| Message ID | 20210424005206.261622-1-ztong0001@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | media: cobalt: fix null-ptr-deref when there is no PCI bridge | expand |
On 24/04/2021 02:52, Tong Zhang wrote: > the PCI bridge might be NULL, so we'd better check before use it > > [ 1.870569] RIP: 0010:pcie_bus_link_get_lanes.isra.0+0x26/0x59 [cobalt] > [ 1.875880] Call Trace: > [ 1.876013] cobalt_probe.cold+0x1be/0xc11 [cobalt] > [ 1.876683] pci_device_probe+0x10f/0x1c0 How did you test this? With some virtualized PCI bus or something? I'm not sure how this can happen. Regards, Hans > > Signed-off-by: Tong Zhang <ztong0001@gmail.com> > --- > drivers/media/pci/cobalt/cobalt-driver.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/media/pci/cobalt/cobalt-driver.c b/drivers/media/pci/cobalt/cobalt-driver.c > index 0695078ef812..5687ed4869ac 100644 > --- a/drivers/media/pci/cobalt/cobalt-driver.c > +++ b/drivers/media/pci/cobalt/cobalt-driver.c > @@ -189,6 +189,8 @@ void cobalt_pcie_status_show(struct cobalt *cobalt) > u32 capa; > u16 stat, ctrl; > > + if (!pci_bus_dev) > + return; > if (!pci_is_pcie(pci_dev) || !pci_is_pcie(pci_bus_dev)) > return; > > @@ -247,6 +249,8 @@ static unsigned pcie_bus_link_get_lanes(struct cobalt *cobalt) > struct pci_dev *pci_dev = cobalt->pci_dev->bus->self; > u32 link; > > + if (!pci_dev) > + return 0; > if (!pci_is_pcie(pci_dev)) > return 0; > pcie_capability_read_dword(pci_dev, PCI_EXP_LNKCAP, &link); >
On Wed, May 5, 2021 at 2:18 AM Hans Verkuil <hverkuil-cisco@xs4all.nl> wrote: > > On 24/04/2021 02:52, Tong Zhang wrote: > > the PCI bridge might be NULL, so we'd better check before use it > > > > [ 1.870569] RIP: 0010:pcie_bus_link_get_lanes.isra.0+0x26/0x59 [cobalt] > > [ 1.875880] Call Trace: > > [ 1.876013] cobalt_probe.cold+0x1be/0xc11 [cobalt] > > [ 1.876683] pci_device_probe+0x10f/0x1c0 > > How did you test this? With some virtualized PCI bus or something? I'm not sure > how this can happen. > Hello Hans, IMHO bus->self is pci bridge device and we can have a system configuration that does not have such a bridge, in this case, bus->self is NULL. - Tong > Regards, > > Hans > > > > > Signed-off-by: Tong Zhang <ztong0001@gmail.com> > > --- > > drivers/media/pci/cobalt/cobalt-driver.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/drivers/media/pci/cobalt/cobalt-driver.c b/drivers/media/pci/cobalt/cobalt-driver.c > > index 0695078ef812..5687ed4869ac 100644 > > --- a/drivers/media/pci/cobalt/cobalt-driver.c > > +++ b/drivers/media/pci/cobalt/cobalt-driver.c > > @@ -189,6 +189,8 @@ void cobalt_pcie_status_show(struct cobalt *cobalt) > > u32 capa; > > u16 stat, ctrl; > > > > + if (!pci_bus_dev) > > + return; > > if (!pci_is_pcie(pci_dev) || !pci_is_pcie(pci_bus_dev)) > > return; > > > > @@ -247,6 +249,8 @@ static unsigned pcie_bus_link_get_lanes(struct cobalt *cobalt) > > struct pci_dev *pci_dev = cobalt->pci_dev->bus->self; > > u32 link; > > > > + if (!pci_dev) > > + return 0; > > if (!pci_is_pcie(pci_dev)) > > return 0; > > pcie_capability_read_dword(pci_dev, PCI_EXP_LNKCAP, &link); > > >
