From patchwork Thu Aug 10 02:09:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kuninori Morimoto X-Patchwork-Id: 9892523 X-Patchwork-Delegate: geert@linux-m68k.org Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id ECDC560236 for ; Thu, 10 Aug 2017 02:09:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0894B28AC0 for ; Thu, 10 Aug 2017 02:09:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EFFCA28AC7; Thu, 10 Aug 2017 02:09:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E5CEF28AC0 for ; Thu, 10 Aug 2017 02:09:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752154AbdHJCJf (ORCPT ); Wed, 9 Aug 2017 22:09:35 -0400 Received: from relmlor4.renesas.com ([210.160.252.174]:16119 "EHLO relmlie3.idc.renesas.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752192AbdHJCJd (ORCPT ); Wed, 9 Aug 2017 22:09:33 -0400 Received: from unknown (HELO relmlir2.idc.renesas.com) ([10.200.68.152]) by relmlie3.idc.renesas.com with ESMTP; 10 Aug 2017 11:09:29 +0900 Received: from relmlii2.idc.renesas.com (relmlii2.idc.renesas.com [10.200.68.66]) by relmlir2.idc.renesas.com (Postfix) with ESMTP id 9916065EAB; Thu, 10 Aug 2017 11:09:29 +0900 (JST) X-IronPort-AV: E=Sophos;i="5.41,349,1498489200"; d="scan'208";a="254127001" Received: from mail-pu1apc01lp0019.outbound.protection.outlook.com (HELO APC01-PU1-obe.outbound.protection.outlook.com) ([65.55.88.19]) by relmlii2.idc.renesas.com with ESMTP/TLS/AES256-SHA256; 10 Aug 2017 11:09:26 +0900 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=renesasgroup.onmicrosoft.com; s=selector1-renesas-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=y7akOMVp4Wo8hhoZBzX4DevDSjnKTE/y9mkt0KzNEIE=; b=a3v9pweKPeJ4HgeqLQfrNWHq1U4vlRO3Xv2oHyGfuBSZHtscHdVzwkiKacJP4WvTR2gB3UJMAv8c69SEZCzFBZzCDqDiy57GipNU14gym0kalEAxNgVtHvodaqCnM6J8PtbdxRE9QjpCDNyWBMMnQL5Bn7tylDwrLxXd8fBKyc4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=kuninori.morimoto.gx@renesas.com; Received: from morimoto-PC.renesas.com (211.11.155.138) by HK2PR0601MB1876.apcprd06.prod.outlook.com (2603:1096:202:a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1320.16; Thu, 10 Aug 2017 02:09:21 +0000 Message-ID: <871sokyybc.wl%kuninori.morimoto.gx@renesas.com> From: Kuninori Morimoto To: Vinod Koul , Niklas =?ISO-8859-1?Q?S=F6derlund?