xa0/0x190 [ 1.347664] device_initial_probe+0x14/0x20 [ 1.347666] bus_probe_device+0xac/0xb0 [ 1.347668] deferred_probe_work_func+0x88/0xc0 [ 1.347670] process_one_work+0x148/0x29c [ 1.347675] worker_thread+0x2fc/0x40c [ 1.347678] kthread+0x110/0x114 [ 1.347681] ret_from_fork+0x10/0x20 [ 1.347684] Code: aa1303e0 97fff96f b140041f 54fffd08 (f9400000) [ 1.347686] ---[ end trace 0000000000000000 ]--- The first patch fixes the NULL dereference by checking hw before returning hw->core. The second patch addresses the cause of the NULL pointer, which is the DT implied indexing is not fully captured in camcc-x1e80100.c. Obviously the above NULL deref wouldn't occur with the second patch applied however reading the description of clk_core_get() it appears to want to return NULL but currently cannot do so, so check for hw and return a NULL if hw is NULL instead of dereferencing hw. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> --- Bryan O'Donoghue (2): clk: Fix clk_core_get NULL dereference clk: qcom: camcc-x1e80100: Fix missing DT_IFACE enum in x1e80100 camcc drivers/clk/clk.c | 3 +++ drivers/clk/qcom/camcc-x1e80100.c | 1 + 2 files changed, 4 insertions(+) --- base-commit: 1870cdc0e8dee32e3c221704a2977898ba4c10e8 change-id: 20240301-linux-next-24-03-01-simple-clock-fixes-dc7542e23d90 Best regards,