driver core: bus: Handle early calls to bus_to_subsys()

Message ID	0a92979f6e790737544638e8a4c19b0564e660a2.1676983596.git.geert+renesas@glider.be (mailing list archive)
State	Mainlined
Commit	e8b812b3e515742a4faaf2e4722bdc5755b98f56
Delegated to:	Geert Uytterhoeven
Headers	show Return-Path: <linux-renesas-soc-owner@vger.kernel.org> From: Geert Uytterhoeven <geert+renesas@glider.be> To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, "Rafael J . Wysocki" <rafael@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de>, Lee Jones <lee@kernel.org>, linux-kernel@vger.kernel.org, linux-renesas-soc@vger.kernel.org, Geert Uytterhoeven <geert+renesas@glider.be> Subject: [PATCH] driver core: bus: Handle early calls to bus_to_subsys() Date: Tue, 21 Feb 2023 13:53:51 +0100 Message-Id: <0a92979f6e790737544638e8a4c19b0564e660a2.1676983596.git.geert+renesas@glider.be> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	driver core: bus: Handle early calls to bus_to_subsys() \| expand driver core: bus: Handle early calls to bus_to_subsys()

Message ID

0a92979f6e790737544638e8a4c19b0564e660a2.1676983596.git.geert+renesas@glider.be (mailing list archive)

State

Mainlined

Commit

e8b812b3e515742a4faaf2e4722bdc5755b98f56

Delegated to:

Geert Uytterhoeven

Headers

show

Return-Path: <linux-renesas-soc-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B2A20C6379F
	for <linux-renesas-soc@archiver.kernel.org>;
 Tue, 21 Feb 2023 12:54:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232845AbjBUMyS (ORCPT
        <rfc822;linux-renesas-soc@archiver.kernel.org>);
        Tue, 21 Feb 2023 07:54:18 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51748 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232995AbjBUMyR (ORCPT
        <rfc822;linux-renesas-soc@vger.kernel.org>);
        Tue, 21 Feb 2023 07:54:17 -0500
Received: from andre.telenet-ops.be (andre.telenet-ops.be
 [IPv6:2a02:1800:120:4::f00:15])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D4DD2687A
        for <linux-renesas-soc@vger.kernel.org>;
 Tue, 21 Feb 2023 04:54:02 -0800 (PST)
Received: from ramsan.of.borg ([IPv6:2a02:1810:ac12:ed50:22fe:52b9:4e8:3dfc])
        by andre.telenet-ops.be with bizsmtp
        id Potz290011v1X7l01otzqD; Tue, 21 Feb 2023 13:53:59 +0100
Received: from rox.of.borg ([192.168.97.57])
        by ramsan.of.borg with esmtp (Exim 4.95)
        (envelope-from <geert@linux-m68k.org>)
        id 1pUS9G-009ce4-DU;
        Tue, 21 Feb 2023 13:53:58 +0100
Received: from geert by rox.of.borg with local (Exim 4.95)
        (envelope-from <geert@linux-m68k.org>)
        id 1pUS9e-00149K-Rt;
        Tue, 21 Feb 2023 13:53:58 +0100
From: Geert Uytterhoeven <geert+renesas@glider.be>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Rafael J . Wysocki" <rafael@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>, Lee Jones <lee@kernel.org>,
        linux-kernel@vger.kernel.org, linux-renesas-soc@vger.kernel.org,
        Geert Uytterhoeven <geert+renesas@glider.be>
Subject: [PATCH] driver core: bus: Handle early calls to bus_to_subsys()
Date: Tue, 21 Feb 2023 13:53:51 +0100
Message-Id: 
 <0a92979f6e790737544638e8a4c19b0564e660a2.1676983596.git.geert+renesas@glider.be>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-renesas-soc.vger.kernel.org>
X-Mailing-List: linux-renesas-soc@vger.kernel.org

Series

driver core: bus: Handle early calls to bus_to_subsys() | expand

Commit Message

Geert Uytterhoeven Feb. 21, 2023, 12:53 p.m. UTC

When calling soc_device_match() from early_initcall(), bus_kset is still
NULL, causing a crash:

    Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028
    ...
    Call trace:
     __lock_acquire+0x530/0x20f0
     lock_acquire.part.0+0xc8/0x210
     lock_acquire+0x64/0x80
     _raw_spin_lock+0x4c/0x60
     bus_to_subsys+0x24/0xac
     bus_for_each_dev+0x30/0xcc
     soc_device_match+0x4c/0xe0
     r8a7795_sysc_init+0x18/0x60
     rcar_sysc_pd_init+0xb0/0x33c
     do_one_initcall+0x128/0x2bc

Before, bus_for_each_dev() handled this gracefully by checking that
the back-pointer to the private structure was valid.

Fix this by adding a NULL check for bus_kset to bus_to_subsys().

