Patchwork [v1] ACPI / device_sysfs: Avoid OF modalias creation for removed device

login
register
mail settings
Submitter Andy Shevchenko
Date March 11, 2019, 4:41 p.m.
Message ID <20190311164103.44236-1-andriy.shevchenko@linux.intel.com>
Download mbox | patch
Permalink /patch/746147/
State New
Headers show

Comments

Andy Shevchenko - March 11, 2019, 4:41 p.m.
If SSDT overlay is loaded via ConfigFS and then unloaded the device,
we would like to have OF modalias for, already gone. Thus, acpi_get_name()
returns no allocated buffer for such case and kernel crashes afterwards:

 ACPI: Host-directed Dynamic ACPI Table Unload
 ads7950 spi-PRP0001:00: Dropping the link to regulator.0
 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
 #PF error: [normal kernel read fault]
 PGD 80000000070d6067 P4D 80000000070d6067 PUD 70d0067 PMD 0
 Oops: 0000 [#1] SMP PTI
 CPU: 0 PID: 40 Comm: kworker/u4:2 Not tainted 5.0.0+ #96
 Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
 Workqueue: kacpi_hotplug acpi_device_del_work_fn
 RIP: 0010:create_of_modalias.isra.1+0x4c/0x150
 Code: 00 00 48 89 44 24 18 31 c0 48 8d 54 24 08 48 c7 44 24 10 00 00 00 00 48 c7 44 24 08 ff ff ff ff e8 7a b0 03 00 48 8b 4c 24 10 <0f> b6 01 84 c0 74 27 48 c7 c7 00 09 f4 a5 0f b6 f0 8d 50 20 f6 04
 RSP: 0000:ffffa51040297c10 EFLAGS: 00010246
 RAX: 0000000000001001 RBX: 0000000000000785 RCX: 0000000000000000
 RDX: 0000000000001001 RSI: 0000000000000286 RDI: ffffa2163dc042e0
 RBP: ffffa216062b1196 R08: 0000000000001001 R09: ffffa21639873000
 R10: ffffffffa606761d R11: 0000000000000001 R12: ffffa21639873218
 R13: ffffa2163deb5060 R14: ffffa216063d1010 R15: 0000000000000000
 FS:  0000000000000000(0000) GS:ffffa2163e000000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000000 CR3: 0000000007114000 CR4: 00000000001006f0
 Call Trace:
  __acpi_device_uevent_modalias+0xb0/0x100
  spi_uevent+0xd/0x40

 ...

In order to fix above let create_of_modalias() check the status returned
by acpi_get_name() and bail out in case of failure.

Fixes: 8765c5ba1949 ("ACPI / scan: Rework modalias creation when "compatible" is present")
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=201381
Reported-by: Ferry Toth <fntoth@gmail.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
---
 drivers/acpi/device_sysfs.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
Mika Westerberg - March 11, 2019, 5:49 p.m.
On Mon, Mar 11, 2019 at 06:41:03PM +0200, Andy Shevchenko wrote:
> If SSDT overlay is loaded via ConfigFS and then unloaded the device,
> we would like to have OF modalias for, already gone. Thus, acpi_get_name()
> returns no allocated buffer for such case and kernel crashes afterwards:
> 
>  ACPI: Host-directed Dynamic ACPI Table Unload
>  ads7950 spi-PRP0001:00: Dropping the link to regulator.0
>  BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
>  #PF error: [normal kernel read fault]
>  PGD 80000000070d6067 P4D 80000000070d6067 PUD 70d0067 PMD 0
>  Oops: 0000 [#1] SMP PTI
>  CPU: 0 PID: 40 Comm: kworker/u4:2 Not tainted 5.0.0+ #96
>  Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
>  Workqueue: kacpi_hotplug acpi_device_del_work_fn
>  RIP: 0010:create_of_modalias.isra.1+0x4c/0x150
>  Code: 00 00 48 89 44 24 18 31 c0 48 8d 54 24 08 48 c7 44 24 10 00 00 00 00 48 c7 44 24 08 ff ff ff ff e8 7a b0 03 00 48 8b 4c 24 10 <0f> b6 01 84 c0 74 27 48 c7 c7 00 09 f4 a5 0f b6 f0 8d 50 20 f6 04
>  RSP: 0000:ffffa51040297c10 EFLAGS: 00010246
>  RAX: 0000000000001001 RBX: 0000000000000785 RCX: 0000000000000000
>  RDX: 0000000000001001 RSI: 0000000000000286 RDI: ffffa2163dc042e0
>  RBP: ffffa216062b1196 R08: 0000000000001001 R09: ffffa21639873000
>  R10: ffffffffa606761d R11: 0000000000000001 R12: ffffa21639873218
>  R13: ffffa2163deb5060 R14: ffffa216063d1010 R15: 0000000000000000
>  FS:  0000000000000000(0000) GS:ffffa2163e000000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 0000000000000000 CR3: 0000000007114000 CR4: 00000000001006f0
>  Call Trace:
>   __acpi_device_uevent_modalias+0xb0/0x100
>   spi_uevent+0xd/0x40
> 
>  ...
> 
> In order to fix above let create_of_modalias() check the status returned
> by acpi_get_name() and bail out in case of failure.
> 
> Fixes: 8765c5ba1949 ("ACPI / scan: Rework modalias creation when "compatible" is present")
> BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=201381
> Reported-by: Ferry Toth <fntoth@gmail.com>
> Cc: Mika Westerberg <mika.westerberg@linux.intel.com>

Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Ferry Toth - March 12, 2019, 7:56 a.m.
Op 11-03-19 om 17:41 schreef Andy Shevchenko:

> If SSDT overlay is loaded via ConfigFS and then unloaded the device,
> we would like to have OF modalias for, already gone. Thus, acpi_get_name()
> returns no allocated buffer for such case and kernel crashes afterwards:
>
>   ACPI: Host-directed Dynamic ACPI Table Unload
>   ads7950 spi-PRP0001:00: Dropping the link to regulator.0
>   BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
>   #PF error: [normal kernel read fault]
>   PGD 80000000070d6067 P4D 80000000070d6067 PUD 70d0067 PMD 0
>   Oops: 0000 [#1] SMP PTI
>   CPU: 0 PID: 40 Comm: kworker/u4:2 Not tainted 5.0.0+ #96
>   Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
>   Workqueue: kacpi_hotplug acpi_device_del_work_fn
>   RIP: 0010:create_of_modalias.isra.1+0x4c/0x150
>   Code: 00 00 48 89 44 24 18 31 c0 48 8d 54 24 08 48 c7 44 24 10 00 00 00 00 48 c7 44 24 08 ff ff ff ff e8 7a b0 03 00 48 8b 4c 24 10 <0f> b6 01 84 c0 74 27 48 c7 c7 00 09 f4 a5 0f b6 f0 8d 50 20 f6 04
>   RSP: 0000:ffffa51040297c10 EFLAGS: 00010246
>   RAX: 0000000000001001 RBX: 0000000000000785 RCX: 0000000000000000
>   RDX: 0000000000001001 RSI: 0000000000000286 RDI: ffffa2163dc042e0
>   RBP: ffffa216062b1196 R08: 0000000000001001 R09: ffffa21639873000
>   R10: ffffffffa606761d R11: 0000000000000001 R12: ffffa21639873218
>   R13: ffffa2163deb5060 R14: ffffa216063d1010 R15: 0000000000000000
>   FS:  0000000000000000(0000) GS:ffffa2163e000000(0000) knlGS:0000000000000000
>   CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>   CR2: 0000000000000000 CR3: 0000000007114000 CR4: 00000000001006f0
>   Call Trace:
>    __acpi_device_uevent_modalias+0xb0/0x100
>    spi_uevent+0xd/0x40
>
>   ...
>
> In order to fix above let create_of_modalias() check the status returned
> by acpi_get_name() and bail out in case of failure.
>
> Fixes: 8765c5ba1949 ("ACPI / scan: Rework modalias creation when "compatible" is present")
> BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=201381
> Reported-by: Ferry Toth <fntoth@gmail.com>
> Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> ---
>   drivers/acpi/device_sysfs.c | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/acpi/device_sysfs.c b/drivers/acpi/device_sysfs.c
> index 545e91420cde..8940054d6250 100644
> --- a/drivers/acpi/device_sysfs.c
> +++ b/drivers/acpi/device_sysfs.c
> @@ -202,11 +202,15 @@ static int create_of_modalias(struct acpi_device *acpi_dev, char *modalias,
>   {
>   	struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER };
>   	const union acpi_object *of_compatible, *obj;
> +	acpi_status status;
>   	int len, count;
>   	int i, nval;
>   	char *c;
>   
> -	acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf);
> +	status = acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf);
> +	if (ACPI_FAILURE(status))
> +		return -ENODEV;
> +
>   	/* DT strings are all in lower case */
>   	for (c = buf.pointer; *c != '\0'; c++)
>   		*c = tolower(*c);

