[PATCH 0/2] clk: Fix a core error path and missing qcom camcc-x1e80100 enum

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Using x1e80100-camcc on a recent kernel I discovered the following NULL
pointer dereference.

[    1.347567] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[    1.347569] Mem abort info:
[    1.347569]   ESR = 0x0000000096000004
[    1.347570]   EC = 0x25: DABT (current EL), IL = 32 bits
[    1.347572]   SET = 0, FnV = 0
[    1.347572]   EA = 0, S1PTW = 0
[    1.347573]   FSC = 0x04: level 0 translation fault
[    1.347574] Data abort info:
[    1.347575]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[    1.347576]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[    1.347576]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[    1.347577] [0000000000000000] user address but active_mm is swapper
[    1.347579] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[    1.347580] Modules linked in:
[    1.347583] CPU: 1 PID: 80 Comm: kworker/u49:1 Not tainted 6.8.0-rc6-next-20240228-00163-gbe6ae77b72b2 #26
[    1.347586] Hardware name: Qualcomm CRD, BIOS 6.0.230809.BOOT.MXF.2.4-00174-HAMOA-1 08/ 9/2023
[    1.347587] Workqueue: events_unbound deferred_probe_work_func
[    1.347595] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[    1.347597] pc : clk_core_get+0xe0/0x110
[    1.347601] lr : clk_core_get+0x108/0x110
[    1.347603] sp : ffff800080353940
[    1.347604] x29: ffff8000803539a0 x28: 0000000000000000 x27: ffffb0aa57c4e2e0
[    1.347607] x26: ffffb0aa57c4e240 x25: ffff4cbd0511e4c8 x24: 0000000000000000
[    1.347609] x23: ffffb0aa583c3440 x22: 0000000000000000 x21: ffff4cc07e1d2ab8
[    1.347612] x20: 0000000000000000 x19: ffff4cbd00e28ac0 x18: 0000000000000001
[    1.347614] x17: 0000000000000018 x16: 0000000000000034 x15: 0000000000000002
[    1.347616] x14: ffffb0aa58fc6498 x13: ffffb0aa58293000 x12: 696669746f6e5f6b
[    1.347619] x11: 0000000ad6d076a3 x10: ffffb0aa58c600fb x9 : 0000000000000008
[    1.347621] x8 : 0101010101010101 x7 : 00000000736c6c65 x6 : 0080f0e8e16e646c
[    1.347624] x5 : ffff800080353958 x4 : 0000000000000000 x3 : ffff4cbd00d09100
[    1.347626] x2 : 0000000000000000 x1 : ffff4cbd00d09100 x0 : 0000000000000000
[    1.347628] Call trace:
[    1.347630]  clk_core_get+0xe0/0x110
[    1.347631]  clk_core_get_parent_by_index+0xc8/0xe0
[    1.347634]  __clk_register+0x1f0/0x864
[    1.347636]  devm_clk_hw_register+0x5c/0xd4
[    1.347639]  devm_clk_register_regmap+0x44/0x84
[    1.347642]  qcom_cc_really_probe+0x1b4/0x25c
[    1.347644]  cam_cc_x1e80100_probe+0x14c/0x1c8
[    1.347646]  platform_probe+0x68/0xc8
[    1.347649]  really_probe+0x148/0x2b0
[    1.347651]  __driver_probe_device+0x78/0x12c
[    1.347654]  driver_probe_device+0x40/0x118
[    1.347656]  __device_attach_driver+0xb8/0x134
[    1.347658]  bus_for_each_drv+0x88/0xe8
[    1.347661]  __device_attach+0xa0/0x190
[    1.347664]  device_initial_probe+0x14/0x20
[    1.347666]  bus_probe_device+0xac/0xb0
[    1.347668]  deferred_probe_work_func+0x88/0xc0
[    1.347670]  process_one_work+0x148/0x29c
[    1.347675]  worker_thread+0x2fc/0x40c
[    1.347678]  kthread+0x110/0x114
[    1.347681]  ret_from_fork+0x10/0x20
[    1.347684] Code: aa1303e0 97fff96f b140041f 54fffd08 (f9400000) 
[    1.347686] ---[ end trace 0000000000000000 ]---

The first patch fixes the NULL dereference by checking hw before returning
hw->core.

The second patch addresses the cause of the NULL pointer, which is the DT
implied indexing is not fully captured in camcc-x1e80100.c.

Obviously the above NULL deref wouldn't occur with the second patch applied
however reading the description of clk_core_get() it appears to want to
return NULL but currently cannot do so, so check for hw and return a NULL
if hw is NULL instead of dereferencing hw.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@xxxxxxxxxx>
---
Bryan O'Donoghue (2):
      clk: Fix clk_core_get NULL dereference
      clk: qcom: camcc-x1e80100: Fix missing DT_IFACE enum in x1e80100 camcc

 drivers/clk/clk.c                 | 3 +++
 drivers/clk/qcom/camcc-x1e80100.c | 1 +
 2 files changed, 4 insertions(+)
---
base-commit: 1870cdc0e8dee32e3c221704a2977898ba4c10e8
change-id: 20240301-linux-next-24-03-01-simple-clock-fixes-dc7542e23d90

Best regards,
-- 
Bryan O'Donoghue <bryan.odonoghue@xxxxxxxxxx>





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux