lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAMuHMdUmn2NG-uf3UavgXdHC0ma+r8w+g7Bjn_PiVykHakzf1g@mail.gmail.com>
Date:   Tue, 21 Feb 2023 13:54:23 +0100
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Linux-Renesas <linux-renesas-soc@...r.kernel.org>
Subject: Re: [PATCH 12/21] driver core: bus: bus iterator cleanups

Hi Greg,

On Wed, Feb 8, 2023 at 12:15 PM Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
> Convert the bus_for_each_dev(), bus_find_device, and bus_for_each_drv()
> functions to use bus_to_subsys() and not use the back-pointer to the
> private structure.
>
> Cc: "Rafael J. Wysocki" <rafael@...nel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

Thanks for your patch, which is now commit 83b9148df2c95e23 ("driver
core: bus: bus iterator cleanups") in driver-core-next.

I have bisected an early kernel crash on the Renesas Salvator-XS
board to this commit:

    Unable to handle kernel NULL pointer dereference at virtual
address 0000000000000028
    ...
    Call trace:
     __lock_acquire+0x530/0x20f0
     lock_acquire.part.0+0xc8/0x210
     lock_acquire+0x64/0x80
     _raw_spin_lock+0x4c/0x60
     bus_to_subsys+0x24/0xac
     bus_for_each_dev+0x30/0xcc
     soc_device_match+0x4c/0xe0
     r8a7795_sysc_init+0x18/0x60
     rcar_sysc_pd_init+0xb0/0x33c
     do_one_initcall+0x128/0x2bc

> --- a/drivers/base/bus.c
> +++ b/drivers/base/bus.c
> @@ -355,18 +355,20 @@ static struct device *next_device(struct klist_iter *i)
>  int bus_for_each_dev(const struct bus_type *bus, struct device *start,
>                      void *data, int (*fn)(struct device *, void *))
>  {
> +       struct subsys_private *sp = bus_to_subsys(bus);

If bus_to_subsys() is called from an early_initcall(), bus_kset is
still NULL, causing a crash.

>         struct klist_iter i;
>         struct device *dev;
>         int error = 0;
>
> -       if (!bus || !bus->p)

Before, the !bus->sp check prevented the crash...

> +       if (!sp)
>                 return -EINVAL;

... and instructed soc_device_match() to go into
early_soc_dev_attr mode.

I have sent a fix
"[PATCH] driver core: bus: Handle early calls to bus_to_subsys()"
https://lore.kernel.org/r/0a92979f6e790737544638e8a4c19b0564e660a2.1676983596.git.geert+renesas@glider.be

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