From 3a5aec246f294004564cbe960724fa0ace59a4c5 Mon Sep 17 00:00:00 2001 From: Stephen Boyd Date: Wed, 16 Oct 2013 00:40:03 -0700 Subject: [PATCH] clk: Fix debugfs reparenting NULL pointer dereference Adding clocks from a kernel module can cause a NULL pointer dereference if the parent of a clock is added after the clock is added. This happens because __clk_init() iterates over the list of orphans and reparents the orphans to the clock being registered before creating the debugfs entry for the clock. Create the debugfs entry first before reparenting the orphans. Unable to handle kernel NULL pointer dereference at virtual address 00000028 pgd = ef3e4000 [00000028] *pgd=bf810831 Internal error: Oops: 17 [#1] PREEMPT SMP ARM Modules linked in: mmcc_8960(+) CPU: 0 PID: 52 Comm: modprobe Not tainted 3.12.0-rc2-00023-g1021a28-dirty #659 task: ef319200 ti: ef3a6000 task.ti: ef3a6000 PC is at lock_rename+0x24/0xc4 LR is at debugfs_rename+0x34/0x208 pc : [] lr : [] psr: 00000013 sp : ef3a7b88 ip : ef3a7ba8 fp : ef3a7ba4 r10: ef3d51cc r9 : ef3bc680 r8 : ef3d5210 r7 : ef3bc640 r6 : eee287e0 r5 : eee287e0 r4 : 00000000 r3 : ef3bc640 r2 : 00000000 r1 : eee287e0 r0 : 00000000 Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5787d Table: af3e406a DAC: 00000015 Process modprobe (pid: 52, stack limit = 0xef3a6240) Stack: (0xef3a7b88 to 0xef3a8000) 7b80: ef3bc640 ee4047e0 00000000 eee287e0 ef3a7bec ef3a7ba8 7ba0: c047dfe4 c0317220 ef3bc680 ef3d51cc ef3a7bdc ef3a7bc0 c06e29d0 c0268784 7bc0: c08946e8 ef3d5210 00000000 ef3bc700 ef3d5290 ef3d5210 ef3bc680 ef3d51cc 7be0: ef3a7c0c ef3a7bf0 c05b9e9c c047dfbc 00000000 00000000 ef3d5210 ef3d5290 7c00: ef3a7c24 ef3a7c10 c05baebc c05b9e30 00000001 00000001 ef3a7c64 ef3a7c28 7c20: c05bb124 c05bae9c bf000cd8 ef3bc7c0 000000d0 c0ff129c bf001774 00000002 7c40: ef3bc740 ef3d5290 ef0f9a10 bf001774 bf00042c 00000061 ef3a7c8c ef3a7c68 7c60: c05bb480 c05baed8 bf001774 ef3d5290 ef0f9a10 bf001774 ef38bc10 ef0f9a00 7c80: ef3a7cac ef3a7c90 c05bb5a8 c05bb3a0 bf001774 00000062 ef0f9a10 ef38bc18 7ca0: ef3a7cec ef3a7cb0 bf00010c c05bb56c 00000000 ef38ba00 00000000 ef3d60d0 7cc0: ef3a7cdc c0fefc24 ef0f9a10 c0a091c0 bf000d24 00000000 bf0029f0 bf006000 7ce0: ef3a7cfc ef3a7cf0 c05156c0 bf000040 ef3a7d2c ef3a7d00 c0513f5c c05156a8 7d00: ef3a7d2c ef0f9a10 ef0f9a10 bf000d24 ef0f9a44 c09ca588 00000000 bf006000 7d20: ef3a7d4c ef3a7d30 c05142b8 c0513ecc ef0fd25c 00000000 bf000d24 c0514214 7d40: ef3a7d74 ef3a7d50 c0512030 c0514220 ef0050a8 ef0fd250 ef0050f8 bf000d24 7d60: ef37c100 c09ed150 ef3a7d84 ef3a7d78 c05139c8 c0511fd8 ef3a7 7d80: c051344c c05139a8 bf000864 c09ca588 ef3a7db4 bf000d24 bf002 7da0: c09ca588 00000000 ef3a7dcc ef3a7db8 c05149dc c0513360 ef3a7 7dc0: ef3a7ddc ef3a7dd0 c0515914 c0514960 ef3a7dec ef3a7de0 bf006 7de0: ef3a7e74 ef3a7df0 c0208800 bf00600c ef3a7e1c ef3a7e00 c04c5 7e00: ffffffff c09d46c4 00000000 bf0029a8 ef3a7e34 ef3a7e20 c024c 7e20: ffffffff c09d46c4 ef3a7e5c ef3a7e38 c024e2fc c024ce40 00000 7e40: ef3a7f48 bf0029b4 bf0029a8 271aeb1c ef3a7f48 bf0029a8 00000001 