Fixes: 83b9148df2c95e23 ("driver core: bus: bus iterator cleanups")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
---
 drivers/base/bus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Greg KH Feb. 21, 2023, 1:47 p.m. UTC | #1

On Tue, Feb 21, 2023 at 01:53:51PM +0100, Geert Uytterhoeven wrote:
> When calling soc_device_match() from early_initcall(), bus_kset is still
> NULL, causing a crash:
> 
>     Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028
>     ...
>     Call trace:
>      __lock_acquire+0x530/0x20f0
>      lock_acquire.part.0+0xc8/0x210
>      lock_acquire+0x64/0x80
>      _raw_spin_lock+0x4c/0x60
>      bus_to_subsys+0x24/0xac
>      bus_for_each_dev+0x30/0xcc
>      soc_device_match+0x4c/0xe0
>      r8a7795_sysc_init+0x18/0x60
>      rcar_sysc_pd_init+0xb0/0x33c
>      do_one_initcall+0x128/0x2bc
> 
> Before, bus_for_each_dev() handled this gracefully by checking that
> the back-pointer to the private structure was valid.
> 
> Fix this by adding a NULL check for bus_kset to bus_to_subsys().
> 
> Fixes: 83b9148df2c95e23 ("driver core: bus: bus iterator cleanups")
> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
> ---
>  drivers/base/bus.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/base/bus.c b/drivers/base/bus.c
> index cfe8615d5106f030..dd4b82d7510f68fb 100644
> --- a/drivers/base/bus.c
> +++ b/drivers/base/bus.c
> @@ -62,7 +62,7 @@ static struct subsys_private *bus_to_subsys(const struct bus_type *bus)
>  	struct subsys_private *sp = NULL;
>  	struct kobject *kobj;
>  
> -	if (!bus)
> +	if (!bus || !bus_kset)
>  		return NULL;
>  
>  	spin_lock(&bus_kset->list_lock);

Thanks for this, I'll queue it up after my patches get sent to Linus.

greg k-h

Wolfram Sang Feb. 28, 2023, 10:57 a.m. UTC | #2

On Tue, Feb 21, 2023 at 01:53:51PM +0100, Geert Uytterhoeven wrote:
> When calling soc_device_match() from early_initcall(), bus_kset is still
> NULL, causing a crash:
> 
>     Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028
>     ...
>     Call trace:
>      __lock_acquire+0x530/0x20f0
>      lock_acquire.part.0+0xc8/0x210
>      lock_acquire+0x64/0x80
>      _raw_spin_lock+0x4c/0x60
>      bus_to_subsys+0x24/0xac
>      bus_for_each_dev+0x30/0xcc
>      soc_device_match+0x4c/0xe0
>      r8a7795_sysc_init+0x18/0x60
>      rcar_sysc_pd_init+0xb0/0x33c
>      do_one_initcall+0x128/0x2bc
> 
> Before, bus_for_each_dev() handled this gracefully by checking that
> the back-pointer to the private structure was valid.
> 
> Fix this by adding a NULL check for bus_kset to bus_to_subsys().
> 
> Fixes: 83b9148df2c95e23 ("driver core: bus: bus iterator cleanups")
> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>

Current top-of-head doesn't boot my Salvator-XS board, this patch fixed
it.

Tested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>

Greg KH March 2, 2023, 10:20 a.m. UTC | #3

On Tue, Feb 28, 2023 at 11:57:02AM +0100, Wolfram Sang wrote:
> On Tue, Feb 21, 2023 at 01:53:51PM +0100, Geert Uytterhoeven wrote:
> > When calling soc_device_match() from early_initcall(), bus_kset is still
> > NULL, causing a crash:
> > 
> >     Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028
> >     ...
> >     Call trace:
> >      __lock_acquire+0x530/0x20f0
> >      lock_acquire.part.0+0xc8/0x210
> >      lock_acquire+0x64/0x80
> >      _raw_spin_lock+0x4c/0x60
> >      bus_to_subsys+0x24/0xac
> >      bus_for_each_dev+0x30/0xcc
> >      soc_device_match+0x4c/0xe0
> >      r8a7795_sysc_init+0x18/0x60
> >      rcar_sysc_pd_init+0xb0/0x33c
> >      do_one_initcall+0x128/0x2bc
> > 
> > Before, bus_for_each_dev() handled this gracefully by checking that
> > the back-pointer to the private structure was valid.
> > 
> > Fix this by adding a NULL check for bus_kset to bus_to_subsys().
> > 
> > Fixes: 83b9148df2c95e23 ("driver core: bus: bus iterator cleanups")
> > Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
> 
> Current top-of-head doesn't boot my Salvator-XS board, this patch fixed
> it.
> 
> Tested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
> 

Great, now sent to Linus.

greg k-h

diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index cfe8615d5106f030..dd4b82d7510f68fb 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -62,7 +62,7 @@  static struct subsys_private *bus_to_subsys(const struct bus_type *bus)
 	struct subsys_private *sp = NULL;
 	struct kobject *kobj;
 
-	if (!bus)
+	if (!bus || !bus_kset)
 		return NULL;
 
 	spin_lock(&bus_kset->list_lock);

driver core: bus: Handle early calls to bus_to_subsys()

Commit Message

Comments

Patch