redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Nikita Shubin 6b936b1872 remoteproc: Fix NULL pointer dereference in rproc_virtio_notify 
commit 791c13b709 upstream.

Undefined rproc_ops .kick method in remoteproc driver will result in
"Unable to handle kernel NULL pointer dereference" in rproc_virtio_notify,
after firmware loading if:

 1) .kick method wasn't defined in driver
 2) resource_table exists in firmware and has "Virtio device entry" defined

Let's refuse to register an rproc-induced virtio device if no kick method was
defined for rproc.

[   13.180049][  T415] 8<--- cut here ---
[   13.190558][  T415] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   13.212544][  T415] pgd = (ptrval)
[   13.217052][  T415] [00000000] *pgd=00000000
[   13.224692][  T415] Internal error: Oops: 80000005 [#1] PREEMPT SMP ARM
[   13.231318][  T415] Modules linked in: rpmsg_char imx_rproc virtio_rpmsg_bus rpmsg_core [last unloaded: imx_rproc]
[   13.241687][  T415] CPU: 0 PID: 415 Comm: unload-load.sh Not tainted 5.5.2-00002-g707df13bbbdd #6
[   13.250561][  T415] Hardware name: Freescale i.MX7 Dual (Device Tree)
[   13.257009][  T415] PC is at 0x0
[   13.260249][  T415] LR is at rproc_virtio_notify+0x2c/0x54
[   13.265738][  T415] pc : [<00000000>]    lr : [<8050f6b0>]    psr: 60010113
[   13.272702][  T415] sp : b8d47c48  ip : 00000001  fp : bc04de00
[   13.278625][  T415] r10: bc04c000  r9 : 00000cc0  r8 : b8d46000
[   13.284548][  T415] r7 : 00000000  r6 : b898f200  r5 : 00000000  r4 : b8a29800
[   13.291773][  T415] r3 : 00000000  r2 : 990a3ad4  r1 : 00000000  r0 : b8a29800
[   13.299000][  T415] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   13.306833][  T415] Control: 10c5387d  Table: b8b4806a  DAC: 00000051
[   13.313278][  T415] Process unload-load.sh (pid: 415, stack limit = 0x(ptrval))
[   13.320591][  T415] Stack: (0xb8d47c48 to 0xb8d48000)
[   13.325651][  T415] 7c40:                   b895b680 00000001 b898f200 803c6430 b895bc80 7f00ae18
[   13.334531][  T415] 7c60: 00000035 00000000 00000000 b9393200 80b3ed80 00004000 b9393268 bbf5a9a2
[   13.343410][  T415] 7c80: 00000e00 00000200 00000000 7f00aff0 7f00a014 b895b680 b895b800 990a3ad4
[   13.352290][  T415] 7ca0: 00000001 b898f210 b898f200 00000000 00000000 7f00e000 00000001 00000000
[   13.361170][  T415] 7cc0: 00000000 803c62e0 80b2169c 802a0924 b898f210 00000000 00000000 b898f210
[   13.370049][  T415] 7ce0: 80b9ba44 00000000 80b9ba48 00000000 7f00e000 00000008 80b2169c 80400114
[   13.378929][  T415] 7d00: 80b2169c 8061fd64 b898f210 7f00e000 80400744 b8d46000 80b21634 80b21634
[   13.387809][  T415] 7d20: 80b2169c 80400614 80b21634 80400718 7f00e000 00000000 b8d47d7c 80400744
[   13.396689][  T415] 7d40: b8d46000 80b21634 80b21634 803fe338 b898f254 b80fe76c b8d32e38 990a3ad4
[   13.405569][  T415] 7d60: fffffff3 b898f210 b8d46000 00000001 b898f254 803ffe7c 80857a90 b898f210
[   13.414449][  T415] 7d80: 00000001 990a3ad4 b8d46000 b898f210 b898f210 80b17aec b8a29c20 803ff0a4
[   13.423328][  T415] 7da0: b898f210 00000000 b8d46000 803fb8e0 b898f200 00000000 80b17aec b898f210
[   13.432209][  T415] 7dc0: b8a29c20 990a3ad4 b895b900 b898f200 8050fb7c 80b17aec b898f210 b8a29c20
