Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp451286imm; Thu, 31 May 2018 03:38:24 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIqutzQvdc30s7+h7eAH1AsmbfOjKEf8gmg8T6e7J5qaX5PtE/tQMdkyr+ptv9kJRPC0zWg X-Received: by 2002:a17:902:8303:: with SMTP id bd3-v6mr6379953plb.290.1527763104394; Thu, 31 May 2018 03:38:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527763104; cv=none; d=google.com; s=arc-20160816; b=ZAXyS+e3AIwYerxz1TO6Wi3uDyBBgXn6E+12sexkgDGQZ3iuvxrfvNDwGxeVBy6hUo aZ/Rr7hpO0UTbnj65htsEBM4BhhompeZz+e5H+/EMXP7C8D8oQtiDM5XbhGFf2aVTacj HgQ30dW3JN0IQ8/x5OHgB2NQ4attSy/WEHUw44OYujxFsUstw02Hg6GVGKydI7Fdm27q 1jlUROSYaKn8Dkm+E8DQQGDLurUj9G+Sc+/townDhErKwKw5akR+YsoM6hUo1iQPyC75 NvFp7Z1vvGfsiZG2fPr+U6wqSKuQB40MzoRfAzoDAwDoAcKZ3buA3gAOYndqosYVyK1u cDaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=S5tZG/vM+Mes3TOBNv3D9nhULWxz6BnAsRyeeY4DmM0=; b=N+yAV1ywpZ8XoUqO7/k4unQllu9ZpnPnSkdIbehTKCEuAQ7Cp5A7j47cArFE2LB142 BrnqP5d+qAOFDToEBlZPDjONj7vrcuNNDP0tshxPe/N1GoswXh2Eh9XGEvSWRHsZoMRY PYa96hbI73uqt8qLAEmNfcQPk6IUHPN9D00LDjO3sXcVZjuPh0G8/W2rlSrnOH6hoBqK Kcj4aVRidFyBQlrrp/kKQ+CTQ9yNiDM3V0haliMcb5H8jmDqnTUfXVSbSu4rQRPX3XK/ Yhyk/FRMA6A+PkHqVITEL2xoKZNLUIdUpn+GZrUZpjRH1jD6gT28RW3H9bAII4ZzqWgk 1hfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=P+d/zGcy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w2-v6si29455013pgs.676.2018.05.31.03.38.10; Thu, 31 May 2018 03:38:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=P+d/zGcy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754614AbeEaKgk (ORCPT + 99 others); Thu, 31 May 2018 06:36:40 -0400 Received: from mail-qt0-f195.google.com ([209.85.216.195]:36757 "EHLO mail-qt0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754522AbeEaKge (ORCPT ); Thu, 31 May 2018 06:36:34 -0400 Received: by mail-qt0-f195.google.com with SMTP id q6-v6so27240461qtn.3; Thu, 31 May 2018 03:36:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=S5tZG/vM+Mes3TOBNv3D9nhULWxz6BnAsRyeeY4DmM0=; b=P+d/zGcyXXHiv2nkeIgXGr8Km+pTbOumJxSFphgvcUBfxTRRivjVzeeCmvZaW/Oe/S 9zUgsomXTa57CauzLYS7++efJVEo17DrAbli968+hi57Hzxni0HPWAGko34ybVOx0QzH PE97DS2Skjr3/BL5PlTRNJ4t+FqIxwa1jf5Xa299TWRoPNOt+ErGD2WYTRgkVVrc+24C M21+WyjPUJ34JKz/PmzMh+wLVKnOQZWClSBh8YojegiBt0o/TgwCcp8QAJDQYZM5bG9i ha0lNdPuojS6AJhjW40GQMRN8g2kGIQjQXElFOQy8JkCobqWAea7kr8sTOqdE6o25m6y 2j8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=S5tZG/vM+Mes3TOBNv3D9nhULWxz6BnAsRyeeY4DmM0=; b=YcFSYwGvk2ZFGtdFPbPPwYP+9Cd8sG0Kpo2piN/DhkQL4QEThwX0/gt/zzpexTlRs9 CFOEdxcgJe4mARjihR/ksWZenno7WWcrCy+TZyc9l+87IYE58py55giUMk6hZGuv0AaZ GDqt+C2k2UPZBuaeBI7PPEHBGSBJ7uj4t3eiDspO7ACEKlXbqx79rU5Gofn4FKI9SZhI OiFhTYhZ52/7P/p0Di0vrqf/jLv6oVVmmpC79yaWKIekZXH2I1g60PXpIkYUXs6B+RN3 K2dc2xmWoKJej7QNslhA+cJ0nLEiD3eweREeYYsaP471CY6VSkjD5IZ+Szy4alzc+RfB ZqSw== X-Gm-Message-State: APt69E3hEosiEXG31heYdLffbhDKoFZMkvWDzNSjFgbo6lswTielqFGK t1zuezdJXf0EK9JVmffVEbiU9Mrxi07CeplcnPo= X-Received: by 2002:aed:3ce8:: with SMTP id e37-v6mr6069795qtf.295.1527762994059; Thu, 31 May 2018 03:36:34 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a0c:9896:0:0:0:0:0 with HTTP; Thu, 31 May 2018 03:36:33 -0700 (PDT) In-Reply-To: <20180522213016.5496-1-jprvita@endlessm.com> References: <20180522213016.5496-1-jprvita@endlessm.com> From: Andy Shevchenko Date: Thu, 31 May 2018 13:36:33 +0300 Message-ID: Subject: Re: [PATCH] platform/x86: asus-wmi: Fix NULL pointer dereference To: =?UTF-8?Q?Jo=C3=A3o_Paulo_Rechi_Vita?= Cc: Corentin Chary , Darren Hart , Andy Shevchenko , Linux Upstreaming Team , red.f0xyz@gmail.com, =?UTF-8?Q?Jo=C3=A3o_Paulo_Rechi_Vita?= , acpi4asus-user , Platform Driver , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 23, 2018 at 12:30 AM, Jo=C3=A3o Paulo Rechi Vita wrote: > Do not perform the rfkill cleanup routine when > (asus->driver->wlan_ctrl_by_user && ashs_present()) is true, since > nothing is registered with the rfkill subsystem in that case. Doing so > leads to the following kernel NULL pointer dereference: > > BUG: unable to handle kernel NULL pointer dereference at (nul= l) > IP: [] __mutex_lock_slowpath+0x98/0x120 > PGD 1a3aa8067 > PUD 1a3b3d067 > PMD 0 > > Oops: 0002 [#1] PREEMPT SMP > Modules linked in: bnep ccm binfmt_misc uvcvideo videobuf2_vmalloc vide= obuf2_memops videobuf2_v4l2 videobuf2_core hid_a4tech videodev x86_pkg_temp= _thermal intel_powerclamp coretemp ath3k btusb btrtl btintel bluetooth kvm_= intel snd_hda_codec_hdmi kvm snd_hda_codec_realtek snd_hda_codec_generic ir= qbypass crc32c_intel arc4 i915 snd_hda_intel snd_hda_codec ath9k ath9k_comm= on ath9k_hw ath i2c_algo_bit snd_hwdep mac80211 ghash_clmulni_intel snd_hda= _core snd_pcm snd_timer cfg80211 ehci_pci xhci_pci drm_kms_helper syscopyar= ea sysfillrect sysimgblt fb_sys_fops drm xhci_hcd ehci_hcd asus_nb_wmi(-) a= sus_wmi sparse_keymap r8169 rfkill mxm_wmi serio_raw snd mii mei_me lpc_ich= i2c_i801 video soundcore mei i2c_smbus wmi i2c_core mfd_core > CPU: 3 PID: 3275 Comm: modprobe Not tainted 4.9.34-gentoo #34 > Hardware name: ASUSTeK COMPUTER INC. K56CM/K56CM, BIOS K56CM.206 08/21/= 2012 > task: ffff8801a639ba00 task.stack: ffffc900014cc000 > RIP: 0010:[] [] __mutex_lock_slowp= ath+0x98/0x120 > RSP: 0018:ffffc900014cfce0 EFLAGS: 00010282 > RAX: 0000000000000000 RBX: ffff8801a54315b0 RCX: 00000000c0000100 > RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8801a54315b4 > RBP: ffffc900014cfd30 R08: 0000000000000000 R09: 0000000000000002 > R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801a54315b4 > R13: ffff8801a639ba00 R14: 00000000ffffffff R15: ffff8801a54315b8 > FS: 00007faa254fb700(0000) GS:ffff8801aef80000(0000) knlGS:00000000000= 00000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000000000000 CR3: 00000001a3b1b000 CR4: 00000000001406e0 > Stack: > ffff8801a54315b8 