forked from Minki/linux
471b12c43f
When the auxiliary device code is built into the kernel, it can be executed
before the auxiliary bus is registered. This causes bus->p to be not
allocated and triggers a NULL pointer dereference when the auxiliary bus
device gets added with bus_add_device(). Call the auxiliary_bus_init()
under driver_init() so the bus is initialized before devices.
Below is the kernel splat for the bug:
[ 1.948215] BUG: kernel NULL pointer dereference, address: 0000000000000060
[ 1.950670] #PF: supervisor read access in kernel mode
[ 1.950670] #PF: error_code(0x0000) - not-present page
[ 1.950670] PGD 0
[ 1.950670] Oops: 0000 1 SMP NOPTI
[ 1.950670] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.0-intel-nextsvmtest+ #2205
[ 1.950670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 1.950670] RIP: 0010:bus_add_device+0x64/0x140
[ 1.950670] Code: 00 49 8b 75 20 48 89 df e8 59 a1 ff ff 41 89 c4 85 c0 75 7b 48 8b 53 50 48 85 d2 75 03 48 8b 13 49 8b 85 a0 00 00 00 48 89 de <48> 8
78 60 48 83 c7 18 e8 ef d9 a9 ff 41 89 c4 85 c0 75 45 48 8b
[ 1.950670] RSP: 0000:ff46032ac001baf8 EFLAGS: 00010246
[ 1.950670] RAX: 0000000000000000 RBX: ff4597f7414aa680 RCX: 0000000000000000
[ 1.950670] RDX: ff4597f74142bbc0 RSI: ff4597f7414aa680 RDI: ff4597f7414aa680
[ 1.950670] RBP: ff46032ac001bb10 R08: 0000000000000044 R09: 0000000000000228
[ 1.950670] R10: ff4597f741141b30 R11: ff4597f740182a90 R12: 0000000000000000
[ 1.950670] R13: ffffffffa5e936c0 R14: 0000000000000000 R15: 0000000000000000
[ 1.950670] FS: 0000000000000000(0000) GS:ff4597f7bba00000(0000) knlGS:0000000000000000
[ 1.950670] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.950670] CR2: 0000000000000060 CR3: 000000002140c001 CR4: 0000000000f71ef0
[ 1.950670] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1.950670] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[ 1.950670] PKRU: 55555554
[ 1.950670] Call Trace:
[ 1.950670] device_add+0x3ee/0x850
[ 1.950670] __auxiliary_device_add+0x47/0x60
[ 1.950670] idxd_pci_probe+0xf77/0x1180
[ 1.950670] local_pci_probe+0x4a/0x90
[ 1.950670] pci_device_probe+0xff/0x1b0
[ 1.950670] really_probe+0x1cf/0x440
[ 1.950670] ? rdinit_setup+0x31/0x31
[ 1.950670] driver_probe_device+0xe8/0x150
[ 1.950670] device_driver_attach+0x58/0x60
[ 1.950670] __driver_attach+0x8f/0x150
[ 1.950670] ? device_driver_attach+0x60/0x60
[ 1.950670] ? device_driver_attach+0x60/0x60
[ 1.950670] bus_for_each_dev+0x79/0xc0
[ 1.950670] ? kmem_cache_alloc_trace+0x323/0x430
[ 1.950670] driver_attach+0x1e/0x20
[ 1.950670] bus_add_driver+0x154/0x1f0
[ 1.950670] driver_register+0x70/0xc0
[ 1.950670] __pci_register_driver+0x54/0x60
[ 1.950670] idxd_init_module+0xe2/0xfc
[ 1.950670] ? idma64_platform_driver_init+0x19/0x19
[ 1.950670] do_one_initcall+0x4a/0x1e0
[ 1.950670] kernel_init_freeable+0x1fc/0x25c
[ 1.950670] ? rest_init+0xba/0xba
[ 1.950670] kernel_init+0xe/0x116
[ 1.950670] ret_from_fork+0x1f/0x30
[ 1.950670] Modules linked in:
[ 1.950670] CR2: 0000000000000060
[ 1.950670] --[ end trace cd7d1b226d3ca901 ]--
Fixes: 7de3697e9c ("Add auxiliary bus support")
Reported-by: Jacob Pan <jacob.jun.pan@intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Acked-by: Dave Ertman <david.m.ertman@intel.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/20210210201611.1611074-1-dave.jiang@intel.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
204 lines
7.3 KiB
C
204 lines
7.3 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (c) 2001-2003 Patrick Mochel <mochel@osdl.org>
|
|
* Copyright (c) 2004-2009 Greg Kroah-Hartman <gregkh@suse.de>
|
|
* Copyright (c) 2008-2012 Novell Inc.
