If coretemp_add_core() gets an error then pdata->core_data[indx]
is already NULL and has been kfreed. Don't pass that to
sysfs_remove_group() as that will crash in sysfs_remove_group().
[Shortened for readability]
[91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label'
<cpu offline>
[91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188
[91855.165103] #PF: supervisor read access in kernel mode
[91855.194506] #PF: error_code(0x0000) - not-present page
[91855.224445] PGD 0 P4D 0
[91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI
...
[91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80
...
[91855.796571] Call Trace:
[91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp]
[91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp]
[91855.871107] cpuhp_invoke_callback+0x105/0x4b0
[91855.893432] cpuhp_thread_fun+0x8e/0x150
...
Fix this by checking for NULL first.
Signed-off-by: Phil Auld <[email protected]>
Cc: [email protected]
Cc: Fenghua Yu <[email protected]>
Cc: Jean Delvare <[email protected]>
Cc: Guenter Roeck <[email protected]>
---
drivers/hwmon/coretemp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c
index 8bf32c6c85d9..30a19d711f89 100644
--- a/drivers/hwmon/coretemp.c
+++ b/drivers/hwmon/coretemp.c
@@ -533,6 +533,10 @@ static void coretemp_remove_core(struct platform_data *pdata, int indx)
{
struct temp_data *tdata = pdata->core_data[indx];
+ /* if we errored on add then this is already gone */
+ if (!tdata)
+ return;
+
/* Remove the sysfs attributes */
sysfs_remove_group(&pdata->hwmon_dev->kobj, &tdata->attr_group);
--
2.31.1
On Thu, Nov 17, 2022 at 11:23:13AM -0500, Phil Auld wrote:
> If coretemp_add_core() gets an error then pdata->core_data[indx]
> is already NULL and has been kfreed. Don't pass that to
> sysfs_remove_group() as that will crash in sysfs_remove_group().
>
> [Shortened for readability]
> [91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label'
> <cpu offline>
> [91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188
> [91855.165103] #PF: supervisor read access in kernel mode
> [91855.194506] #PF: error_code(0x0000) - not-present page
> [91855.224445] PGD 0 P4D 0
> [91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI
> ...
> [91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80
> ...
> [91855.796571] Call Trace:
> [91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp]
> [91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp]
> [91855.871107] cpuhp_invoke_callback+0x105/0x4b0
> [91855.893432] cpuhp_thread_fun+0x8e/0x150
> ...
>
> Fix this by checking for NULL first.
>
> Signed-off-by: Phil Auld <[email protected]>
> Cc: [email protected]
> Cc: Fenghua Yu <[email protected]>
> Cc: Jean Delvare <[email protected]>
> Cc: Guenter Roeck <[email protected]>
Applied.
Thanks,
Guenter