| Message ID | 1417534330-13154-1-git-send-email-simon.guinot@sequanux.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, Dec 02, 2014 at 04:32:10PM +0100, Simon Guinot wrote: > This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to > this bug, a kernel oops can be observed at probe time on the LaCie 2Big > and 5Big v2 boards: > > Unable to handle kernel NULL pointer dereference at virtual address 00000008 > [...] > [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c) > [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c) > [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90) > [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94) > [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc) > [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8) > [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc) > [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4) > [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec) > [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24) > [...] > > This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1 > ("leds: netxbig: fix attribute-creation race"). Ouch. > Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> > Cc: <stable@vger.kernel.org> # 3.17+ Acked-by: Johan Hovold <johan@kernel.org> Thanks, Johan
On Tue, Dec 02, 2014 at 04:32:10PM +0100, Simon Guinot wrote: > This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to > this bug, a kernel oops can be observed at probe time on the LaCie 2Big > and 5Big v2 boards: > > Unable to handle kernel NULL pointer dereference at virtual address 00000008 > [...] > [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c) > [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c) > [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90) > [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94) > [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc) > [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8) > [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc) > [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4) > [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec) > [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24) > [...] > > This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1 > ("leds: netxbig: fix attribute-creation race"). > > Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> > Cc: <stable@vger.kernel.org> # 3.17+ > --- > drivers/leds/leds-netxbig.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) Hi Bryan, Please apply up this patch. Thanks. Simon
On Thu, Dec 11, 2014 at 10:04:00AM +0100, Simon Guinot wrote: > On Tue, Dec 02, 2014 at 04:32:10PM +0100, Simon Guinot wrote: > > This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to > > this bug, a kernel oops can be observed at probe time on the LaCie 2Big > > and 5Big v2 boards: > > > > Unable to handle kernel NULL pointer dereference at virtual address 00000008 > > [...] > > [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c) > > [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c) > > [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90) > > [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94) > > [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc) > > [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8) > > [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc) > > [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4) > > [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec) > > [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24) > > [...] > > > > This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1 > > ("leds: netxbig: fix attribute-creation race"). > > > > Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> > > Cc: <stable@vger.kernel.org> # 3.17+ > > --- > > drivers/leds/leds-netxbig.c | 12 ++++++------ > > 1 file changed, 6 insertions(+), 6 deletions(-) > > Hi Bryan, > > Please apply up this patch. Hi Bryan, Is there any news about this patch on your side ? Jason, Andrew, Sebastian, Maybe this patch can go through the SoC branch ? Thanks in advance. Simon
On Thu, Dec 11, 2014 at 1:04 AM, Simon Guinot <simon.guinot@sequanux.org> wrote: > On Tue, Dec 02, 2014 at 04:32:10PM +0100, Simon Guinot wrote: >> This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to >> this bug, a kernel oops can be observed at probe time on the LaCie 2Big >> and 5Big v2 boards: >> >> Unable to handle kernel NULL pointer dereference at virtual address 00000008 >> [...] >> [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c) >> [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c) >> [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90) >> [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94) >> [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc) >> [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8) >> [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc) >> [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4) >> [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec) >> [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24) >> [...] >> >> This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1 >> ("leds: netxbig: fix attribute-creation race"). >> >> Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> >> Cc: <stable@vger.kernel.org> # 3.17+ >> --- >> drivers/leds/leds-netxbig.c | 12 ++++++------ >> 1 file changed, 6 insertions(+), 6 deletions(-) > > Hi Bryan, > > Please apply up this patch. > > Thanks. > > Simon Sorry for the delay. I will merge it. -Bryan
On Tue, Jan 13, 2015 at 12:14:08PM -0800, Bryan Wu wrote: > On Thu, Dec 11, 2014 at 1:04 AM, Simon Guinot <simon.guinot@sequanux.org> wrote: > > On Tue, Dec 02, 2014 at 04:32:10PM +0100, Simon Guinot wrote: > >> This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to > >> this bug, a kernel oops can be observed at probe time on the LaCie 2Big > >> and 5Big v2 boards: > >> > >> Unable to handle kernel NULL pointer dereference at virtual address 00000008 > >> [...] > >> [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c) > >> [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c) > >> [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90) > >> [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94) > >> [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc) > >> [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8) > >> [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc) > >> [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4) > >> [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec) > >> [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24) > >> [...] > >> > >> This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1 > >> ("leds: netxbig: fix attribute-creation race"). > >> > >> Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> > >> Cc: <stable@vger.kernel.org> # 3.17+ > >> --- > >> drivers/leds/leds-netxbig.c | 12 ++++++------ > >> 1 file changed, 6 insertions(+), 6 deletions(-) > > > > Hi Bryan, > > > > Please apply up this patch. > > > > Thanks. > > > > Simon > > Sorry for the delay. I will merge it. Hi Bryan It has already been sent to arm-soc. If you are going to merge it, please ask Olof to drop it. Andrew
