Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp59385imu; Thu, 8 Nov 2018 14:47:04 -0800 (PST) X-Google-Smtp-Source: AJdET5eY56N69N70sitWHgplcXRdxW35Ik3XxJLwgKAbZtJyC3xxWpUXkOFxY6A3dPQLxhW2d2LA X-Received: by 2002:a62:204a:: with SMTP id g71-v6mr6321619pfg.28.1541717224455; Thu, 08 Nov 2018 14:47:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541717224; cv=none; d=google.com; s=arc-20160816; b=Yc3pepxw9AV4hxWJnYYOS5veiERqr9JMSjV5tkb+aosGYKCCeTq45aowjr9E491jnJ h5fOlphXMG4HKxeJKBow64VdN+/pKiP4U5wrDCtmv1bzG8CuBxElXmqGEehi/XERrQg+ S5KQAPw84nisZojvtO3GSo5dI6ZT0y5mozLQXZRVCIY7AuCDOpUhuCqkiPDh55ET0rxG mcsn5BwvfXd1wWLyTjeJrd86sNstwpIwXmv/V0/qnQId/XkHR478A+I6BRLzYJbI0L1+ 3r18qFdoMJYpEhA7qDQQb33n4we1l9TEKWm1Hxot20EWYuWl12Uo1vOOg6cXhz1U1RrC 7tiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=O1tHGZpnO8bEaKh/WwpPc3xu/AE9cplc5HnLaUSXPoM=; b=JGJEOddrUlWHyXtsqO3PtDsK/uFPNdbS4wTWW7i4ldl9zHiF2zz6aze4Opb3oQRU1j VArRbYOrKUmjbA7Pp/PijwAfcTm23JqG9Idm4z8+Z5sgWRaKQ0JcCcxZ0qCSevKcdPTd jUEZppHwC8HXg/9DMY9qxFOU+TVJ7mmu0RZXmzEX5NiIseVtck4gqORGZAHVE/mb0kQx Uc6mp7Dvp8Ixb7eeBylQqSeMY5WFuBGya6O5pogie2qoCB+Lx77E8PROSThxiaodJesS +gIfj5LB91Z4D+QjpZN9pzxlhaH1XwfiPYXttuBloieyHUDNeC8MEkS0oc6OA+wluPLI KMGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0sbzhBpj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 5-v6si5592419plt.408.2018.11.08.14.46.48; Thu, 08 Nov 2018 14:47:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0sbzhBpj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728646AbeKIIX0 (ORCPT + 99 others); Fri, 9 Nov 2018 03:23:26 -0500 Received: from mail.kernel.org ([198.145.29.99]:46914 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727196AbeKIHcD (ORCPT ); Fri, 9 Nov 2018 02:32:03 -0500 Received: from localhost (unknown [208.72.13.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8949D2081C; Thu, 8 Nov 2018 21:54:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541714075; bh=OlsqQuP83f89BdwCLVgxrTWLKQHfetfuNrQo9Xe3G10=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0sbzhBpj8IHZgIvRwqTX3GN5JiW9w/X7ig6/CxKejYhyDoK9sYExJ2+id6RaH3nqT yBCVdwQ2WmO++7PFzGkX3/zliN8jAkNIPpCFid3GBRRJ8GXC08W9LCBOPpvMwJ3yRC Nfk4lO+ZLhrbXZpuWWzzfu50BxjKX+eojcakZPA0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Dueck , Ludovic Desroches , Alexandre Belloni , Nicolas Ferre , Boris Brezillon , Jean-Christophe PLAGNIOL-VILLARD , linux-arm-kernel@lists.infradead.org, Linus Walleij , Sasha Levin Subject: [PATCH 3.18 042/144] pinctrl: at91: fix null pointer dereference Date: Thu, 8 Nov 2018 13:50:13 -0800 Message-Id: <20181108215057.891168645@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181108215054.826084593@linuxfoundation.org> References: <20181108215054.826084593@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 1ab36387ea4face01aac3560b396b1e2ce07c4ff ] Not all gpio