= , Laurent , Dan Williams Cc: Linux-Renesas , Linux-Kernel , Arnd Bergmann , Anton Volkov , Alexey Khoroshilov , ldv-project@linuxtesting.org, dmaengine@vger.kernel.org, geert+renesas@glider.be User-Agent: Wanderlust/2.15.9 Emacs/24.3 Mule/6.0 Subject: Re: Possible null pointer dereference in rcar-dmac.ko In-Reply-To: <1966479.zaHQfZ4vb1@avalon> References: <0df6c6f5-c306-3e43-2b1f-013c47c51042@ispras.ru> <871solfu5n.wl%kuninori.morimoto.gx@renesas.com> <1966479.zaHQfZ4vb1@avalon> MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Date: Thu, 10 Aug 2017 02:09:21 +0000 X-Originating-IP: [211.11.155.138] X-ClientProxiedBy: SG2PR06CA0121.apcprd06.prod.outlook.com (2603:1096:1:1d::23) To HK2PR0601MB1876.apcprd06.prod.outlook.com (2603:1096:202:a::20) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bdc09375-e53c-4235-5760-08d4df94d294 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:HK2PR0601MB1876; X-Microsoft-Exchange-Diagnostics: 1; HK2PR0601MB1876; 3:GUwgGF6Nqgh4yxsyRNusX1U+cDPvvIv8meKEhZK908ilUjQgxnTRc1NqMFu4vZEBiPv4xsy/kH/NZnmzJjgFrjeLBOuHtv9iM8BPq8Idls/oAVjX/YpVJYWi2Lx+nBKVH11junVi+YWgOM4XYXdpe5/RJnGJd/UBn2le9xAr9niUmF20c1rq2DnKatGSXaT8J0cpV9NlAJ9Yi8xuaPhXXaD6fS8/vytPm5Kn+rkPTr2bebTQbJ3FMgoZ8S5BTGW6; 25:QsbOzCf+K4WuxXkcipm1veHJMjZkElPylf7BDqwDJsmFF7FKnKZ8RdWUi2Guj9KDb37a6eqBvjuT69QxyTMzj+c4TX/5Kp7V3ao5DA2dob05xPAzZlHaEMvbI+8RCwg0ApbKZXJS5NreEFO9CVEwSPgQzI4D7Ng6D4iCm3/OSKu8YTPIQcO+qDoDWxX+Sbcud9y1EIO4R7Rt3gRaMWC4ewmG53SMF4KoVTdBy3DHpFx5aK5Lg1d+KwLlgVUVb4gVWhD1zKEvLHE0yjt38oin3rDyShnvFyELraYZVm8zjBnx0e1Jh5G6/hgqCUGGgeVbPRGZzkHOb1ILEmB8GzzklA==; 31:mlM0bMuLm9X+AvSOKtRT+7tndlIQF2mMeun333Qbt8BFkGZAhQnvlBwM3cPFy3cuTEkwR4t7yC47gwR+9lkC/6NxLww0Two4kGchgr338iNN8804vxGCoV+VxOTCqatjKInH6SdNs+m/WCvaKQC2WuA1ICdw2Y3qLYQJabvMdaWr5CwBT4dXcC06uBN8zop47ABt88XsJ5EZQ63diexyaSdYdtu1M4zD8pXQ7GCQbp8= X-MS-TrafficTypeDiagnostic: HK2PR0601MB1876: X-Microsoft-Exchange-Diagnostics: 1; HK2PR0601MB1876; 20:xcOCfs0tfNX/XrISFhbXXgFkzBPvHq/IgndroaInXwG7/sAKDb2U4f3w58xKfpRkyC6cgXbICobnF+d0fFWlVIrcOCNbtIE2xTxLWFi2K2alA1QJOyoLMksDtT120XDEGtO8d/iq4dJ1E/D4ereLetNEiOChMd4YJObgO4PlhB/aFFYu2VkF3TKSeRXvSQD1QC0J/mq9l67Rg5wBkb7DfxMCXXZPajxH7vg+3HE69mqx2nLNAmj7WwGWtLWcBtuOKNdv25YqZr09zg3ZrtAiJpJtTsLAWzfzZOOnxkepg/4xuAdHUMdUb+EVBKYnL3Az8pxLmOpQ6xYpt7buGC/7EGKGoijGSAJYW2Xhz7FY0bHlNVCgUIPQiiyNOxTLSGxz/LWGNoaXyH0xFIwmPrl6pqKHO/sWKdlpFo/jdGJj4Qb8cNm9lfhwkp6j1zytX+jSWIad9FALmUdXxhQ5Pr/lIPSOgPKmmZex9dkJJSAYG3WaJYX61qAWzkaw/0veWNoh; 4:WPqETv8uhw8i7CzRGuLCUd5HpB49JRfeqlkBW5Z/gXZgDBDt1rbPNjF2hkvKb1rQ3iqUAqt1aO6kXVxUBbO+s8bKuf/YE2mZBszdDuPFGNRqArofb/qJmRcM/6JDUr6XMVID5OFiaev85ZUi8DCgvFyKvx9OBo+SEWp/BDNAYtLAqUW4PRVyhI+NnGzKTLyX2/uc3thlktb2Q+8D6G/CYvSWGNVWKYpLaHaA4+uZmLm24TbgGFAls13Vcv4DmwOdIGLSbXelMK/Qeb3QlQGiUFz53gDcjIyZbC6cYAiENjk= X-Exchange-Antispam-Report-Test: