RE: [PATCH v2 1/3] pinctrl: renesas: rzg2l: Fix NULL pointer dereference in rzg2l_dt_subnode_to_map()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Geert,

Thanks for the feedback.

> Subject: Re: [PATCH v2 1/3] pinctrl: renesas: rzg2l: Fix NULL pointer
> dereference in rzg2l_dt_subnode_to_map()
> 
> Hi Biju,
> 
> On Tue, Aug 15, 2023 at 9:56 AM Biju Das <biju.das.jz@xxxxxxxxxxxxxx>
> wrote:
> > Fix the below random NULL pointer crash during boot by serializing
> > pinctrl group and function creation/remove calls in
> > rzg2l_dt_subnode_to_map() with mutex lock.
> >
> > Crash logs:
> >  pc : __pi_strcmp+0x20/0x140
> >  lr : pinmux_func_name_to_selector+0x68/0xa4
> >  Call trace:
> >  __pi_strcmp+0x20/0x140
> >  pinmux_generic_add_function+0x34/0xcc
> >  rzg2l_dt_subnode_to_map+0x314/0x44c
> >  rzg2l_dt_node_to_map+0x164/0x194
> >  pinctrl_dt_to_map+0x218/0x37c
> >  create_pinctrl+0x70/0x3d8
> >
> > Fixes: c4c4637eb57f ("pinctrl: renesas: Add RZ/G2L pin and gpio
> > controller driver")
> > Cc: stable@xxxxxxxxxx
> > Tested-by: Chris Paterson <Chris.Paterson2@xxxxxxxxxxx>
> > Signed-off-by: Biju Das <biju.das.jz@xxxxxxxxxxxxxx>
> > ---
> > v1->v2:
> >  * Updated crash logs as per submitting patches doc.
> 
> Thanks for your patch!
> 
> > --- a/drivers/pinctrl/renesas/pinctrl-rzg2l.c
> > +++ b/drivers/pinctrl/renesas/pinctrl-rzg2l.c
> > @@ -11,6 +11,7 @@
> >  #include <linux/interrupt.h>
> >  #include <linux/io.h>
> >  #include <linux/module.h>
> > +#include <linux/mutex.h>
> >  #include <linux/of.h>
> >  #include <linux/of_irq.h>
> >  #include <linux/platform_device.h>
> > @@ -153,6 +154,7 @@ struct rzg2l_pinctrl {
> >         unsigned int                    hwirq[RZG2L_TINT_MAX_INTERRUPT];
> >
> >         spinlock_t                      lock;
> > +       struct mutex                    mutex; /* serialize adding
> groups and functions */
> 
> I guess it's not too late to add comments to the two other locks
> (bitmap_lock and lock)?

OK will add.

> 
> >  };
> >
> >  static const unsigned int iolh_groupa_mA[] = { 2, 4, 8, 12 }; @@
> > -362,10 +364,12 @@ static int rzg2l_dt_subnode_to_map(struct pinctrl_dev
> *pctldev,
> >                 name = np->name;
> >         }
> >
> > +       mutex_lock(&pctrl->mutex);
> 
> I think this is too late, as krealloc_array() above has already released
> the old map.

OK will move krealloc_array() to reduce lock section and add lock.

> 
> >         /* Register a single pin group listing all the pins we read from
> DT */
> >         gsel = pinctrl_generic_add_group(pctldev, name, pins,
> num_pinmux, NULL);
> >         if (gsel < 0) {
> >                 ret = gsel;
> > +               mutex_unlock(&pctrl->mutex);
> 
> Please add a new label below, to avoid adding a call to mutex_unlock()
> here.
OK.
> 
> >                 goto done;
> >         }
> >
> > @@ -380,6 +384,8 @@ static int rzg2l_dt_subnode_to_map(struct
> pinctrl_dev *pctldev,
> >                 goto remove_group;
> >         }
> >
> > +       mutex_unlock(&pctrl->mutex);
> > +
> >         maps[idx].type = PIN_MAP_TYPE_MUX_GROUP;
> >         maps[idx].data.mux.group = name;
> >         maps[idx].data.mux.function = name; @@ -391,6 +397,7 @@ static
> > int rzg2l_dt_subnode_to_map(struct pinctrl_dev *pctldev,
> >
> >  remove_group:
> >         pinctrl_generic_remove_group(pctldev, gsel);
> 
> ^^ new label here.

OK.

Cheers,
Biju

> 
> > +       mutex_unlock(&pctrl->mutex);
> >  done:
> >         *index = idx;
> >         kfree(configs);
> 
> Gr{oetje,eeting}s,
> 
>                         Geert
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-
> m68k.org
> 
> In personal conversations with technical people, I call myself a hacker.
> But when I'm talking to journalists I just say "programmer" or something
> like that.
>                                 -- Linus Torvalds




[Index of Archives]     [Linux Samsung SOC]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux