From: Alexis Lothoré <[email protected]>
Hello,
While upgrading a kernel 5.10.x to kernel 6.1.x, I observe some warnings. The
target platform is a socfpga (Cyclone V). The warning has the following trace:
[ 26.725222] WARNING: CPU: 0 PID: 1 at lib/refcount.c:25 kobject_get (./include/linux/refcount.h:199 ./include/linux/refcount.h:250 ./include/linux/refcount.h:267 ./include/linux/kref.h:45 lib/kobject.c:635)
[ 26.732380] refcount_t: addition on 0; use-after-free.
[ 26.737501] Modules linked in:
[ 26.747935] Hardware name: Altera SOCFPGA
[ 26.751939] unwind_backtrace from show_stack (arch/arm/kernel/traps.c:255)
[ 26.757175] show_stack from dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))
[ 26.762230] dump_stack_lvl from __warn (kernel/panic.c:632 kernel/panic.c:679)
[ 26.767032] __warn from warn_slowpath_fmt (./include/asm-generic/preempt.h:69 ./include/linux/context_tracking.h:154 kernel/panic.c:705)
[ 26.772177] warn_slowpath_fmt from kobject_get (./include/linux/refcount.h:199 ./include/linux/refcount.h:250 ./include/linux/refcount.h:267 ./include/linux/kref.h:45 lib/kobject.c:635)
[ 26.777580] kobject_get from device_add (drivers/base/core.c:3760 drivers/base/core.c:3584)
[ 26.782464] device_add from of_platform_device_create_pdata (drivers/of/platform.c:190)
[ 26.788994] of_platform_device_create_pdata from of_platform_bus_create (drivers/of/platform.c:390)
[ 26.796732] of_platform_bus_create from of_platform_populate (drivers/of/platform.c:482)
[ 26.803432] of_platform_populate from fpga_bridge_register (drivers/fpga/fpga-bridge.c:365)
[ 26.809967] fpga_bridge_register from alt_fpga_bridge_probe (drivers/fpga/altera-hps2fpga.c:185)
[ 26.816674] alt_fpga_bridge_probe from platform_probe (drivers/base/platform.c:1401)
[ 26.822682] platform_probe from really_probe (drivers/base/dd.c:560 drivers/base/dd.c:639)
[ 26.827995] really_probe from __driver_probe_device (drivers/base/dd.c:778)
[ 26.833919] __driver_probe_device from driver_probe_device (drivers/base/dd.c:809)
[ 26.840363] driver_probe_device from __driver_attach (drivers/base/dd.c:1195)
[ 26.846460] __driver_attach from bus_for_each_dev (drivers/base/bus.c:300)
[ 26.852122] bus_for_each_dev from bus_add_driver (drivers/base/bus.c:619)
[ 26.857870] bus_add_driver from driver_register (drivers/base/driver.c:247)
[ 26.863449] driver_register from do_one_initcall (./include/linux/jump_label.h:259 ./include/linux/jump_label.h:269 ./include/trace/events/initcall.h:48 init/main.c:1304)
[ 26.869116] do_one_initcall from kernel_init_freeable (init/main.c:1375 init/main.c:1392 init/main.c:1411 init/main.c:1631)
[ 26.875296] kernel_init_freeable from kernel_init (init/main.c:1521)
[ 26.881047] kernel_init from ret_from_fork (arch/arm/kernel/entry-common.S:149)
[ 26.886097] Exception stack(0xf0831fb0 to 0xf0831ff8)
[ 26.891138] 1fa0: 00000000 00000000 00000000 00000000
[ 26.899292] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 26.907442] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
From my understanding, the warning occurs because the device passed to
of_platform_populate() in fpga_bridge_register() is not initialized. As a
consequence, when it will eventually try to get a reference on parent
device to create new child, it will find an uninitialized kobject and raise
the warning.
My guess is that the issue occurs since commit 0d70af3c2530 (and a revert
tends to prove it). Before this rework, device initialization and addition
were done before of_platform_populate. This commit has merged
fpga_bridge_create() and fpga_bridge_register() (and while doing so, it has
merged device_initialize() and device_add() into device_register()), but in
the meantime it has moved device_register() AFTER of_platform_populate()
A naive attempt to revert to previous behavior (device init/add before
of_platform_populate) can be found with the following patch, but since my
understanding of fpga framework is still quite limited, please let me know
if I am missing something.
