| Message ID | 20220522081921.105515-1-hare@suse.de (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | myrb: fixup null pointer access on myrb_cleanup() | expand |
On Sun, May 22, 2022 at 4:19 PM Hannes Reinecke <hare@suse.de> wrote: > > When myrb_probe() fails the callback might not be set, so we need > to validate the 'disable_intr' callback in myrb_cleanup() to not > cause a null pointer exception. And while at it do not call > myrb_cleanup() if we cannot enable the PCI device at all. > > Reported-by: Zheyu Ma <zheyuma97@gmail.com> > Signed-off-by: Hannes Reinecke <hare@suse.de> > --- > drivers/scsi/myrb.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c > index 71585528e8db..f460aed2435f 100644 > --- a/drivers/scsi/myrb.c > +++ b/drivers/scsi/myrb.c > @@ -1239,7 +1239,8 @@ static void myrb_cleanup(struct myrb_hba *cb) > myrb_unmap(cb); > > if (cb->mmio_base) { > - cb->disable_intr(cb->io_base); > + if (cb->disable_intr) > + cb->disable_intr(cb->io_base); > iounmap(cb->mmio_base); > } > if (cb->irq) > @@ -3414,8 +3415,11 @@ static struct myrb_hba *myrb_detect(struct pci_dev *pdev, > mutex_init(&cb->dma_mutex); > cb->pdev = pdev; > > - if (pci_enable_device(pdev)) > - goto failure; > + if (pci_enable_device(pdev)) { > + dev_err(&pdev->dev, "Failed to enable PCI device\n"); > + scsi_host_put(shost); > + return NULL; > + } > > if (privdata->hw_init == DAC960_PD_hw_init || > privdata->hw_init == DAC960_P_hw_init) { > -- > 2.29.2 > Thanks for your patch, it works for me :) But after applying the patch, I got another panic: [ 0.957522] myrb 0000:00:05.0: Unknown Initialization Error 49 [ 0.957804] myrb 0000:00:05.0: Failed to initialize Controller [ 0.963581] general protection fault, probably for non-canonical address 0xdffffc0000000075: 0000 [#1] [ 0.963942] RIP: 0010:kobject_put+0x2f/0x1d0 [ 0.963942] Call Trace: [ 0.963942] <TASK> [ 0.963942] put_device+0x1b/0x30 [ 0.963942] myrb_probe.cold+0x182/0x12d3 The bug occurs when the driver fails at hw_init() in line 3443 and then goes to myrb_cleanup(). The panic occurs at scsi_host_put(). Thanks, Zheyu Ma
diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c index 71585528e8db..f460aed2435f 100644 --- a/drivers/scsi/myrb.c +++ b/drivers/scsi/myrb.c @@ -1239,7 +1239,8 @@ static void myrb_cleanup(struct myrb_hba *cb) myrb_unmap(cb); if (cb->mmio_base) { - cb->disable_intr(cb->io_base); + if (cb->disable_intr) + cb->disable_intr(cb->io_base); iounmap(cb->mmio_base); } if (cb->irq) @@ -3414,8 +3415,11 @@ static struct myrb_hba *myrb_detect(struct pci_dev *pdev, mutex_init(&cb->dma_mutex); cb->pdev = pdev; - if (pci_enable_device(pdev)) - goto failure; + if (pci_enable_device(pdev)) { + dev_err(&pdev->dev, "Failed to enable PCI device\n"); + scsi_host_put(shost); + return NULL; + } if (privdata->hw_init == DAC960_PD_hw_init || privdata->hw_init == DAC960_P_hw_init) {
When myrb_probe() fails the callback might not be set, so we need to validate the 'disable_intr' callback in myrb_cleanup() to not cause a null pointer exception. And while at it do not call myrb_cleanup() if we cannot enable the PCI device at all. Reported-by: Zheyu Ma <zheyuma97@gmail.com> Signed-off-by: Hannes Reinecke <hare@suse.de> --- drivers/scsi/myrb.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)