UriScan:(788757137089); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123558100)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:HK2PR0601MB1876; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:HK2PR0601MB1876; X-Forefront-PRVS: 03950F25EC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(7370300001)(4630300001)(6009001)(39410400002)(39840400002)(39850400002)(39400400002)(39450400003)(39860400002)(189002)(199003)(83506001)(2950100002)(50466002)(4477795004)(53416004)(4326008)(478600001)(54906002)(36756003)(47776003)(66066001)(7736002)(6246003)(105586002)(53936002)(38730400002)(101416001)(50986999)(106356001)(305945005)(7416002)(5660300001)(76176999)(6486002)(69596002)(68736007)(33646002)(86362001)(2906002)(54356999)(81156014)(7350300001)(23726003)(81166006)(97736004)(4001350100001)(3846002)(42186005)(25786009)(6116002)(189998001)(229853002)(8676002)(16060500001); DIR:OUT; SFP:1102; SCL:1; SRVR:HK2PR0601MB1876; H:morimoto-PC.renesas.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: renesas.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; HK2PR0601MB1876; 23:M6ADtp4/WhlfIv0KEeRttzp+Ow1urZwk6cdW5q0?= =?us-ascii?Q?V72lgEbfKam4ZaZQhzmFjTDxfi95OOaC0ObkRGNjFpn2LcTx8mjBt6Hzst6p?= =?us-ascii?Q?Qn2YSxPfFP6HkCAKjQOyC8rZshl+7KK7IDjsjjXO/EqwH7c5e3/llI5kqkmz?= =?us-ascii?Q?1kwvJc2Mce3YS0AgkrsqUiBxn2/8U6tSwfIM3RDzCjmxcnxI+10XA3h3/jCQ?= =?us-ascii?Q?WIcnuma3Fy+QbeASiFXQUxq6BR/6Rj223NEVbHPicQEFZiQ5zxZBkCdAnSQg?= =?us-ascii?Q?6JIRtvpj2BeyTaCNCz+vjisjPfpkPlvxc+6IrLMLlzGSa0pAPkV6JdETXYXi?= =?us-ascii?Q?PsRumKkmARc6SAuUPf1esPJ6v75kAXVa60Xcxd+A8zTTJqHc6z1TZcMtFGio?= =?us-ascii?Q?btKFp/dMKmvgXNVN3h7ICx3wAPB0uMobBtwcYHo7kKrfX95mzHOuKrSuan71?= =?us-ascii?Q?7ac+WoKkoxTaj+1ug/fcxP+w2/KoGmknjRHj3FgjoYT2MB1OFxW2phaUJ9hr?= =?us-ascii?Q?CbWkWITfRtZ5uIyu9jJWcHtDdO+g1tRxb3UJka2+AZgmNGNev1YFeswQKHsv?= =?us-ascii?Q?/TpBH3wX3GQ/XiGD0Du7FY3t3O7sdvtc5v2Qr+TLdvAafZLuM5Ocfa3acc+x?= =?us-ascii?Q?7ukgkVveLVWHbGk3LBcu6qonTWoZ75k0NucGd5noN9xADdEhjRXsH3cobixe?= =?us-ascii?Q?3EUqDfd/0yjti3B40+T11cKww/uw/VaVQieZx0Fqfb2Pn4BLq/wcQgbLFFXM?= =?us-ascii?Q?OqcqVrsSh241tc9PUfMRqGFz/t4sKzZ8BPuE63PKmwlrtxaWxP52oPSM2m0G?= =?us-ascii?Q?t/OoTQp5XPXGJul2IYn8aOz8L1xWfErsV4ZrqvO2YSX+cP2svYXGM0iS4CDH?= =?us-ascii?Q?YkUY2b+MzirwJKMmP4rlwxQpyVwdjIJeiuuVdPW/atnujv7pgKM57JYV8uUW?= =?us-ascii?Q?PIq2lDutlEzYbgt9lIMngoUgEKQD6vdHdTNJZNCFdabq4QMztTPv7wMBWLiP?= =?us-ascii?Q?mtUFr6NpaDAfJshDl/+9TYZFgMr7wMc7ENUSlkXTviMIT04y7reevy8Scfm2?= =?us-ascii?Q?7d5nWTlKWdO28jPnnL3qsQopmYppk4rzteUJUak4vU2+6O13ZcHtpQRvRSzt?= =?us-ascii?Q?ixvn5jg0x0RAkATs9fnisvSw/BXHAgkK0pxGVXWbNm4zGy4+dKtDUkk7vnaM?= =?us-ascii?Q?