ef383c00 7e60: bf0029f0 00000001 ef3a7f3c ef3a7e78 c028fac4 c0208718 bf0029b4 00007fff 7e80: c028cd58 000000d2 f0065000 00000000 ef3a7ebc 00000000 00000000 bf0029b4 7ea0: 00000000 bf0029ac bf0029b4 ef3a6000 ef3a7efc c08bf128 00000000 00000000 7ec0: 00000000 00000000 00000000 00000000 6e72656b 00006c65 00000000 00000000 7ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 7f00: 00000000 00000000 00000000 271aeb1c ef3a7f2c 00016376 b6f38008 001d3774 7f20: 00000080 c020f968 ef3a6000 00000000 ef3a7fa4 ef3a7f40 c02904dc c028e178 7f40: c020f898 010ccfa8 f0065000 00016376 f0073f60 f0073d7d f007a1e8 00002b24 7f60: 000039e4 00000000 00000000 00000000 0000002f 00000030 00000019 00000016 7f80: 00000012 00000000 00000000 010de1b2 b6f38008 010ccfa8 00000000 ef3a7fa8 7fa0: c020f6c0 c0290434 010de1b2 b6f38008 b6f38008 00016376 001d3774 00000000 7fc0: 010de1b2 b6f38008 010ccfa8 00000080 010de1b2 bedb6f90 010de1c9 0001d8dc 7fe0: 0000000c bedb674c 0001ce30 000094c4 60000010 b6f38008 00000008 0000001d [] (lock_rename+0x24/0xc4) from [] (debugfs_rename+0x34/0x208) [] (debugfs_rename+0x34/0x208) from [] (clk_debug_reparent+0x78/0xc0) [] (__clk_reparent+0x2c/0x3c) from [] (__clk_init+0x258/0x4c8) [] (__clk_init+0x258/0x4c8) from [] (_clk_register+0xec/0x1cc) [] (_clk_register+0xec/0x1cc) from [] (devm_clk_register+0x48/0x7c) [] (devm_clk_register+0x48/0x7c) from [] (msm_mmcc_8960_probe+0xd8/0x190 [mmcc_8960]) [] (msm_mmcc_8960_probe+0xd8/0x190 [mmcc_8960]) from [] (platform_drv_probe+0x24/0x28) [] (platform_drv_probe+0x24/0x28) from [] (driver_probe_device+0x9c/0x354) [] (driver_probe_device+0x9c/0x354) from [] (__driver_attach+0xa4/0xa8) [] (__driver_attach+0xa4/0xa8) from [] (bus_for_each_dev+0x64/0x98) [] (bus_for_each_dev+0x64/0x98) from [] (driver_attach+0x2c/0x30) [] (driver_attach+0x2c/0x30) from [] (bus_add_driver+0xf8/0x2a8) [] (bus_add_driver+0xf8/0x2a8) from [] (driver_register+0x88/0x104) [] (driver_register+0x88/0x104) from [] (__platform_driver_register+0x58/0x6c) [] (__platform_driver_register+0x58/0x6c) from [] (msm_mmcc_8960_driver_init+0x18/0x24 [mmcc_8960]) [] (msm_mmcc_8960_driver_init+0x18/0x24 [mmcc_8960]) from [] (do_one_initcall+0xf4/0x1b8) [] (do_one_initcall+0xf4/0x1b8) from [] (load_module+0x1958/0x22bc) [] (load_module+0x1958/0x22bc) from [] (SyS_init_module+0xb4/0x120) [] (SyS_init_module+0xb4/0x120) from [] (ret_fast_syscall+0x0/0x48) Code: e1500001 e1a04000 e1a05001 0a000021 (e5903028) Signed-off-by: Stephen Boyd Signed-off-by: Mike Turquette --- drivers/clk/clk.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index 77fcd069c64a..83127363ad4c 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -1744,6 +1744,7 @@ int __clk_init(struct device *dev, struct clk *clk) else clk->rate = 0; + clk_debug_register(clk); /* * walk the list of orphan clocks and reparent any that are children of * this clock @@ -1774,8 +1775,6 @@ int __clk_init(struct device *dev, struct clk *clk) if (clk->ops->init) clk->ops->init(clk->hw); - clk_debug_register(clk); - out: clk_prepare_unlock(); -- 2.20.1