On Tue, Jan 13, 2015 at 12:16 PM, Andrew Lunn <andrew@lunn.ch> wrote: > On Tue, Jan 13, 2015 at 12:14:08PM -0800, Bryan Wu wrote: >> On Thu, Dec 11, 2014 at 1:04 AM, Simon Guinot <simon.guinot@sequanux.org> wrote: >> > On Tue, Dec 02, 2014 at 04:32:10PM +0100, Simon Guinot wrote: >> >> This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to >> >> this bug, a kernel oops can be observed at probe time on the LaCie 2Big >> >> and 5Big v2 boards: >> >> >> >> Unable to handle kernel NULL pointer dereference at virtual address 00000008 >> >> [...] >> >> [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c) >> >> [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c) >> >> [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90) >> >> [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94) >> >> [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc) >> >> [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8) >> >> [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc) >> >> [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4) >> >> [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec) >> >> [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24) >> >> [...] >> >> >> >> This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1 >> >> ("leds: netxbig: fix attribute-creation race"). >> >> >> >> Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> >> >> Cc: <stable@vger.kernel.org> # 3.17+ >> >> --- >> >> drivers/leds/leds-netxbig.c | 12 ++++++------ >> >> 1 file changed, 6 insertions(+), 6 deletions(-) >> > >> > Hi Bryan, >> > >> > Please apply up this patch. >> > >> > Thanks. >> > >> > Simon >> >> Sorry for the delay. I will merge it. > > Hi Bryan > > It has already been sent to arm-soc. If you are going to merge it, > please ask Olof to drop it. > > Andrew Olof, could you please drop this from your arm-soc tree. I've merged it to my tree. and will send a fix for Linus soon Thanks, -Bryan
On Tue, Jan 13, 2015 at 12:24 PM, Bryan Wu <cooloney@gmail.com> wrote: > On Tue, Jan 13, 2015 at 12:16 PM, Andrew Lunn <andrew@lunn.ch> wrote: >> On Tue, Jan 13, 2015 at 12:14:08PM -0800, Bryan Wu wrote: >>> On Thu, Dec 11, 2014 at 1:04 AM, Simon Guinot <simon.guinot@sequanux.org> wrote: >>> > On Tue, Dec 02, 2014 at 04:32:10PM +0100, Simon Guinot wrote: >>> >> This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to >>> >> this bug, a kernel oops can be observed at probe time on the LaCie 2Big >>> >> and 5Big v2 boards: >>> >> >>> >> Unable to handle kernel NULL pointer dereference at virtual address 00000008 >>> >> [...] >>> >> [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c) >>> >> [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c) >>> >> [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90) >>> >> [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94) >>> >> [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc) >>> >> [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8) >>> >> [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc) >>> >> [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4) >>> >> [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec) >>> >> [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24) >>> >> [...] >>> >> >>> >> This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1 >>> >> ("leds: netxbig: fix attribute-creation race"). >>> >> >>> >> Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> >>> >> Cc: <stable@vger.kernel.org> # 3.17+ >>> >> --- >>> >> drivers/leds/leds-netxbig.c | 12 ++++++------ >>> >> 1 file changed, 6 insertions(+), 6 deletions(-) >>> > >>> > Hi Bryan, >>> > >>> > Please apply up this patch. >>> > >>> > Thanks. >>> > >>> > Simon >>> >>> Sorry for the delay. I will merge it. >> >> Hi Bryan >> >> It has already been sent to arm-soc. If you are going to merge it, >> please ask Olof to drop it. >> >> Andrew > > Olof, could you please drop this from your arm-soc tree. I've merged > it to my tree. and will send a fix for Linus soon Sigh. Andrew even told you it's already been merged, and _then_ you send up a single patch pull request with _just_ this to Linus after having been completely unresponsive for a month? Anyway, dropped the last fixes branch from mvebu now. Btw: Andrew, in the future it's useful to get these kind of requests cc:d to arm@kernel.org, since I don't monitor my inbox the same way I keep an eye on that folder. I didn't notice this until several days later. Not your fault, but it'd help me. :-) -Olof
diff --git a/drivers/leds/leds-netxbig.c b/drivers/leds/leds-netxbig.c index 64fde485dcaa..4c794f15a57f 100644 --- a/drivers/leds/leds-netxbig.c +++ b/drivers/leds/leds-netxbig.c @@ -330,18 +330,18 @@ create_netxbig_led(struct platform_device *pdev, led_dat->sata = 0; led_dat->cdev.brightness = LED_OFF; led_dat->cdev.flags |= LED_CORE_SUSPENDRESUME; - /* - * If available, expose the SATA activity blink capability through - * a "sata" sysfs attribute. - */ - if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE) - led_dat->cdev.groups = netxbig_led_groups; led_dat->mode_addr = template->mode_addr; led_dat->mode_val = template->mode_val; led_dat->bright_addr = template->bright_addr; led_dat->bright_max = (1 << pdata->gpio_ext->num_data) - 1; led_dat->timer = pdata->timer; led_dat->num_timer = pdata->num_timer; + /* + * If available, expose the SATA activity blink capability through + * a "sata" sysfs attribute. + */ + if (led_dat->mode_val[NETXBIG_LED_SATA] != NETXBIG_LED_INVALID_MODE) + led_dat->cdev.groups = netxbig_led_groups; return led_classdev_register(&pdev->dev, &led_dat->cdev); }
This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to this bug, a kernel oops can be observed at probe time on the LaCie 2Big and 5Big v2 boards: Unable to handle kernel NULL pointer dereference at virtual address 00000008 [...] [<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c) [<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c) [<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90) [<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94) [<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc) [<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8) [<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc) [<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4) [<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec) [<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24) [...] This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1 ("leds: netxbig: fix attribute-creation race"). Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> Cc: <stable@vger.kernel.org> # 3.17+ --- drivers/leds/leds-netxbig.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)