Alexis Lothoré (1):
fpga: bridge: properly initialize bridge device before populating
children
drivers/fpga/fpga-bridge.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
2.40.0
From: Alexis Lothoré <[email protected]>
The current code path can lead to warnings because of uninitialized device,
which contains, as a consequence, uninitialized kobject. The uninitialized
device is passed to of_platform_populate, which will at some point, while
creating child device, try to get a reference on uninitialized parent,
resulting in the following warning:
kobject: '(null)' ((ptrval)): is not initialized, yet kobject_get() is
being called.
The warning is observed after migrating a kernel 5.10.x to 6.1.x.
Reverting commit 0d70af3c2530 ("fpga: bridge: Use standard dev_release for
class driver") seems to remove the warning.
This commit aggregates device_initialize() and device_add() into
device_register() but this new call is done AFTER of_platform_populate
Fixes: 0d70af3c2530 ("fpga: bridge: Use standard dev_release for class driver")
Signed-off-by: Alexis Lothoré <[email protected]>
---
drivers/fpga/fpga-bridge.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/fpga/fpga-bridge.c b/drivers/fpga/fpga-bridge.c
index 727704431f61..13918c8c839e 100644
--- a/drivers/fpga/fpga-bridge.c
+++ b/drivers/fpga/fpga-bridge.c
@@ -360,7 +360,6 @@ fpga_bridge_register(struct device *parent, const char *name,
bridge->dev.parent = parent;
bridge->dev.of_node = parent->of_node;
bridge->dev.id = id;
- of_platform_populate(bridge->dev.of_node, NULL, NULL, &bridge->dev);
ret = dev_set_name(&bridge->dev, "br%d", id);
if (ret)
@@ -372,6 +371,8 @@ fpga_bridge_register(struct device *parent, const char *name,
return ERR_PTR(ret);
}
+ of_platform_populate(bridge->dev.of_node, NULL, NULL, &bridge->dev);
+
return bridge;
error_device:
--
2.40.0
On 2023-04-04 at 15:31:02 +0200, [email protected] wrote:
> From: Alexis Lothor? <[email protected]>
>
> The current code path can lead to warnings because of uninitialized device,
> which contains, as a consequence, uninitialized kobject. The uninitialized
> device is passed to of_platform_populate, which will at some point, while
> creating child device, try to get a reference on uninitialized parent,
> resulting in the following warning:
>
> kobject: '(null)' ((ptrval)): is not initialized, yet kobject_get() is
> being called.
>
> The warning is observed after migrating a kernel 5.10.x to 6.1.x.
> Reverting commit 0d70af3c2530 ("fpga: bridge: Use standard dev_release for
> class driver") seems to remove the warning.
> This commit aggregates device_initialize() and device_add() into
> device_register() but this new call is done AFTER of_platform_populate
>
> Fixes: 0d70af3c2530 ("fpga: bridge: Use standard dev_release for class driver")
> Signed-off-by: Alexis Lothor? <[email protected]>
> ---
> drivers/fpga/fpga-bridge.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/fpga/fpga-bridge.c b/drivers/fpga/fpga-bridge.c
> index 727704431f61..13918c8c839e 100644
> --- a/drivers/fpga/fpga-bridge.c
> +++ b/drivers/fpga/fpga-bridge.c
> @@ -360,7 +360,6 @@ fpga_bridge_register(struct device *parent, const char *name,
> bridge->dev.parent = parent;
> bridge->dev.of_node = parent->of_node;
> bridge->dev.id = id;
> - of_platform_populate(bridge->dev.of_node, NULL, NULL, &bridge->dev);
>
> ret = dev_set_name(&bridge->dev, "br%d", id);
> if (ret)
> @@ -372,6 +371,8 @@ fpga_bridge_register(struct device *parent, const char *name,
> return ERR_PTR(ret);
> }
>
> + of_platform_populate(bridge->dev.of_node, NULL, NULL, &bridge->dev);
It makes sense.
Acked-by: Xu Yilun <[email protected]>
Applied
> +
> return bridge;
>
> error_device:
> --
> 2.40.0
>