|
|
* Copyright (c) 2012-2019 Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
* Copyright (c) 2012-2019 Linux Foundation
|
|
*
|
|
* Core driver model functions and structures that should not be
|
|
* shared outside of the drivers/base/ directory.
|
|
*
|
|
*/
|
|
#include <linux/notifier.h>
|
|
|
|
/**
|
|
* struct subsys_private - structure to hold the private to the driver core portions of the bus_type/class structure.
|
|
*
|
|
* @subsys - the struct kset that defines this subsystem
|
|
* @devices_kset - the subsystem's 'devices' directory
|
|
* @interfaces - list of subsystem interfaces associated
|
|
* @mutex - protect the devices, and interfaces lists.
|
|
*
|
|
* @drivers_kset - the list of drivers associated
|
|
* @klist_devices - the klist to iterate over the @devices_kset
|
|
* @klist_drivers - the klist to iterate over the @drivers_kset
|
|
* @bus_notifier - the bus notifier list for anything that cares about things
|
|
* on this bus.
|
|
* @bus - pointer back to the struct bus_type that this structure is associated
|
|
* with.
|
|
*
|
|
* @glue_dirs - "glue" directory to put in-between the parent device to
|
|
* avoid namespace conflicts
|
|
* @class - pointer back to the struct class that this structure is associated
|
|
* with.
|
|
*
|
|
* This structure is the one that is the actual kobject allowing struct
|
|
* bus_type/class to be statically allocated safely. Nothing outside of the
|
|
* driver core should ever touch these fields.
|
|
*/
|
|
struct subsys_private {
|
|
struct kset subsys;
|
|
struct kset *devices_kset;
|
|
struct list_head interfaces;
|
|
struct mutex mutex;
|
|
|
|
struct kset *drivers_kset;
|
|
struct klist klist_devices;
|
|
struct klist klist_drivers;
|
|
struct blocking_notifier_head bus_notifier;
|
|
unsigned int drivers_autoprobe:1;
|
|
struct bus_type *bus;
|
|
|
|
struct kset glue_dirs;
|
|
struct class *class;
|
|
};
|
|
#define to_subsys_private(obj) container_of(obj, struct subsys_private, subsys.kobj)
|
|
|
|
struct driver_private {
|
|
struct kobject kobj;
|
|
struct klist klist_devices;
|
|
struct klist_node knode_bus;
|
|
struct module_kobject *mkobj;
|
|
struct device_driver *driver;
|
|
};
|
|
#define to_driver(obj) container_of(obj, struct driver_private, kobj)
|
|
|
|
/**
|
|
* struct device_private - structure to hold the private to the driver core portions of the device structure.
|
|
*
|
|
* @klist_children - klist containing all children of this device
|
|
* @knode_parent - node in sibling list
|
|
* @knode_driver - node in driver list
|
|
* @knode_bus - node in bus list
|
|
* @knode_class - node in class list
|
|
* @deferred_probe - entry in deferred_probe_list which is used to retry the
|
|
* binding of drivers which were unable to get all the resources needed by
|
|
* the device; typically because it depends on another driver getting
|
|
* probed first.
|
|
* @async_driver - pointer to device driver awaiting probe via async_probe
|
|
* @device - pointer back to the struct device that this structure is
|
|
* associated with.
|
|
* @dead - This device is currently either in the process of or has been
|
|
* removed from the system. Any asynchronous events scheduled for this
|
|
* device should exit without taking any action.
|
|
*
|
|
* Nothing outside of the driver core should ever touch these fields.