[   13.441088][  T415] 7de0: b8a29800 b895b900 b8a29a04 803c5ec0 b8a29c00 b898f200 b8a29a20 00000007
[   13.449968][  T415] 7e00: b8a29c20 8050fd78 b8a29800 00000000 b8a29a20 b8a29c04 b8a29820 b8a299d0
[   13.458848][  T415] 7e20: b895b900 8050e5a4 b8a29800 b8a299d8 b8d46000 b8a299e0 b8a29820 b8a299d0
[   13.467728][  T415] 7e40: b895b900 8050e008 000041ed 00000000 b8b8c440 b8a299d8 b8a299e0 b8a299d8
[   13.476608][  T415] 7e60: b8b8c440 990a3ad4 00000000 b8a29820 b8b8c400 00000006 b8a29800 b895b880
[   13.485487][  T415] 7e80: b8d47f78 00000000 00000000 8050f4b4 00000006 b895b890 b8b8c400 008fbea0
[   13.494367][  T415] 7ea0: b895b880 8029f530 00000000 00000000 b8d46000 00000006 b8d46000 008fbea0
[   13.503246][  T415] 7ec0: 8029f434 00000000 b8d46000 00000000 00000000 8021e2e4 0000000a 8061fd0c
[   13.512125][  T415] 7ee0: 0000000a b8af0c00 0000000a b8af0c40 00000001 b8af0c40 00000000 8061f910
[   13.521005][  T415] 7f00: 0000000a 80240af4 00000002 b8d46000 00000000 8061fd0c 00000002 80232d7c
[   13.529884][  T415] 7f20: 00000000 b8d46000 00000000 990a3ad4 00000000 00000006 b8a62d80 008fbea0
[   13.538764][  T415] 7f40: b8d47f78 00000000 b8d46000 00000000 00000000 802210c0 b88f2900 00000000
[   13.547644][  T415] 7f60: b8a62d80 b8a62d80 b8d46000 00000006 008fbea0 80221320 00000000 00000000
[   13.556524][  T415] 7f80: b8af0c00 990a3ad4 0000006c 008fbea0 76f1cda0 00000004 80101204 00000004
[   13.565403][  T415] 7fa0: 00000000 80101000 0000006c 008fbea0 00000001 008fbea0 00000006 00000000
[   13.574283][  T415] 7fc0: 0000006c 008fbea0 76f1cda0 00000004 00000006 00000006 00000000 00000000
[   13.583162][  T415] 7fe0: 00000004 7ebaf7d0 76eb4c0b 76e3f206 600d0030 00000001 00000000 00000000
[   13.592056][  T415] [<8050f6b0>] (rproc_virtio_notify) from [<803c6430>] (virtqueue_notify+0x1c/0x34)
[   13.601298][  T415] [<803c6430>] (virtqueue_notify) from [<7f00ae18>] (rpmsg_probe+0x280/0x380 [virtio_rpmsg_bus])
[   13.611663][  T415] [<7f00ae18>] (rpmsg_probe [virtio_rpmsg_bus]) from [<803c62e0>] (virtio_dev_probe+0x1f8/0x2c4)
[   13.622022][  T415] [<803c62e0>] (virtio_dev_probe) from [<80400114>] (really_probe+0x200/0x450)
[   13.630817][  T415] [<80400114>] (really_probe) from [<80400614>] (driver_probe_device+0x16c/0x1ac)
[   13.639873][  T415] [<80400614>] (driver_probe_device) from [<803fe338>] (bus_for_each_drv+0x84/0xc8)
[   13.649102][  T415] [<803fe338>] (bus_for_each_drv) from [<803ffe7c>] (__device_attach+0xd4/0x164)
[   13.658069][  T415] [<803ffe7c>] (__device_attach) from [<803ff0a4>] (bus_probe_device+0x84/0x8c)
[   13.666950][  T415] [<803ff0a4>] (bus_probe_device) from [<803fb8e0>] (device_add+0x444/0x768)
[   13.675572][  T415] [<803fb8e0>] (device_add) from [<803c5ec0>] (register_virtio_device+0xa4/0xfc)
[   13.684541][  T415] [<803c5ec0>] (register_virtio_device) from [<8050fd78>] (rproc_add_virtio_dev+0xcc/0x1b8)
[   13.694466][  T415] [<8050fd78>] (rproc_add_virtio_dev) from [<8050e5a4>] (rproc_start+0x148/0x200)
[   13.703521][  T415] [<8050e5a4>] (rproc_start) from [<8050e008>] (rproc_boot+0x384/0x5c0)
[   13.711708][  T415] [<8050e008>] (rproc_boot) from [<8050f4b4>] (state_store+0x3c/0xc8)
[   13.719723][  T415] [<8050f4b4>] (state_store) from [<8029f530>] (kernfs_fop_write+0xfc/0x214)
