lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CACRpkdZ1M6CD85DMQ6BOYm+TQBJJO_FP8HR9EFUYQ++HZnOQcw@mail.gmail.com>
Date:   Tue, 12 Sep 2017 11:30:43 +0200
From:   Linus Walleij <linus.walleij@...aro.org>
To:     Gregory CLEMENT <gregory.clement@...e-electrons.com>
Cc:     "linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Jason Cooper <jason@...edaemon.net>,
        Andrew Lunn <andrew@...n.ch>,
        Sebastian Hesselbarth <sebastian.hesselbarth@...il.com>,
        Thomas Petazzoni <thomas.petazzoni@...e-electrons.com>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        Antoine Tenart <antoine.tenart@...e-electrons.com>,
        Miquèl Raynal <miquel.raynal@...e-electrons.com>,
        Nadav Haklai <nadavh@...vell.com>,
        Victor Gu <xigu@...vell.com>, Marcin Wojtas <mw@...ihalf.com>,
        Wilson Ding <dingwei@...vell.com>,
        Hua Jing <jinghua@...vell.com>,
        Neta Zur Hershkovits <neta@...vell.com>,
        stable <stable@...r.kernel.org>
Subject: Re: [PATCH] pinctrl: armada-37xx: Fix gpio interrupt setup

On Thu, Sep 7, 2017 at 4:54 PM, Gregory CLEMENT
<gregory.clement@...e-electrons.com> wrote:

> Since commit dc749a09ea5e ("gpiolib: allow gpio irqchip to map irqs
> dynamically"), the irqs for gpio are not statically allocated during in
> gpiochip_irqchip_add.
>
> This driver was based on this assumption for initializing the mask
> associated to each interrupt this led to a NULL pointer crash in the
> kernel:
>
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> Mem abort info:
>   Exception class = DABT (current EL), IL = 32 bits
>   SET = 0, FnV = 0
>   EA = 0, S1PTW = 0
> Data abort info:
>   ISV = 0, ISS = 0x00000068
>   CM = 0, WnR = 1
> [0000000000000000] user address but active_mm is swapper
> Internal error: Oops: 96000044 [#1] PREEMPT SMP
> Modules linked in:
> CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.13.0-06657-g3b9f8ed25dbe #576
> Hardware name: Marvell Armada 3720 Development Board DB-88F3720-DDR3 (DT)
> task: ffff80001d908000 task.stack: ffff000008068000
> PC is at armada_37xx_pinctrl_probe+0x5f8/0x670
> LR is at armada_37xx_pinctrl_probe+0x5e8/0x670
> pc : [<ffff000008e25cdc>] lr : [<ffff000008e25ccc>] pstate: 60000045
> sp : ffff00000806bb80
> x29: ffff00000806bb80 x28: 0000000000000024
> x27: 000000000000000c x26: 0000000000000001
> x25: ffff80001efee760 x24: 0000000000000000
> x23: ffff80001db6f570 x22: ffff80001db6f438
> x21: 0000000000000000 x20: ffff80001d9f4810
> x19: ffff80001db6f418 x18: 0000000000000000
> x17: 0000000000000001 x16: 0000000000000019
> x15: ffffffffffffffff x14: 0140000000000000
> x13: 0000000000000000 x12: 0000000000000030
> x11: 0101010101010101 x10: 0000000000000040
> x9 : ffff000009923580 x8 : ffff80001d400248
> x7 : ffff80001d400270 x6 : 0000000000000000
> x5 : ffff80001d400248 x4 : ffff80001d400270
> x3 : 0000000000000000 x2 : 0000000000000001
> x1 : 0000000000000001 x0 : 0000000000000000
> Process swapper/0 (pid: 1, stack limit = 0xffff000008068000)
> Call trace:
> Exception stack(0xffff00000806ba40 to 0xffff00000806bb80)
> ba40: 0000000000000000 0000000000000001 0000000000000001 0000000000000000
> ba60: ffff80001d400270 ffff80001d400248 0000000000000000 ffff80001d400270
> ba80: ffff80001d400248 ffff000009923580 0000000000000040 0101010101010101
> baa0: 0000000000000030 0000000000000000 0140000000000000 ffffffffffffffff
> bac0: 0000000000000019 0000000000000001 0000000000000000 ffff80001db6f418
> bae0: ffff80001d9f4810 0000000000000000 ffff80001db6f438 ffff80001db6f570
> bb00: 0000000000000000 ffff80001efee760 0000000000000001 000000000000000c
> bb20: 0000000000000024 ffff00000806bb80 ffff000008e25ccc ffff00000806bb80
> bb40: ffff000008e25cdc 0000000060000045 ffff00000806bb60 ffff0000081189b8
> bb60: ffffffffffffffff ffff00000811cf1c ffff00000806bb80 ffff000008e25cdc
> [<ffff000008e25cdc>] armada_37xx_pinctrl_probe+0x5f8/0x670
> [<ffff00000859d8c8>] platform_drv_probe+0x58/0xb8
> [<ffff00000859bb44>] driver_probe_device+0x22c/0x2d8
> [<ffff00000859bcac>] __driver_attach+0xbc/0xc0
> [<ffff000008599c84>] bus_for_each_dev+0x4c/0x98
> [<ffff00000859b440>] driver_attach+0x20/0x28
> [<ffff00000859af90>] bus_add_driver+0x1b8/0x228
> [<ffff00000859c648>] driver_register+0x60/0xf8
> [<ffff00000859df64>] __platform_driver_probe+0x74/0x130
> [<ffff000008e256dc>] armada_37xx_pinctrl_driver_init+0x20/0x28
> [<ffff000008083980>] do_one_initcall+0x38/0x128
> [<ffff000008e00cf4>] kernel_init_freeable+0x188/0x22c
> [<ffff0000089b56e8>] kernel_init+0x10/0x100
> [<ffff000008084bb0>] ret_from_fork+0x10/0x18
> Code: f9403fa2 12001341 1100075a 9ac12041 (b9000001)
> ---[ end trace 8b0f4e05e1603208 ]---
>
> This patch moves the initialization of the mask field in the irq_startup
> function. However some callbacks such as irq_set_type and irq_set_wake
> could be called before irq_startup. For those functions the mask is
> computed at each call which is not a issue as these functions are not
> located in a hot path but are used sporadically for configuration.
>
> Fixes: dc749a09ea5e ("gpiolib: allow gpio irqchip to map irqs
> dynamically")
> Cc: <stable@...r.kernel.org>
> Signed-off-by: Gregory CLEMENT <gregory.clement@...e-electrons.com>

Patch applied for fixes.

Yours,
Linus Walleij

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