|
|
*/
|
|
struct device_private {
|
|
struct klist klist_children;
|
|
struct klist_node knode_parent;
|
|
struct klist_node knode_driver;
|
|
struct klist_node knode_bus;
|
|
struct klist_node knode_class;
|
|
struct list_head deferred_probe;
|
|
struct device_driver *async_driver;
|
|
char *deferred_probe_reason;
|
|
struct device *device;
|
|
u8 dead:1;
|
|
};
|
|
#define to_device_private_parent(obj) \
|
|
container_of(obj, struct device_private, knode_parent)
|
|
#define to_device_private_driver(obj) \
|
|
container_of(obj, struct device_private, knode_driver)
|
|
#define to_device_private_bus(obj) \
|
|
container_of(obj, struct device_private, knode_bus)
|
|
#define to_device_private_class(obj) \
|
|
container_of(obj, struct device_private, knode_class)
|
|
|
|
/* initialisation functions */
|
|
extern int devices_init(void);
|
|
extern int buses_init(void);
|
|
extern int classes_init(void);
|
|
extern int firmware_init(void);
|
|
#ifdef CONFIG_SYS_HYPERVISOR
|
|
extern int hypervisor_init(void);
|
|
#else
|
|
static inline int hypervisor_init(void) { return 0; }
|
|
#endif
|
|
extern int platform_bus_init(void);
|
|
extern void cpu_dev_init(void);
|
|
extern void container_dev_init(void);
|
|
#ifdef CONFIG_AUXILIARY_BUS
|
|
extern void auxiliary_bus_init(void);
|
|
#else
|
|
static inline void auxiliary_bus_init(void) { }
|
|
#endif
|
|
|
|
struct kobject *virtual_device_parent(struct device *dev);
|
|
|
|
extern int bus_add_device(struct device *dev);
|
|
extern void bus_probe_device(struct device *dev);
|
|
extern void bus_remove_device(struct device *dev);
|
|
|
|
extern int bus_add_driver(struct device_driver *drv);
|
|
extern void bus_remove_driver(struct device_driver *drv);
|
|
extern void device_release_driver_internal(struct device *dev,
|
|
struct device_driver *drv,
|
|
struct device *parent);
|
|
|
|
extern void driver_detach(struct device_driver *drv);
|
|
extern void driver_deferred_probe_del(struct device *dev);
|
|
extern void device_set_deferred_probe_reason(const struct device *dev,
|
|
struct va_format *vaf);
|
|
static inline int driver_match_device(struct device_driver *drv,
|
|
struct device *dev)
|
|
{
|
|
return drv->bus->match ? drv->bus->match(dev, drv) : 1;
|
|
}
|
|
extern bool driver_allows_async_probing(struct device_driver *drv);
|
|
|
|
extern int driver_add_groups(struct device_driver *drv,
|
|
const struct attribute_group **groups);
|
|
extern void driver_remove_groups(struct device_driver *drv,
|
|
const struct attribute_group **groups);
|
|
int device_driver_attach(struct device_driver *drv, struct device *dev);
|
|
void device_driver_detach(struct device *dev);
|
|
|
|
extern char *make_class_name(const char *name, struct kobject *kobj);
|
|
|
|
extern int devres_release_all(struct device *dev);
|
|
extern void device_block_probing(void);
|
|
extern void device_unblock_probing(void);
|
|
|
|
/* /sys/devices directory */
|
|
extern struct kset *devices_kset;
|
|
extern void devices_kset_move_last(struct device *dev);
|
|
|
|
#if defined(CONFIG_MODULES) && defined(CONFIG_SYSFS)
|
|
extern void module_add_driver(struct module *mod, struct device_driver *drv);
|
|
extern void module_remove_driver(struct device_driver *drv);
|
|
#else
|
|
static inline void module_add_driver(struct module *mod,
|
|
struct device_driver *drv) { }
|
|
static inline void module_remove_driver(struct device_driver *drv) { }
|
|
#endif
|
|
|
|
#ifdef CONFIG_DEVTMPFS
|
|
extern int devtmpfs_init(void);
|
|
#else
|
|
static inline int devtmpfs_init(void) { return 0; }
|
|
#endif
|
|
|
|
/* Device links support */
|
|
extern int device_links_read_lock(void);
|
|
extern void device_links_read_unlock(int idx);
|
|
extern int device_links_read_lock_held(void);
|
|
extern int device_links_check_suppliers(struct device *dev);
|
|
extern void device_links_driver_bound(struct device *dev);
|
|
extern void device_links_driver_cleanup(struct device *dev);
|
|
extern void device_links_no_driver(struct device *dev);
|
|
extern bool device_links_busy(struct device *dev);
|
|
extern void device_links_unbind_consumers(struct device *dev);
|
|
|
|
/* device pm support */
|
|
void device_pm_move_to_tail(struct device *dev);
|
|
|
|
#ifdef CONFIG_DEVTMPFS
|
|
int devtmpfs_create_node(struct device *dev);
|
|
int devtmpfs_delete_node(struct device *dev);
|
|
#else
|
|
static inline int devtmpfs_create_node(struct device *dev) { return 0; }
|
|
static inline int devtmpfs_delete_node(struct device *dev) { return 0; }
|
|
#endif
|