From patchwork Wed Mar 18 03:14:00 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sasha Levin X-Patchwork-Id: 45915 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f70.google.com (mail-la0-f70.google.com [209.85.215.70]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 0734621547 for ; Wed, 18 Mar 2015 03:15:15 +0000 (UTC) Received: by labgq15 with SMTP id gq15sf5094860lab.0 for ; Tue, 17 Mar 2015 20:15:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:sender:precedence:list-id:x-original-sender :x-original-authentication-results:mailing-list:list-post:list-help :list-archive:list-unsubscribe; bh=h6YdPf0ooxy2VTdrOEKMHZVF9rwN7EMW8Z8g35KEZYY=; b=M3Qo22J2j2swlYU68uwZ1TBtloSP/X8gnT5YVQfZ55u+wAaWjB1NRhBJUMBGLbpBjC Ma4fYsh6CKzCjrU+cUmlFgI9IR5h/7O9MxTHJ3vG5eFgYxUhVC1lmmz33pxIImEzPVSE TS5fZjRWVHY7mLL+ZmA46rEyX9oshCg+XV39TzoUjbm7dKcvuF9ktwspqyVis+jX40Jp ikvpaUv8sI9RNK7ukXpVcCYhBSY5kTeY8n/F146aCxC4HwoCPV+IeD3tU1WBiNmzfR39 wnG9r9QtPeibBZYob0jhkmePhgl9SJzzG82kWM9xBMyiTN9NpZoG6eF7/OQLbO/SkOYb QZIQ== X-Gm-Message-State: ALoCoQmDmcTUfeZc9vP7LhWfsX8Q3E8v6CSWYHV1ZP3azW17S+N8rQdqRZgULIHwFgC0Oa5E5rOq X-Received: by 10.112.77.101 with SMTP id r5mr10934813lbw.4.1426648513411; Tue, 17 Mar 2015 20:15:13 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.8.102 with SMTP id q6ls105548laa.24.gmail; Tue, 17 Mar 2015 20:15:12 -0700 (PDT) X-Received: by 10.152.23.3 with SMTP id i3mr60951940laf.97.1426648512859; Tue, 17 Mar 2015 20:15:12 -0700 (PDT) Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com. [209.85.217.181]) by mx.google.com with ESMTPS id f7si11920078lbs.25.2015.03.17.20.15.12 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Mar 2015 20:15:12 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.181 as permitted sender) client-ip=209.85.217.181; Received: by lbcgn8 with SMTP id gn8so20658856lbc.2 for ; Tue, 17 Mar 2015 20:15:12 -0700 (PDT) X-Received: by 10.152.26.201 with SMTP id n9mr61767113lag.29.1426648512573; Tue, 17 Mar 2015 20:15:12 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.35.133 with SMTP id h5csp893979lbj; Tue, 17 Mar 2015 20:15:11 -0700 (PDT) X-Received: by 10.70.35.2 with SMTP id d2mr123972755pdj.51.1426648510635; Tue, 17 Mar 2015 20:15:10 -0700 (PDT) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id nt3si33087408pdb.180.2015.03.17.20.15.09; Tue, 17 Mar 2015 20:15:10 -0700 (PDT) Received-SPF: none (google.com: stable-owner@vger.kernel.org does not designate permitted sender hosts) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754255AbbCRDPH (ORCPT + 1 other); Tue, 17 Mar 2015 23:15:07 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:17966 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754539AbbCRDPF (ORCPT ); Tue, 17 Mar 2015 23:15:05 -0400 Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t2I3F38X002861 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 18 Mar 2015 03:15:03 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id t2I3F2FS011613 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 18 Mar 2015 03:15:03 GMT Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17]) by userv0121.oracle.com (8.13.8/8.13.8) with ESMTP id t2I3F2SU029108; Wed, 18 Mar 2015 03:15:02 GMT Received: from lappy.hsd1.nh.comcast.net (/10.154.120.23) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 17 Mar 2015 20:15:02 -0700 From: Sasha Levin To: stable@vger.kernel.org, stable-commits@vger.kernel.org Cc: Srinivas Kandagatla , Michael Turquette , Sasha Levin Subject: [added to the 3.18 stable tree] clk: Fix debugfs clk removal before inited Date: Tue, 17 Mar 2015 23:14:00 -0400 Message-Id: <1426648483-4376-4-git-send-email-sasha.levin@oracle.com> X-Mailer: git-send-email 2.1.0 X-Source-IP: aserv0021.oracle.com [141.146.126.233] Sender: stable-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: stable@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: patch@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.181 