| Message ID | 20200815163115.11376-1-hauke@hauke-m.de |
|---|---|
| State | Superseded |
| Headers | show |
| Series | pwm: img: Fix null pointer access in probe | expand |
On Sat, 15 Aug 2020, Hauke Mehrtens wrote: > dev_get_drvdata() is called in img_pwm_runtime_resume() before the > driver data is set. > When pm_runtime_enabled() returns false in img_pwm_probe() it calls > img_pwm_runtime_resume() which results in a null pointer access. > > This patch fixes the problem by setting the driver data earlier in the > img_pwm_probe() function. > > Fixes: e690ae526216 ("pwm: img: Add runtime PM") > Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> > --- > drivers/pwm/pwm-img.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Looks fine. Acked-by: Lee Jones <lee.jones@linaro.org>
On Sat, Aug 15, 2020 at 06:31:15PM +0200, Hauke Mehrtens wrote: > dev_get_drvdata() is called in img_pwm_runtime_resume() before the > driver data is set. > When pm_runtime_enabled() returns false in img_pwm_probe() it calls > img_pwm_runtime_resume() which results in a null pointer access. Is this a theoretical issue, or did you see this crash on a machine? > This patch fixes the problem by setting the driver data earlier in the > img_pwm_probe() function. > > Fixes: e690ae526216 ("pwm: img: Add runtime PM") > Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> > --- > drivers/pwm/pwm-img.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/pwm/pwm-img.c b/drivers/pwm/pwm-img.c > index 599a0f66a384..11831e885e1b 100644 > --- a/drivers/pwm/pwm-img.c > +++ b/drivers/pwm/pwm-img.c > @@ -277,6 +277,8 @@ static int img_pwm_probe(struct platform_device *pdev) > return PTR_ERR(pwm->pwm_clk); > } > > + platform_set_drvdata(pdev, pwm); > + > pm_runtime_set_autosuspend_delay(&pdev->dev, IMG_PWM_PM_TIMEOUT); > pm_runtime_use_autosuspend(&pdev->dev); > pm_runtime_enable(&pdev->dev); > @@ -313,7 +315,6 @@ static int img_pwm_probe(struct platform_device *pdev) > goto err_suspend; > } > > - platform_set_drvdata(pdev, pwm); > return 0; > > err_suspend: > @@ -322,6 +323,7 @@ static int img_pwm_probe(struct platform_device *pdev) > err_pm_disable: > pm_runtime_disable(&pdev->dev); > pm_runtime_dont_use_autosuspend(&pdev->dev); > + platform_set_drvdata(pdev, NULL); The driver core takes care about removing drvdata, so this hunk isn't necessary. Best regards Uwe
On 8/20/20 3:02 PM, Uwe Kleine-König wrote: > On Sat, Aug 15, 2020 at 06:31:15PM +0200, Hauke Mehrtens wrote: >> dev_get_drvdata() is called in img_pwm_runtime_resume() before the >> driver data is set. >> When pm_runtime_enabled() returns false in img_pwm_probe() it calls >> img_pwm_runtime_resume() which results in a null pointer access. > > Is this a theoretical issue, or did you see this crash on a machine? This is a real issue. I ran into this issue when porting the pistachio target in OpenWrt from kernel 4.14 to 5.4, it immediately crashed at bootup. >> This patch fixes the problem by setting the driver data earlier in the >> img_pwm_probe() function. >> >> Fixes: e690ae526216 ("pwm: img: Add runtime PM") >> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> >> --- >> drivers/pwm/pwm-img.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/pwm/pwm-img.c b/drivers/pwm/pwm-img.c >> index 599a0f66a384..11831e885e1b 100644 >> --- a/drivers/pwm/pwm-img.c >> +++ b/drivers/pwm/pwm-img.c >> @@ -277,6 +277,8 @@ static int img_pwm_probe(struct platform_device *pdev) >> return PTR_ERR(pwm->pwm_clk); >> } >> >> + platform_set_drvdata(pdev, pwm); >> + >> pm_runtime_set_autosuspend_delay(&pdev->dev, IMG_PWM_PM_TIMEOUT); >> pm_runtime_use_autosuspend(&pdev->dev); >> pm_runtime_enable(&pdev->dev); >> @@ -313,7 +315,6 @@ static int img_pwm_probe(struct platform_device *pdev) >> goto err_suspend; >> } >> >> - platform_set_drvdata(pdev, pwm); >> return 0; >> >> err_suspend: >> @@ -322,6 +323,7 @@ static int img_pwm_probe(struct platform_device *pdev) >> err_pm_disable: >> pm_runtime_disable(&pdev->dev); >> pm_runtime_dont_use_autosuspend(&pdev->dev); >> + platform_set_drvdata(pdev, NULL); > > The driver core takes care about removing drvdata, so this hunk isn't > necessary. I will send a v2 without this change. Hauke
diff --git a/drivers/pwm/pwm-img.c b/drivers/pwm/pwm-img.c index 599a0f66a384..11831e885e1b 100644 --- a/drivers/pwm/pwm-img.c +++ b/drivers/pwm/pwm-img.c @@ -277,6 +277,8 @@ static int img_pwm_probe(struct platform_device *pdev) return PTR_ERR(pwm->pwm_clk); } + platform_set_drvdata(pdev, pwm); + pm_runtime_set_autosuspend_delay(&pdev->dev, IMG_PWM_PM_TIMEOUT); pm_runtime_use_autosuspend(&pdev->dev); pm_runtime_enable(&pdev->dev); @@ -313,7 +315,6 @@ static int img_pwm_probe(struct platform_device *pdev) goto err_suspend; } - platform_set_drvdata(pdev, pwm); return 0; err_suspend: @@ -322,6 +323,7 @@ static int img_pwm_probe(struct platform_device *pdev) err_pm_disable: pm_runtime_disable(&pdev->dev); pm_runtime_dont_use_autosuspend(&pdev->dev); + platform_set_drvdata(pdev, NULL); return ret; }
dev_get_drvdata() is called in img_pwm_runtime_resume() before the driver data is set. When pm_runtime_enabled() returns false in img_pwm_probe() it calls img_pwm_runtime_resume() which results in a null pointer access. This patch fixes the problem by setting the driver data earlier in the img_pwm_probe() function. Fixes: e690ae526216 ("pwm: img: Add runtime PM") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> --- drivers/pwm/pwm-img.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)