0000000000000000 ffffffff814733ae ffffc900014cfd28 > ffffffff8146a28c ffff8801a54315b0 0000000000000000 ffff8801a54315b0 > ffff8801a66f3820 0000000000000000 ffffc900014cfd48 ffffffff816c73e7 > Call Trace: > [] ? acpi_ut_release_mutex+0x5d/0x61 > [] ? acpi_ns_get_node+0x49/0x52 > [] mutex_lock+0x17/0x30 > [] asus_rfkill_hotplug+0x24/0x1a0 [asus_wmi] > [] asus_wmi_rfkill_exit+0x61/0x150 [asus_wmi] > [] asus_wmi_remove+0x61/0xb0 [asus_wmi] > [] platform_drv_remove+0x28/0x40 > [] __device_release_driver+0xa1/0x160 > [] device_release_driver+0x23/0x30 > [] bus_remove_device+0xfd/0x170 > [] device_del+0x139/0x270 > [] platform_device_del+0x28/0x90 > [] platform_device_unregister+0x12/0x30 > [] asus_wmi_unregister_driver+0x19/0x30 [asus_wmi] > [] asus_nb_wmi_exit+0x10/0xf26 [asus_nb_wmi] > [] SyS_delete_module+0x192/0x270 > [] ? exit_to_usermode_loop+0x92/0xa0 > [] entry_SYSCALL_64_fastpath+0x13/0x94 > Code: e8 5e 30 00 00 8b 03 83 f8 01 0f 84 93 00 00 00 48 8b 43 10 4c 8d= 7b 08 48 89 63 10 41 be ff ff ff ff 4c 89 3c 24 48 89 44 24 08 <48> 89 20 = 4c 89 6c 24 10 eb 1d 4c 89 e7 49 c7 45 08 02 00 00 00 > RIP [] __mutex_lock_slowpath+0x98/0x120 > RSP > CR2: 0000000000000000 > ---[ end trace 8d484233fa7cb512 ]--- > note: modprobe[3275] exited with preempt_count 2 > > https://bugzilla.kernel.org/show_bug.cgi?id=3D196467 > Pushed to my review and testing queue with asap promotion to fixes, thanks! > Reported-by: red.f0xyz@gmail.com > Signed-off-by: Jo=C3=A3o Paulo Rechi Vita > --- > drivers/platform/x86/asus-wmi.c | 23 +++++++++++++---------- > 1 file changed, 13 insertions(+), 10 deletions(-) > > diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-= wmi.c > index ef87e78ca772..3d523ca64694 100644 > --- a/drivers/platform/x86/asus-wmi.c > +++ b/drivers/platform/x86/asus-wmi.c > @@ -163,6 +163,16 @@ MODULE_LICENSE("GPL"); > > static const char * const ashs_ids[] =3D { "ATK4001", "ATK4002", NULL }; > > +static bool ashs_present(void) > +{ > + int i =3D 0; > + while (ashs_ids[i]) { > + if (acpi_dev_found(ashs_ids[i++])) > + return true; > + } > + return false; > +} > + > struct bios_args { > u32 arg0; > u32 arg1; > @@ -1025,6 +1035,9 @@ static int asus_new_rfkill(struct asus_wmi *asus, > > static void asus_wmi_rfkill_exit(struct asus_wmi *asus) > { > + if (asus->driver->wlan_ctrl_by_user && ashs_present()) > + return; > + > asus_unregister_rfkill_notifier(asus, "\\_SB.PCI0.P0P5"); > asus_unregister_rfkill_notifier(asus, "\\_SB.PCI0.P0P6"); > asus_unregister_rfkill_notifier(asus, "\\_SB.PCI0.P0P7"); > @@ -2120,16 +2133,6 @@ static int asus_wmi_fan_init(struct asus_wmi *asus= ) > return 0; > } > > -static bool ashs_present(void) > -{ > - int i =3D 0; > - while (ashs_ids[i]) { > - if (acpi_dev_found(ashs_ids[i++])) > - return true; > - } > - return false; > -} > - > /* > * WMI Driver > */ > -- > 2.17.0 > --=20 With Best Regards, Andy Shevchenko