github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
e022fea64e
linux/drivers
History
Bean Huo e022fea64e scsi: ufs: core: Fix NULL pointer dereference 
[ Upstream commit 1da3b0141e ]

Calling ufshcd_rpm_{get/put}_sync() prior to ufshcd_scsi_add_wlus() being
called will trigger a NULL pointer dereference. This is because
hba->sdev_ufs_device is initialized in ufshcd_scsi_add_wlus().

    Unable to handle kernel NULL pointer dereference at virtual address
    0000000000000348
    Mem abort info:
      ESR = 0x96000004
      EC = 0x25: DABT (current EL), IL = 32 bits
      SET = 0, FnV = 0
      EA = 0, S1PTW = 0
      FSC = 0x04: level 0 translation fault
    Data abort info:
      ISV = 0, ISS = 0x00000004
      CM = 0, WnR = 0
    [0000000000000348] user address but active_mm is swapper
    Internal error: Oops: 96000004 [#1] PREEMPT SMP
    Modules linked in:
    CPU: 0 PID: 91 Comm: kworker/u16:1 Not tainted 5.15.0-rc1-beanhuo-linaro-1423
    Hardware name: MicronRB (DT)
    Workqueue: events_unbound async_run_entry_fn
    pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
    pc : pm_runtime_drop_link+0x128/0x338
    lr : ufshpb_get_dev_info+0x8c/0x148
    sp : ffff800012573c10
    x29: ffff800012573c10 x28: 0000000000000000 x27: 0000000000000003
    x26: ffff000001d21298 x25: 000000005abcea60 x24: ffff800011d89000
    x23: 0000000000000001 x22: ffff000001d21880 x21: ffff000001ec9300
    x20: 0000000000000004 x19: 0000000000000198 x18: ffffffffffffffff
    x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000041400
    x14: 5eee00201100200a x13: 000000000000bb03 x12: 0000000000000000
    x11: 0000000000000100 x10: 0200000000000000 x9 : bb0000021a162c01
    x8 : 0302010021021003 x7 : 0000000000000000 x6 : ffff800012573af0
    x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000200
    x2 : 0000000000000348 x1 : 0000000000000348 x0 : ffff80001095308c
    Call trace:
     pm_runtime_drop_link+0x128/0x338
     ufshpb_get_dev_info+0x8c/0x148
     ufshcd_probe_hba+0xda0/0x11b8
     ufshcd_async_scan+0x34/0x330
     async_run_entry_fn+0x38/0x180
     process_one_work+0x1f4/0x498
     worker_thread+0x48/0x480
     kthread+0x140/0x158
     ret_from_fork+0x10/0x20
    Code: 88027c01 35ffffa2 17fff6c4 f9800051 (885f7c40)
    ---[ end trace 2ba541335f595c95 ]

ufshpb_get_dev_info() is only called during asynchronous scanning and at
that time pm_runtime_get_sync() has been called:

    ...
    /* Hold auto suspend until async scan completes */
    pm_runtime_get_sync(dev);
    atomic_set(&hba->scsi_block_reqs_cnt, 0);
    ...
    ufshcd_async_scan()
        ufshcd_probe_hba(hba, true);
            ufshcd_device_params_init(hba);
                ufshpb_get_dev_info();
    ...
        pm_runtime_put_sync(hba->dev);

Remove ufshcd_rpm_{get/put}_sync() from ufshpb_get_dev_info() to fix this
problem.