[   13.728348][  T415] [<8029f530>] (kernfs_fop_write) from [<8021e2e4>] (__vfs_write+0x30/0x1cc)
[   13.736971][  T415] [<8021e2e4>] (__vfs_write) from [<802210c0>] (vfs_write+0xac/0x17c)
[   13.744985][  T415] [<802210c0>] (vfs_write) from [<80221320>] (ksys_write+0x64/0xe4)
[   13.752825][  T415] [<80221320>] (ksys_write) from [<80101000>] (ret_fast_syscall+0x0/0x54)
[   13.761178][  T415] Exception stack(0xb8d47fa8 to 0xb8d47ff0)
[   13.766932][  T415] 7fa0:                   0000006c 008fbea0 00000001 008fbea0 00000006 00000000
[   13.775811][  T415] 7fc0: 0000006c 008fbea0 76f1cda0 00000004 00000006 00000006 00000000 00000000
[   13.784687][  T415] 7fe0: 00000004 7ebaf7d0 76eb4c0b 76e3f206
[   13.790442][  T415] Code: bad PC value
[   13.839214][  T415] ---[ end trace 1fe21ecfc9f28852 ]---

Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Nikita Shubin <NShubin@topcon.com>
Fixes: 7a18694162 ("remoteproc: remove the single rpmsg vdev limitation")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200306072452.24743-1-NShubin@topcon.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-04-17 10:50:16 +02:00
..
accessibility
acpi ACPI: PM: s2idle: Refine active GPEs check 2020-04-17 10:50:09 +02:00
amba ARM updates for 5.4-rc: 2019-10-23 06:26:33 -04:00
android binderfs: use refcount for binder control devices too 2020-03-25 08:25:50 +01:00
ata libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() 2020-04-17 10:50:03 +02:00
atm fore200e: Fix incorrect checks of NULL pointer dereference 2020-02-24 08:36:36 +01:00
auxdisplay
base PM: sleep: wakeup: Skip wakeup_source_sysfs_remove() if device is not there 2020-04-17 10:50:12 +02:00
bcma
block null_blk: fix spurious IO errors after failed past-wp access 2020-04-17 10:50:00 +02:00
bluetooth Bluetooth: btusb: Disable runtime suspend on Realtek devices 2020-02-11 04:35:09 -08:00
bus bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads 2020-04-17 10:49:56 +02:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:18:25 +01:00
char tpm: tpm2_bios_measurements_next should increase position index 2020-04-17 10:50:11 +02:00
clk clk: ti: am43xx: Fix clock parent for RTC clock 2020-04-02 15:11:02 +02:00
clocksource clocksource/drivers/hyper-v: Untangle stimers and timesync from clocksources 2020-04-01 11:02:12 +02:00
connector
counter
cpufreq cpufreq: imx6q: fix error handling 2020-04-17 10:50:03 +02:00
cpuidle cpuidle: teo: Avoid using "early hits" incorrectly 2020-02-05 21:22:52 +00:00
crypto crypto: chtls - Fixed memory leak 2020-02-24 08:36:40 +01:00
dax
dca
devfreq Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" 2020-03-05 16:43:43 +01:00
dio
dma dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() 2020-03-12 13:00:30 +01:00
dma-buf dma-buf: free dmabuf->name in dma_buf_release() 2020-03-12 13:00:30 +01:00
edac EDAC/synopsys: Do not print an error with back-to-back snprintf() calls 2020-03-12 13:00:31 +01:00
eisa
extcon extcon: axp288: Add wakeup support 2020-04-08 09:08:43 +02:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
firmware efi/x86: Ignore the memory attributes table on i386 2020-04-17 10:50:03 +02:00
fpga
fsi fsi: core: Fix small accesses and unaligned offsets via sysfs 2019-12-31 16:45:09 +01:00
