leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f5ebabdd0
linux/drivers/dma
History
Krzysztof Kozlowski 0f5ebabdd0 dmaengine: pl330: Fix NULL pointer dereference on probe failure 
If dma_async_device_register() returns error and probe should clean up
and return error, a NULL pointer exception happens because of
dereference of not allocated channel thread:

Dmesg log (from early printk):
dma-pl330 12680000.pdma: unable to register DMAC
DMA pl330_control: removing pch: eeac4000, chan: eeac4014, thread:   (null)
Unable to handle kernel NULL pointer dereference at virtual address 0000000c
pgd = c0004000
[0000000c] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 2 PID: 1 Comm: swapper/0 Not tainted 3.17.0-rc3-next-20140904-00005-g6cc4c1937d90-dirty #427
task: ee80a800 ti: ee888000 task.ti: ee888000
PC is at _stop+0x8/0x2c8
LR is at pl330_control+0x70/0x2e8
pc : [<c0205dc8>]    lr : [<c020623c>]    psr: 60000193
sp : ee889df8  ip : 00000002  fp : 00000000
r10: eeac4014  r9 : ee0e62bc  r8 : 00000000
r7 : eeac405c  r6 : 60000113  r5 : ee0e6210  r4 : eeac4000
r3 : 00000002  r2 : 00000002  r1 : 00010000  r0 : 00000000
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 10c5387d  Table: 4000404a  DAC: 00000015
Process swapper/0 (pid: 1, stack limit = 0xee888240)
Stack: (0xee889df8 to 0xee88a000)
9de0:                                                       00000002 eeac4000
9e00: ee0e6210 eeac4000 ee0e6210 60000113 eeac405c c020623c 00000000 c020725c
9e20: ee889e20 ee889e20 ee0e6210 eeac4080 00200200 00100100 eeac4014 00000020
9e40: ee0e6218 c0208374 00000000 ee9bb340 ee0e6210 00000000 00000000 c0605cd8
9e60: ee970000 c0605c84 ee9700f8 00000000 c05c4270 00000000 00000000 c0203b3c
9e80: ee970000 c06624a8 00000000 c0605c84 00000000 c023f890 ee970000 c0605c84
9ea0: ee970034 00000000 c05b23d0 c023fa3c 00000000 c0605c84 c023f9b0 c023e0d4
9ec0: ee947e78 ee9b9440 c0605c84 eea1e780 c0605acc c023f094 c0513b50 c0605c84
9ee0: c05ecbd8 c0605c84 c05ecbd8 ee11ba40 c0626500 c0240064 00000000 c05ecbd8
9f00: c05ecbd8 c0008964 c040f13c 0000009f c0626500 c057465c ee80a800 60000113
9f20: 00000000 c05efdb0 60000113 00000000 ef7fc89d c0421168 0000008f c003787c
9f40: c0573d6c 00000006 ef7fc8bb 00000006 c05efd50 ef7fc800 c05dfbc4 00000006
9f60: c05c4264 c0626500 0000008f c05c4270 c059b518 c059bcb4 00000006 00000006
9f80: c059b518 c003c08c 00000000 c040091c 00000000 00000000 00000000 00000000
9fa0: 00000000 c0400924 00000000 c000e7b8 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 c0c0c0c0 c0c0c0c0
[<c0205dc8>] (_stop) from [<c020623c>] (pl330_control+0x70/0x2e8)
[<c020623c>] (pl330_control) from [<c0208374>] (pl330_probe+0x594/0x75c)
[<c0208374>] (pl330_probe) from [<c0203b3c>] (amba_probe+0xb8/0x120)
[<c0203b3c>] (amba_probe) from [<c023f890>] (driver_probe_device+0x10c/0x22c)
[<c023f890>] (driver_probe_device) from [<c023fa3c>] (__driver_attach+0x8c/0x90)
[<c023fa3c>] (__driver_attach) from [<c023e0d4>] (bus_for_each_dev+0x54/0x88)
[<c023e0d4>] (bus_for_each_dev) from [<c023f094>] (bus_add_driver+0xd4/0x1d0)
[<c023f094>] (bus_add_driver) from [<c0240064>] (driver_register+0x78/0xf4)
[<c0240064>] (driver_register) from [<c0008964>] (do_one_initcall+0x80/0x1d0)
[<c0008964>] (do_one_initcall) from [<c059bcb4>] (kernel_init_freeable+0x108/0x1d4)
[<c059bcb4>] (kernel_init_freeable) from [<c0400924>] (kernel_init+0x8/0xec)
[<c0400924>] (kernel_init) from [<c000e7b8>] (ret_from_fork+0x14/0x3c)
Code: e5813010 e12fff1e e92d40f0 e24dd00c (e590200c)
---[ end trace c94b2f4f38dff3bf ]---

This happens because the necessary resources were not yet allocated - no
call to pl330_alloc_chan_resources().