Link: https://lore.kernel.org/r/20210929200640.828611-2-huobean@gmail.com
Fixes: 351b3a849a ("scsi: ufs: ufshpb: Use proper power management API")
Signed-off-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-18 19:17:07 +01:00
..
accessibility
acpi ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses 2021-11-18 19:17:06 +01:00
amba ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" 2021-11-06 14:13:31 +01:00
android binder: don't detect sender/target during buffer cleanup 2021-11-12 15:05:49 +01:00
ata libata: fix checking of DMA state 2021-11-18 19:16:00 +01:00
atm
auxdisplay auxdisplay: ht16k33: Fix frame buffer device blanking 2021-11-18 19:17:02 +01:00
base driver core: Fix possible memory leak in device_link_add() 2021-11-18 19:16:50 +01:00
bcma Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
block nbd: fix possible overflow for 'first_minor' in nbd_dev_add() 2021-11-18 19:17:05 +01:00
bluetooth Bluetooth: hci_h5: Fix (runtime)suspend issues on RTL8723BS HCIs 2021-11-18 19:16:25 +01:00
bus bus: ti-sysc: Fix timekeeping_suspended warning on resume 2021-11-18 19:16:48 +01:00
cdrom
char ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()' 2021-11-18 19:16:44 +01:00
clk clk: at91: clk-master: fix prescaler logic 2021-11-18 19:16:56 +01:00
clocksource clocksource/drivers/timer-ti-dm: Select TIMER_OF 2021-11-18 19:16:39 +01:00
comedi comedi: vmk80xx: fix bulk and interrupt message timeouts 2021-11-12 15:05:51 +01:00
connector
counter
cpufreq cpufreq: intel_pstate: Fix cpu->pstate.turbo_freq initialization 2021-11-18 19:16:42 +01:00
cpuidle cpuidle: Fix kobject memory leaks in error paths 2021-11-18 19:16:29 +01:00
crypto crypto: octeontx2 - set assoclen in aead_do_fallback() 2021-11-18 19:16:33 +01:00
cxl cxl/pci: Fix NULL vs ERR_PTR confusion 2021-11-18 19:16:04 +01:00
dax libnvdimm for v5.15 2021-09-09 11:39:57 -07:00
dca
devfreq devfreq: use HZ macros 2021-09-08 11:50:26 -07:00
dio
dma dmaengine: idxd: fix resource leak on dmaengine driver disable 2021-11-18 19:17:04 +01:00
dma-buf dma-buf: WARN on dmabuf release with pending attachments 2021-11-18 19:16:08 +01:00
edac EDAC/amd64: Handle three rank interleaving mode 2021-11-18 19:16:30 +01:00
eisa
extcon
firewire FireWire (IEEE 1394) subsystem updates: 2021-09-11 09:47:33 -07:00
firmware firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() 2021-11-18 19:16:55 +01:00
fpga fpga: ice40-spi: Add SPI device ID table 2021-09-27 14:00:41 -07:00
fsi
gnss
gpio gpio: realtek-otto: fix GPIO line IRQ offset 2021-11-18 19:17:04 +01:00
gpu drm/bridge: nwl-dsi: Add atomic_get_input_bus_fmts 2021-11-18 19:17:01 +01:00
greybus
hid HID: u2fzero: properly handle timeouts in usb_submit_urb 2021-11-18 19:16:56 +01:00
hsi
hv hyperv-fixes for 5.15 2021-10-22 10:31:32 -10:00
hwmon hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff 2021-11-18 19:16:32 +01:00
hwspinlock
hwtracing coresight: trbe: Defer the probe on offline CPUs 2021-11-18 19:16:06 +01:00
i2c i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' 2021-11-18 19:17:04 +01:00
i3c
idle
iio iio: adis: do not disabe IRQs in 'adis_init()' 2021-11-18 19:16:54 +01:00
infiniband RDMA/core: Require the driver to set the IOVA correctly during rereg_mr 2021-11-18 19:16:58 +01:00
input Input: st1232 - increase "wait ready" timeout 2021-11-18 19:17:01 +01:00
interconnect interconnect: qcom: sdm660: Add missing a2noc qos clocks 2021-09-13 15:49:55 +03:00
iommu iommu/dma: Fix incorrect error return on iommu deferred attach 2021-11-18 19:16:57 +01:00
ipack ipack: ipoctal: fix module reference leak 2021-09-27 17:38:49 +02:00
irqchip irq: mips: avoid nested irq_enter() 2021-11-18 19:16:40 +01:00
isdn mISDN: Fix return values of the probe function 2021-10-19 13:09:28 +01:00
leds leds: pca955x: Switch to i2c probe_new 2021-08-20 11:00:08 +02:00
macintosh memblock: introduce saner 'memblock_free_ptr()' interface 2021-09-14 13:23:22 -07:00
mailbox mailbox: mtk-cmdq: Fix local clock ID usage 2021-11-18 19:16:35 +01:00
mcb mcb: fix error handling in mcb_alloc_bus() 2021-09-14 11:22:26 +02:00
md md: update superblock after changing rdev flags in state_store 2021-11-18 19:16:16 +01:00
media media: ir_toy: assignment to be16 should be of correct type 2021-11-18 19:16:34 +01:00
memory memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe 2021-11-18 19:16:51 +01:00
memstick memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() 2021-11-18 19:16:32 +01:00