/foPeACGCpT/mRa2W2jQqlhsm7PO2UiajvLhyGuLeqYbMGqlPnep4/usFFXB?= =?us-ascii?Q?5GaChQEeopqa7aIU/vVU+EKIseRUkjrFzblvVa6tJBPgd6DITayJuKlshkff?= =?us-ascii?Q?nvJ4Lq1dKglACIqa+GzvPt4w6AYpOINTnui6K+Dxsnm37+8I41HgNV3YLT5D?= =?us-ascii?Q?VvI4wbJPZTXMtc5BrtG/t2KAlgnY=3D?= X-Microsoft-Exchange-Diagnostics: 1; HK2PR0601MB1876; 6:DllFiYUMfn0F/m88UVNebkD5gCevEsKUEGhFLePN4LiPuueTua2mIBcIvNRrT+GxlKGSIJ/PwwVjOV0Wvq0hTGsMFMmA7rIR9452uPKhKYCclQzdKCqbFS3YZ27q5bN8veVm7A6ZUbULvjErogJyVy+InL73NPQl4pvw/muFFTzzJIvmD4SW1V8tYPChlQDTu0CRclPlBDV4ggILvH+vCkMElBtMORk/1Ir8NbuBjnUEuP5LgnvSA2ikSaNjNxdT151wJw6D/roC7ezYt6qT6KI8c0Cnu+LMUwTnRa2lk+Pq8+/AfV+78RE5PzbxzrH7jgHePKKT+euY8fuR2Gu4nA==; 5:k4RyXrEua8hET/uGhhYPOZiYDl+BWcTgO8HB1/duBfBbopGw6isxYRk4XkQe4SJBdkh/ey0pNfIBFZFxis8yAODGFpgMrCuIEG00IQ8VO3RkV1nut8tV5vi8fi7X67EdLjCexVGifzlXR9nf5iUkYA==; 24:2PiA5wObGW+DY7KAfBThBOIGO4eWieYuTEvNxM3U31DoWXxQjG+Fo9N0LhIoks4g7kU7MMEK26CvpWv8NDGxUWtoglrPn3hY6Ya4ZBnRkBg=; 7:6+eS+Q2vZ6haDfQ0ehtDYxqG+H6U6pT6dL04G2lHcKkb/KJP/fWcVUYqohItyL45o9oLvQN+rVWiUFdyh9FrOtMKZ5yIEmseWaRTF5D+U0dOZQRMbIoIiL1+WftLB4vw42K5G2hqdzQ/rzA5ioxEQkpVX456Ub7lDTkZZ+SHgDN7M7Zcs35mFHf3izJ8hqNoMyrtpUv8Cc3GnD4sw8yfoPYTiE+1dfdFw4f/F3hUuGs= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; HK2PR0601MB1876; 20:IEeDj3m18SNUsyY3Maj8dUlijxuijsjSj8DS8mvEWC+nI6M+ddLiIwvhjEh4AZ69Wnp4o7eRE35G9dqENuRB9zh8cnlrJ078qhAQovMpZ5dYBPA2kMTV67dIjPQMvP199GGcwNBSMwgJHwa5vUn+c6nhs9XHpnxhR34T32WoeNU= X-OriginatorOrg: renesas.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Aug 2017 02:09:21.7173 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2PR0601MB1876 Sender: linux-renesas-soc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-renesas-soc@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Anton Volkov noticed that engine->dev is NULL before of_dma_controller_register() in probe. Thus there might be a NULL pointer dereference in rcar_dmac_chan_start_xfer while accessing chan->chan.device->dev which is equal to (&dmac->engine)->dev. To be more safety code, this patch initialize dmac->engine before it. Reported-by: Anton Volkov Signed-off-by: Kuninori Morimoto --- > Anton, Laurent I created this patch because noone posted it yesterday. Anton, you can use this patch and replace Author to you if you want. Thus, I used [RFC] on this patch drivers/dma/sh/rcar-dmac.c | 51 +++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/drivers/dma/sh/rcar-dmac.c b/drivers/dma/sh/rcar-dmac.c index ffcadca..6d60628 100644 --- a/drivers/dma/sh/rcar-dmac.c +++ b/drivers/dma/sh/rcar-dmac.c @@ -1818,8 +1818,32 @@ static int rcar_dmac_probe(struct platform_device *pdev) goto error; } - /* Initialize the channels. */ - INIT_LIST_HEAD(&dmac->engine.channels); + /* Initialize engine */ + engine = &dmac->engine; + + dma_cap_set(DMA_MEMCPY, engine->cap_mask); + dma_cap_set(DMA_SLAVE, engine->cap_mask); + + engine->dev = &pdev->dev; + engine->copy_align = ilog2(RCAR_DMAC_MEMCPY_XFER_SIZE); + + engine->src_addr_widths = widths; + engine->dst_addr_widths = widths; + engine->directions = BIT(DMA_MEM_TO_DEV) | BIT(DMA_DEV_TO_MEM); + engine->residue_granularity = DMA_RESIDUE_GRANULARITY_BURST; + + engine->device_alloc_chan_resources = rcar_dmac_alloc_chan_resources; + engine->device_free_chan_resources = rcar_dmac_free_chan_resources; + engine->device_prep_dma_memcpy = rcar_dmac_prep_dma_memcpy; + engine->device_prep_slave_sg = rcar_dmac_prep_slave_sg; + engine->device_prep_dma_cyclic = rcar_dmac_prep_dma_cyclic; + engine->device_config = rcar_dmac_device_config; + engine->device_terminate_all = rcar_dmac_chan_terminate_all; + engine->device_tx_status = rcar_dmac_tx_status; + engine->device_issue_pending = rcar_dmac_issue_pending; + engine->device_synchronize = rcar_dmac_device_synchronize; + + INIT_LIST_HEAD(&engine->channels); for (i = 0; i < dmac->n_channels; ++i) { ret = rcar_dmac_chan_probe(dmac, &dmac->channels[i], @@ -1839,29 +1863,6 @@ static int rcar_dmac_probe(struct platform_device *pdev) * * Default transfer size of 32 bytes requires 32-byte alignment. */ - engine = &dmac->engine; - dma_cap_set(DMA_MEMCPY, engine->cap_mask); - dma_cap_set(DMA_SLAVE, engine->cap_mask); - - engine->dev = &pdev->dev; - engine->copy_align = ilog2(RCAR_DMAC_MEMCPY_XFER_SIZE); - - engine->src_addr_widths = widths; - engine->dst_addr_widths = widths; - engine->directions = BIT(DMA_MEM_TO_DEV) | BIT(DMA_DEV_TO_MEM); - engine->residue_granularity = DMA_RESIDUE_GRANULARITY_BURST; - - engine->device_alloc_chan_resources = rcar_dmac_alloc_chan_resources; - engine->device_free_chan_resources = rcar_dmac_free_chan_resources; - engine->device_prep_dma_memcpy = rcar_dmac_prep_dma_memcpy; - engine->device_prep_slave_sg = rcar_dmac_prep_slave_sg; - engine->device_prep_dma_cyclic = rcar_dmac_prep_dma_cyclic; - engine->device_config = rcar_dmac_device_config; - engine->device_terminate_all = rcar_dmac_chan_terminate_all; - engine->device_tx_status = rcar_dmac_tx_status; - engine->device_issue_pending = rcar_dmac_issue_pending; - engine->device_synchronize = rcar_dmac_device_synchronize; - ret = dma_async_device_register(engine); if (ret < 0) goto error;