Tested-by: Ferry Toth<fntoth@gmail.com>
Rafael J. Wysocki - March 13, 2019, 9:54 a.m.
On Monday, March 11, 2019 5:41:03 PM CET Andy Shevchenko wrote:
> If SSDT overlay is loaded via ConfigFS and then unloaded the device,
> we would like to have OF modalias for, already gone. Thus, acpi_get_name()
> returns no allocated buffer for such case and kernel crashes afterwards:
> 
>  ACPI: Host-directed Dynamic ACPI Table Unload
>  ads7950 spi-PRP0001:00: Dropping the link to regulator.0
>  BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
>  #PF error: [normal kernel read fault]
>  PGD 80000000070d6067 P4D 80000000070d6067 PUD 70d0067 PMD 0
>  Oops: 0000 [#1] SMP PTI
>  CPU: 0 PID: 40 Comm: kworker/u4:2 Not tainted 5.0.0+ #96
>  Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
>  Workqueue: kacpi_hotplug acpi_device_del_work_fn
>  RIP: 0010:create_of_modalias.isra.1+0x4c/0x150
>  Code: 00 00 48 89 44 24 18 31 c0 48 8d 54 24 08 48 c7 44 24 10 00 00 00 00 48 c7 44 24 08 ff ff ff ff e8 7a b0 03 00 48 8b 4c 24 10 <0f> b6 01 84 c0 74 27 48 c7 c7 00 09 f4 a5 0f b6 f0 8d 50 20 f6 04
>  RSP: 0000:ffffa51040297c10 EFLAGS: 00010246
>  RAX: 0000000000001001 RBX: 0000000000000785 RCX: 0000000000000000
>  RDX: 0000000000001001 RSI: 0000000000000286 RDI: ffffa2163dc042e0
>  RBP: ffffa216062b1196 R08: 0000000000001001 R09: ffffa21639873000
>  R10: ffffffffa606761d R11: 0000000000000001 R12: ffffa21639873218
>  R13: ffffa2163deb5060 R14: ffffa216063d1010 R15: 0000000000000000
>  FS:  0000000000000000(0000) GS:ffffa2163e000000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 0000000000000000 CR3: 0000000007114000 CR4: 00000000001006f0
>  Call Trace:
>   __acpi_device_uevent_modalias+0xb0/0x100
>   spi_uevent+0xd/0x40
> 
>  ...
> 
> In order to fix above let create_of_modalias() check the status returned
> by acpi_get_name() and bail out in case of failure.
> 
> Fixes: 8765c5ba1949 ("ACPI / scan: Rework modalias creation when "compatible" is present")
> BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=201381
> Reported-by: Ferry Toth <fntoth@gmail.com>
> Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> ---
>  drivers/acpi/device_sysfs.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/acpi/device_sysfs.c b/drivers/acpi/device_sysfs.c
> index 545e91420cde..8940054d6250 100644
> --- a/drivers/acpi/device_sysfs.c
> +++ b/drivers/acpi/device_sysfs.c
> @@ -202,11 +202,15 @@ static int create_of_modalias(struct acpi_device *acpi_dev, char *modalias,
>  {
>  	struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER };
>  	const union acpi_object *of_compatible, *obj;
> +	acpi_status status;
>  	int len, count;
>  	int i, nval;
>  	char *c;
>  
> -	acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf);
> +	status = acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf);
> +	if (ACPI_FAILURE(status))
> +		return -ENODEV;
> +
>  	/* DT strings are all in lower case */
>  	for (c = buf.pointer; *c != '\0'; c++)
>  		*c = tolower(*c);
> 

Applied, thanks!

Patch

diff --git a/drivers/acpi/device_sysfs.c b/drivers/acpi/device_sysfs.c
index 545e91420cde..8940054d6250 100644
--- a/drivers/acpi/device_sysfs.c
+++ b/drivers/acpi/device_sysfs.c
@@ -202,11 +202,15 @@  static int create_of_modalias(struct acpi_device *acpi_dev, char *modalias,
 {
 	struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER };
 	const union acpi_object *of_compatible, *obj;
+	acpi_status status;
 	int len, count;
 	int i, nval;
 	char *c;
 
-	acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf);
+	status = acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf);
+	if (ACPI_FAILURE(status))
+		return -ENODEV;
+
 	/* DT strings are all in lower case */
 	for (c = buf.pointer; *c != '\0'; c++)
 		*c = tolower(*c);