message
mfd mfd: simple-mfd-i2c: Select MFD_CORE to fix build error 2021-11-18 19:16:06 +01:00
misc eeprom: 93xx46: fix MODULE_DEVICE_TABLE 2021-10-15 10:54:02 +02:00
mmc mmc: mxs-mmc: disable regulator on error and in the remove function 2021-11-18 19:16:34 +01:00
most most: fix control-message timeouts 2021-11-18 19:16:08 +01:00
mtd mtd: core: don't remove debugfs directory if device is in use 2021-11-18 19:17:01 +01:00
mux
net ice: Fix not stopping Tx queues for VFs 2021-11-18 19:17:06 +01:00
nfc nfc: port100: fix using -ERRNO as command type mask 2021-10-26 13:42:00 +01:00
ntb Bug fixes and clean-ups for Linux v5.15 2021-09-07 13:05:02 -07:00
nubus
nvdimm nvdimm/btt: do not call del_gendisk() if not needed 2021-11-18 19:17:06 +01:00
nvme nvme-rdma: fix error code in nvme_rdma_setup_ctrl 2021-11-18 19:16:38 +01:00
nvmem nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells 2021-10-13 15:09:58 +02:00
of of: unittest: fix EXPECT text for gpio hog errors 2021-11-18 19:16:45 +01:00
opp opp: Fix return in _opp_add_static_v2() 2021-11-18 19:17:00 +01:00
parisc parisc: Move pci_dev_is_behind_card_dino to where it is used 2021-09-09 12:44:31 +02:00
parport parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci PCI: j721e: Fix j721e_pcie_probe() error path 2021-11-18 19:17:06 +01:00
pcmcia
perf KVM: arm64: Fix PMU probe ordering 2021-09-20 12:43:34 +01:00
phy phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe() 2021-11-18 19:16:56 +01:00
pinctrl pinctrl: equilibrium: Fix function addition in multiple groups 2021-11-18 19:16:55 +01:00
platform platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning 2021-11-18 19:16:34 +01:00
pnp
power power: supply: bq27xxx: Fix kernel crash on IRQ handler register error 2021-11-18 19:16:58 +01:00
powercap powercap: Add Power Limit4 support for Alder Lake SoC 2021-08-25 20:12:16 +02:00
pps
ps3
ptp ptp: free 'vclock_index' in ptp_clock_release() 2021-10-21 12:50:38 +01:00
pwm pwm: mtk-disp: Implement atomic API .get_state() 2021-09-02 22:27:46 +02:00
rapidio
ras
regulator regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled 2021-11-18 19:15:57 +01:00
remoteproc remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()' 2021-11-18 19:17:01 +01:00
reset reset: socfpga: add empty driver allowing consumers to probe 2021-10-05 12:23:16 +02:00
rpmsg
rtc rtc: rv3032: fix error handling in rv3032_clkout_set_rate() 2021-11-18 19:17:01 +01:00
s390 s390 updates for 5.15-rc4 2021-10-01 14:45:23 -07:00
sbus
scsi scsi: ufs: core: Fix NULL pointer dereference 2021-11-18 19:17:07 +01:00
sh
siox
slimbus Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
soc soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read 2021-11-18 19:17:02 +01:00
soundwire soundwire: bus: stop dereferencing invalid slave pointer 2021-11-18 19:16:54 +01:00
spi spi: spi-rpc-if: Check return value of rpcif_sw_init() 2021-11-18 19:16:42 +01:00
spmi
ssb
staging staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC 2021-11-18 19:16:52 +01:00
target scsi: target: core: Remove from tmr_list during LUN unlink 2021-11-18 19:17:03 +01:00
tc
tee tee: optee: Fix missing devices unregister during optee_remove 2021-10-12 13:24:39 +02:00
thermal thermal/drivers/qcom/lmh: make QCOM_LMH depends on QCOM_SCM 2021-11-18 19:16:34 +01:00
thunderbolt thunderbolt: build kunit tests without structleak plugin 2021-10-06 17:53:49 -06:00
tty serial: cpm_uart: Protect udbg definitions by CONFIG_SERIAL_CPM_CONSOLE 2021-11-18 19:16:57 +01:00
uio
usb usb: dwc3: gadget: Skip resizing EP's TX FIFO if already resized 2021-11-18 19:16:54 +01:00
vdpa vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit 2021-11-18 19:16:58 +01:00
vfio vfio/pci: add missing identifier name in argument of function prototype 2021-09-23 14:12:36 -06:00
vhost virtio,vdpa: fixes 2021-10-17 18:17:19 -10:00
video video: fbdev: chipsfb: use memset_io() instead of memset() 2021-11-18 19:16:51 +01:00
virt
virtio virtio_ring: check desc == NULL when using indirect with packed 2021-11-18 19:16:58 +01:00
visorbus
vlynq
vme
w1
watchdog ar7: fix kernel builds for compiler test 2021-11-18 19:17:03 +01:00
xen xen-pciback: Fix return in pm_ctrl_init() 2021-11-18 19:17:05 +01:00
zorro
Kconfig firmware: include drivers/firmware/Kconfig unconditionally 2021-10-07 16:51:26 +02:00
Makefile remove the lightnvm subsystem 2021-08-14 15:54:09 -06:00