On 11/05/2021 00:32, Tong Zhang wrote: > On Wed, May 5, 2021 at 2:18 AM Hans Verkuil <hverkuil-cisco@xs4all.nl> wrote: >> >> On 24/04/2021 02:52, Tong Zhang wrote: >>> the PCI bridge might be NULL, so we'd better check before use it >>> >>> [ 1.870569] RIP: 0010:pcie_bus_link_get_lanes.isra.0+0x26/0x59 [cobalt] >>> [ 1.875880] Call Trace: >>> [ 1.876013] cobalt_probe.cold+0x1be/0xc11 [cobalt] >>> [ 1.876683] pci_device_probe+0x10f/0x1c0 >> >> How did you test this? With some virtualized PCI bus or something? I'm not sure >> how this can happen. >> > Hello Hans, > IMHO bus->self is pci bridge device and we can have a system > configuration that does not have such a bridge, > in this case, bus->self is NULL. That does not answer my question :-) You show a backtrace in the commit message, how did you get that? Regards, Hans > - Tong >> Regards, >> >> Hans >> >>> >>> Signed-off-by: Tong Zhang <ztong0001@gmail.com> >>> --- >>> drivers/media/pci/cobalt/cobalt-driver.c | 4 ++++ >>> 1 file changed, 4 insertions(+) >>> >>> diff --git a/drivers/media/pci/cobalt/cobalt-driver.c b/drivers/media/pci/cobalt/cobalt-driver.c >>> index 0695078ef812..5687ed4869ac 100644 >>> --- a/drivers/media/pci/cobalt/cobalt-driver.c >>> +++ b/drivers/media/pci/cobalt/cobalt-driver.c >>> @@ -189,6 +189,8 @@ void cobalt_pcie_status_show(struct cobalt *cobalt) >>> u32 capa; >>> u16 stat, ctrl; >>> >>> + if (!pci_bus_dev) >>> + return; >>> if (!pci_is_pcie(pci_dev) || !pci_is_pcie(pci_bus_dev)) >>> return; >>> >>> @@ -247,6 +249,8 @@ static unsigned pcie_bus_link_get_lanes(struct cobalt *cobalt) >>> struct pci_dev *pci_dev = cobalt->pci_dev->bus->self; >>> u32 link; >>> >>> + if (!pci_dev) >>> + return 0; >>> if (!pci_is_pcie(pci_dev)) >>> return 0; >>> pcie_capability_read_dword(pci_dev, PCI_EXP_LNKCAP, &link); >>> >>
diff --git a/drivers/media/pci/cobalt/cobalt-driver.c b/drivers/media/pci/cobalt/cobalt-driver.c index 0695078ef812..5687ed4869ac 100644 --- a/drivers/media/pci/cobalt/cobalt-driver.c +++ b/drivers/media/pci/cobalt/cobalt-driver.c @@ -189,6 +189,8 @@ void cobalt_pcie_status_show(struct cobalt *cobalt) u32 capa; u16 stat, ctrl; + if (!pci_bus_dev) + return; if (!pci_is_pcie(pci_dev) || !pci_is_pcie(pci_bus_dev)) return; @@ -247,6 +249,8 @@ static unsigned pcie_bus_link_get_lanes(struct cobalt *cobalt) struct pci_dev *pci_dev = cobalt->pci_dev->bus->self; u32 link; + if (!pci_dev) + return 0; if (!pci_is_pcie(pci_dev)) return 0; pcie_capability_read_dword(pci_dev, PCI_EXP_LNKCAP, &link);
the PCI bridge might be NULL, so we'd better check before use it [ 1.870569] RIP: 0010:pcie_bus_link_get_lanes.isra.0+0x26/0x59 [cobalt] [ 1.875880] Call Trace: [ 1.876013] cobalt_probe.cold+0x1be/0xc11 [cobalt] [ 1.876683] pci_device_probe+0x10f/0x1c0 Signed-off-by: Tong Zhang <ztong0001@gmail.com> --- drivers/media/pci/cobalt/cobalt-driver.c | 4 ++++ 1 file changed, 4 insertions(+)