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , From: Srinivas Kandagatla This patch has been added to the 3.18 stable tree. If you have any objections, please let us know. =============== [ Upstream commit 52bba9809a954d72bc77773bd560b9724b495eb7 ] Some of the clks can be registered & unregistered before the clk related debugfs entries are initialized at late_initcall. In the unregister path checking for only dentry before clk_debug_init() would lead dangling pointers in the debug clk list, because the list is already populated in register path and the clk pointer freed in unregister path. The side effect of not removing it from the list is either a null pointer dereference or if lucky to boot the system, the number of clk entries in debugfs disappear. We could add more checks like if (inited && !clk->dentry) but just removing the check for dentry made more sense as debugfs_remove_recursive() seems to be safe with null pointers. This will ensure that the unregistering clk would be removed from the debug list in all the code paths. Without this patch kernel would crash with log: Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c0204000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 3.19.0-rc3-00007-g412f9ba-dirty #840 Hardware name: Qualcomm (Flattened Device Tree) task: ed948000 ti: ed944000 task.ti: ed944000 PC is at strlen+0xc/0x40 LR is at __create_file+0x64/0x1dc pc : [] lr : [] psr: 60000013 sp : ed945e40 ip : ed945e50 fp : ed945e4c r10: 00000000 r9 : c1006094 r8 : 00000000 r7 : 000041ed r6 : 00000000 r5 : ed4af998 r4 : c11b5e28 r3 : 00000000 r2 : ed945e38 r1 : a0000013 r0 : 00000000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 10c5787d Table: 8020406a DAC: 00000015 Process swapper/0 (pid: 1, stack limit = 0xed944248) Stack: (0xed945e40 to 0xed946000) 5e40: ed945e7c ed945e50 c049f1c4 c04ee604 c0fc2fa4 00000000 ecb748c0 c11c2b80 5e60: c0beec04 0000011c c0fc2fa4 00000000 ed945e94 ed945e80 c049f3e0 c049f16c 5e80: 00000000 00000000 ed945eac ed945e98 c08cbc50 c049f3c0 ecb748c0 c11c2b80 5ea0: ed945ed4 ed945eb0 c0fc3080 c08cbc30 c0beec04 c107e1d8 ecdf0600 c107e1d8 5ec0: c107e1d8 ecdf0600 ed945f54 ed945ed8 c0208ed4 c0fc2fb0 c026a784 c04ee628 5ee0: ed945f0c ed945ef0 c0f5d600 c04ee604 c0f5d5ec ef7fcc7d c0b40ecc 0000011c 5f00: ed945f54 ed945f10 c026a994 c0f5d5f8 c04ecc00 00000007 ef7fcc95 00000007 5f20: c0e90744 c0dd0884 ed945f54 c106cde0 00000007 c117f8c0 0000011c c0f5d5ec 5f40: c1006094 c100609c ed945f94 ed945f58 c0f5de34 c0208e50 00000007 00000007 5f60: c0f5d5ec be9b5ae0 00000000 c117f8c0 c0af1680 00000000 00000000 00000000 5f80: 00000000 00000000 ed945fac ed945f98 c0af169c c0f5dd2c ed944000 00000000 5fa0: 00000000 ed945fb0 c020f298 c0af168c 00000000 00000000 00000000 00000000 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 ebcc6d33 bfffca73 [] (strlen) from [] (__create_file+0x64/0x1dc) [] (__create_file) from [] (debugfs_create_dir+0x2c/0x34) [] (debugfs_create_dir) from [] (clk_debug_create_one+0x2c/0x16c) [] (clk_debug_create_one) from [] (clk_debug_init+0xdc/0x144) [] (clk_debug_init) from [] (do_one_initcall+0x90/0x1e0) [] (do_one_initcall) from [] (kernel_init_freeable+0x114/0x1e0) [] (kernel_init_freeable) from [] (kernel_init+0x1c/0xfc) [] (kernel_init) from [] (ret_from_fork+0x14/0x3c) Code: c0b40ecc e1a0c00d e92dd800 e24cb004 (e5d02000) ---[ end trace b940e45b5e25c1e7 ]--- Fixes: 6314b6796e3c "clk: Don't hold prepare_lock across debugfs creation" Signed-off-by: Srinivas Kandagatla Reviewed-by: Stephen Boyd Signed-off-by: Michael Turquette Signed-off-by: Sasha Levin --- drivers/clk/clk.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index 26bed08..7d74830 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -343,13 +343,9 @@ unlock: static void clk_debug_unregister(struct clk *clk) { mutex_lock(&clk_debug_lock); - if (!clk->dentry) - goto out; - hlist_del_init(&clk->debug_node); debugfs_remove_recursive(clk->dentry); clk->dentry = NULL; -out: mutex_unlock(&clk_debug_lock); }