Terminate the thread and free channel resource only if channel thread is not NULL.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Cc: <stable@vger.kernel.org>
Fixes: 0b94c57717 ("DMA: PL330: Add check if device tree compatible")
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2014-10-15 13:30:09 +05:30
..
bestcomm drivers: clean-up prom.h implicit includes 2013-10-09 20:04:04 -05:00
dw dmaengine: dw: add PCI IDs for Braswell DMAs 2014-09-11 11:48:13 +05:30
ioat ioat: fix tasklet tear down 2014-02-25 09:44:20 -08:00
ipu dmaengine: ipu: use return value of request_irq 2014-07-25 15:39:50 +05:30
ppc4xx Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2014-01-29 20:27:23 -08:00
sh dma: rcar-audmapp: Fix for no corresponding slave ID 2014-08-28 12:42:10 +05:30
xilinx dma: xilinx: Remove .owner field for driver 2014-08-19 22:36:50 +05:30
acpi-dma.c acpi-dma: convert to return error code when asked for channel 2014-02-11 23:30:50 +05:30
amba-pl08x.c dma: pl08x: Use correct specifier for size_t values 2014-08-04 13:45:26 +05:30
at_hdmac_regs.h dmaengine: at_hdmac: remove unused function 2013-12-12 22:43:41 -08:00
at_hdmac.c dma: at_hdmac: fix invalid remaining bytes detection 2014-08-07 21:52:27 +05:30
bcm2835-dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
coh901318_lli.c Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2013-02-26 09:24:48 -08:00
coh901318.c dmaengine: coh901318: use DMA_COMPLETE for dma completion status 2013-10-25 11:15:56 +05:30
coh901318.h
cppi41.c dma: cppi41: handle 0-length packets 2014-07-01 12:15:48 +05:30
dma-jz4740.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
dmaengine.c dmaengine: fix dmaengine_unmap failure 2014-05-21 14:02:37 -07:00
dmaengine.h
dmatest.c dmatest: prevent memory leakage on error path in thread 2014-09-23 20:50:39 +05:30
edma.c Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2014-08-11 07:14:01 -07:00
ep93xx_dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
fsl-edma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
fsldma.c dmaengine: Freescale: change descriptor release process for supporting async_tx 2014-07-14 21:32:18 +05:30
fsldma.h dmaengine: Freescale: change descriptor release process for supporting async_tx 2014-07-14 21:32:18 +05:30
imx-dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
imx-sdma.c dma: imx-sdma: fix another incorrect __init annotation 2014-09-28 21:30:05 +05:30
intel_mid_dma_regs.h
intel_mid_dma.c dmaengine: intel_mid_dma: use DMA_COMPLETE for dma completion status 2013-10-25 11:16:04 +05:30
iop-adma.c Merge commit 'dmaengine-3.13-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine 2013-11-16 12:02:36 +05:30
iovlock.c
k3dma.c dmaengine: k3dma: fix sparse warnings 2014-01-20 13:53:20 +05:30
Kconfig dma: Kconfig: Include mx6 in the IMX_SDMA help section 2014-09-23 20:56:23 +05:30
Makefile Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2014-08-11 07:14:01 -07:00
mic_x100_dma.c dma: MIC X100 DMA Driver 2014-07-12 09:57:42 -07:00
mic_x100_dma.h dma: MIC X100 DMA Driver 2014-07-12 09:57:42 -07:00
mmp_pdma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
mmp_tdma.c dmaengine: mmp_tdma: add DMA_PREP_INTERRUPT flag support 2014-09-11 10:47:44 +05:30
moxart-dma.c dmaengine: Add MOXA ART DMA engine driver 2014-01-20 12:32:46 +05:30
mpc512x_dma.c dmaengine: mpc512x: register for device tree channel lookup 2014-07-26 00:21:42 +05:30
mv_xor.c dma: mv_xor: Add support for DMA_INTERRUPT 2014-09-23 20:17:01 +05:30
mv_xor.h dma: mv_xor: Add support for DMA_INTERRUPT 2014-09-23 20:17:01 +05:30
mxs-dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
nbpfaxi.c dmaengine: nbpf_error_get_channel() can be static 2014-08-05 22:00:18 +05:30
of-dma.c dmaengine: of: add common xlate function for matching by channel id 2014-07-26 00:21:41 +05:30
omap-dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
pch_dma.c dmaengine: pch: fix compilation for alpha target 2014-05-22 18:50:49 +05:30
pl330.c dmaengine: pl330: Fix NULL pointer dereference on probe failure 2014-10-15 13:30:09 +05:30
qcom_bam_dma.c dmaengine: qcom_bam_dma: Add descriptor flags 2014-07-14 22:06:41 +05:30
s3c24xx-dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
sa11x0-dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
sirf-dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
ste_dma40_ll.c dmaengine: ste_dma40_ll: Replace meaningless register set with comment 2013-06-04 11:12:10 +02:00
ste_dma40_ll.h dmaengine: ste_dma40: Remove unnecessary call to d40_phy_cfg() 2013-05-23 21:13:19 +02:00
ste_dma40.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
sun6i-dma.c dmaengine: sun6i: Remove obsolete clk muxing code 2014-09-24 10:58:27 +05:30
tegra20-apb-dma.c dmaengine: Remove the context argument to the prep_dma_cyclic operation 2014-08-04 13:41:50 +05:30
timb_dma.c dmaengine: remove DMA unmap from drivers 2013-11-14 11:04:38 -08:00
TODO dmaengine: dw: don't perform DMA when dmaengine_submit is called 2014-07-15 22:14:30 +05:30
txx9dmac.c dma: fix build warnings in txx9 2013-12-12 22:43:41 -08:00
txx9dmac.h
virt-dma.c
virt-dma.h dma: fix vchan_cookie_complete() debug print 2014-01-26 17:33:45 +05:30