gnss
gpio gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model 2020-04-02 15:11:01 +02:00
gpu drm/scheduler: fix rare NULL ptr race 2020-04-17 10:49:59 +02:00
greybus
hid HID: add ALWAYS_POLL quirk to lenovo pixart mouse 2020-03-21 08:11:59 +01:00
hsi
hv hv_balloon: Balloon up according to request page number 2020-02-11 04:35:21 -08:00
hwmon hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() 2020-03-12 13:00:30 +01:00
hwspinlock
hwtracing stm class: sys-t: Fix the use of time_after() 2020-03-25 08:25:56 +01:00
i2c i2c: pca-platform: Use platform_irq_get_optional 2020-04-17 10:49:59 +02:00
i3c
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:36:53 +01:00
idle
iio iio: light: vcnl4000: update sampling periods for vcnl4040 2020-03-25 08:25:54 +01:00
infiniband RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow 2020-04-13 10:48:14 +02:00
input Input: tm2-touchkey - add support for Coreriver TC360 variant 2020-04-17 10:49:57 +02:00
interconnect interconnect: qcom: qcs404: Walk the list safely on node removal 2019-12-17 19:55:39 +01:00
iommu iommu/vt-d: Allow devices with RMRRs to use identity domain 2020-04-13 10:48:18 +02:00
ipack
irqchip irqchip/versatile-fpga: Apply clear-mask earlier 2020-04-17 10:50:11 +02:00
isdn net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
leds leds: pca963x: Fix open-drain initialization 2020-02-24 08:36:24 +01:00
lightnvm
macintosh macintosh: windfarm: fix MODINFO regression 2020-03-18 07:17:53 +01:00
mailbox mailbox: imx: Fix Tx doorbell shutdown path 2020-01-04 19:18:30 +01:00
mcb
md md: check arrays is suspended in mddev_detach before call quiesce operations 2020-04-17 10:50:04 +02:00
media media: ti-vpe: cal: fix a kernel oops when unloading module 2020-04-17 10:50:08 +02:00
memory memory: mtk-smi: Add PM suspend and resume ops 2020-01-17 19:48:59 +01:00
memstick
message scsi: mptfusion: Fix double fetch bug in ioctl 2020-01-23 08:22:35 +01:00
mfd mfd: max77650: Select REGMAP_IRQ in Kconfig 2020-02-14 16:34:19 -05:00
misc mei: me: add cedar fork device ids 2020-04-08 09:08:42 +02:00
mmc mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY 2020-04-01 11:01:29 +02:00
mtd mtd: spinand: Do not erase the block before writing a bad block marker 2020-04-17 10:50:14 +02:00
mux
net ath9k: Handle txpower changes even when TPC is disabled 2020-04-17 10:50:12 +02:00
nfc NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() 2020-04-01 11:01:38 +02:00
ntb
nubus
nvdimm libnvdimm/btt: fix variable 'rc' set but not used 2020-01-04 19:18:12 +01:00
nvme nvme-fc: Revert "add module to ops template to allow module references" 2020-04-17 10:50:10 +02:00
nvmem nvmem: check for NULL reg_read and reg_write before dereferencing 2020-04-08 09:08:42 +02:00
of drivers/of/of_mdio.c:fix of_mdiobus_register() 2020-04-01 11:01:51 +02:00
opp opp: Free static OPPs on errors while adding them 2020-02-24 08:36:34 +01:00
oprofile
parisc parisc: Remove 32-bit DMA enforcement from sba_iommu 2019-10-14 21:44:26 +02:00
parport parport: load lowlevel driver if ports not found 2019-12-31 16:45:25 +01:00
pci PCI: endpoint: Fix for concurrent memory allocation in OB address region 2020-04-17 10:50:11 +02:00
