On Wed, Nov 10, 2021 at 10:18:15AM -0800, Bart Van Assche wrote:
> On 11/10/21 6:32 AM, Alexey Dobriyan wrote:
> > I've stumbled into a race while working on an earlier kernel,
> > but it looks like mainline is affected as well.
> >
> > err = ufshcd_init(hba, mmio_base, irq);
> > async_schedule(ufshcd_async_scan, hba);
> > ufshcd_add_lus(hba);
> > if (ufshcd_is_clkscaling_supported(hba)) {
> > [enable devfreq]
> >
> > platform_set_drvdata(pdev, hba);
> >
> > Device's private pointer is set too late, as devfreq hook get HBA
> > pointer from private data and uses it:
> >
> > static int ufshcd_devfreq_get_dev_status(struct device *dev, struct devfreq_dev_status *stat)
> > {
> > struct ufs_hba *hba = dev_get_drvdata(dev);
> > if (!ufshcd_is_clkscaling_supported(hba))
> > return -EINVAL;
> >
> > Unable to handle kernel NULL pointer dereference at virtual address ...0f10
> > pc : ufshcd_devfreq_get_dev_status
> > lr : devfreq_simple_ondemand_func
> > update_devfreq
> > devfreq_monitor
> >
> >
> > I reproduced it by turning async LU scan into sync, so it is easier to
> > trigger.
>
> Hi Alexey,
>
> Thanks for having reported this. Do you perhaps plan to post a patch to fix
> this?
Not really, my workaround is
if (!hba) {
return -EINVAL;
}
But it is likely incorrect.