pcmcia
perf drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer 2020-03-25 08:25:47 +01:00
phy phy: ti: gmii-sel: do not fail in case of gmii 2020-03-25 08:25:42 +01:00
pinctrl pinctrl: core: Remove extra kref_get which blocks hogs being freed 2020-03-18 07:17:55 +01:00
platform platform/x86: asus-wmi: Support laptops where the first battery is named BATT 2020-04-17 10:50:13 +02:00
pnp
power power: supply: axp288_charger: Add special handling for HP Pavilion x2 10 2020-04-08 09:08:43 +02:00
powercap powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online() 2020-01-14 20:08:18 +01:00
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:22:51 +01:00
pwm pwm: omap-dmtimer: put_device() after of_find_device_by_node() 2020-03-05 16:43:49 +01:00
rapidio
ras
regulator regulator: stm32-vrefbuf: fix a possible overshoot when re-enabling 2020-03-12 13:00:29 +01:00
remoteproc remoteproc: Fix NULL pointer dereference in rproc_virtio_notify 2020-04-17 10:50:16 +02:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:36:41 +01:00
rpmsg rpmsg: char: release allocated memory 2020-01-14 20:08:37 +01:00
rtc rtc: max8907: add missing select REGMAP_IRQ 2020-03-25 08:25:56 +01:00
s390 s390/qeth: handle error when backing RX buffer 2020-04-01 11:01:54 +02:00
sbus
scsi nvme-fc: Revert "add module to ops template to allow module references" 2020-04-17 10:50:10 +02:00
sfi
sh
siox
slimbus
soc soc: fsl: dpio: register dpio irq handlers after dpio create 2020-04-17 10:49:57 +02:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:45:11 +01:00
spi spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion 2020-04-17 10:50:05 +02:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-19 19:53:07 +01:00
ssb
staging media: hantro: Read be32 words starting at every fourth byte 2020-04-17 10:50:08 +02:00
target scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" 2020-02-28 17:22:25 +01:00
tc
tee tee: optee: Fix compilation issue with nommu 2020-02-05 21:22:49 +00:00
thermal thermal: brcmstb_thermal: Do not use DT coefficients 2020-03-05 16:43:50 +01:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 17:22:13 +01:00
tty vt: vt_ioctl: fix use-after-free in vt_in_use() 2020-04-02 15:11:00 +02:00
uio uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() 2020-02-24 08:36:27 +01:00
usb usb: gadget: composite: Inform controller driver of self-powered 2020-04-17 10:50:06 +02:00
vfio vfio/spapr/nvlink2: Skip unpinning pages on error exit 2020-02-24 08:36:43 +01:00
vhost vhost: Check docket sk_family instead of call getname 2020-03-05 16:43:44 +01:00
video fbcon: fix null-ptr-deref in fbcon_switch 2020-04-13 10:48:14 +02:00
virt virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr 2019-10-10 14:50:32 +02:00
virtio virtio_ring: Fix mem leak with vring_new_virtqueue() 2020-03-18 07:17:55 +01:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:36:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:36:48 +01:00
w1 w1: ds250x: Fix build error without CRC16 2019-10-10 15:35:41 +02:00
watchdog watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional 2020-04-08 09:08:46 +02:00
xen xenbus: req->err should be updated before req->state 2020-03-25 08:25:49 +01:00
zorro
Kconfig
Makefile