banks are necessarily enabled, in the current code this can lead to null pointer dereferences. [ 51.130000] Unable to handle kernel NULL pointer dereference at virtual address 00000058 [ 51.130000] pgd = dee04000 [ 51.130000] [00000058] *pgd=3f66d831, *pte=00000000, *ppte=00000000 [ 51.140000] Internal error: Oops: 17 [#1] ARM [ 51.140000] Modules linked in: [ 51.140000] CPU: 0 PID: 1664 Comm: cat Not tainted 4.1.1+ #6 [ 51.140000] Hardware name: Atmel SAMA5 [ 51.140000] task: df6dd880 ti: dec60000 task.ti: dec60000 [ 51.140000] PC is at at91_pinconf_get+0xb4/0x200 [ 51.140000] LR is at at91_pinconf_get+0xb4/0x200 [ 51.140000] pc : [] lr : [] psr: 600f0013 sp : dec61e48 ip : 600f0013 fp : df522538 [ 51.140000] r10: df52250c r9 : 00000058 r8 : 00000068 [ 51.140000] r7 : 00000000 r6 : df53c910 r5 : 00000000 r4 : dec61e7c [ 51.140000] r3 : 00000000 r2 : c06746d4 r1 : 00000000 r0 : 00000003 [ 51.140000] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 51.140000] Control: 10c53c7d Table: 3ee04059 DAC: 00000015 [ 51.140000] Process cat (pid: 1664, stack limit = 0xdec60208) [ 51.140000] Stack: (0xdec61e48 to 0xdec62000) [ 51.140000] 1e40: 00000358 00000000 df522500 ded15f80 c05a9d08 ded15f80 [ 51.140000] 1e60: 0000048c 00000061 df522500 ded15f80 c05a9d08 c01e7304 ded15f80 00000000 [ 51.140000] 1e80: c01e6008 00000060 0000048c c01e6034 c01e5f6c ded15f80 dec61ec0 00000000 [ 51.140000] 1ea0: 00020000 ded6f280 dec61f80 00000001 00000001 c00ae0b8 b6e80000 ded15fb0 [ 51.140000] 1ec0: 00000000 00000000 df4bc974 00000055 00000800 ded6f280 b6e80000 ded6f280 [ 51.140000] 1ee0: ded6f280 00020000 b6e80000 00000000 00020000 c0090dec c0671e1c dec61fb0 [ 51.140000] 1f00: b6f8b510 00000001 00004201 c000924c 00000000 00000003 00000003 00000000 [ 51.140000] 1f20: df4bc940 00022000 00000022 c066e188 b6e7f000 c00836f4 000b6e7f ded6f280 [ 51.140000] 1f40: ded6f280 b6e80000 dec61f80 ded6f280 00020000 c0091508 00000000 00000003 [ 51.140000] 1f60: 00022000 00000000 00000000 ded6f280 ded6f280 00020000 b6e80000 c0091d9c [ 51.140000] 1f80: 00000000 00000000 ffffffff 00020000 00020000 b6e80000 00000003 c000f124 [ 51.140000] 1fa0: dec60000 c000efa0 00020000 00020000 00000003 b6e80000 00020000 000271c4 [ 51.140000] 1fc0: 00020000 00020000 b6e80000 00000003 7fffe000 00000000 00000000 00020000 [ 51.140000] 1fe0: 00000000 bef50b64 00013835 b6f29c76 400f0030 00000003 00000000 00000000 [ 51.140000] [] (at91_pinconf_get) from [] (at91_pinconf_dbg_show+0x18/0x2c0) [ 51.140000] [] (at91_pinconf_dbg_show) from [] (pinconf_pins_show+0xc8/0xf8) [ 51.140000] [] (pinconf_pins_show) from [] (seq_read+0x1a0/0x464) [ 51.140000] [] (seq_read) from [] (__vfs_read+0x20/0xd0) [ 51.140000] [] (__vfs_read) from [] (vfs_read+0x7c/0x108) [ 51.140000] [] (vfs_read) from [] (SyS_read+0x40/0x94) [ 51.140000] [] (SyS_read) from [] (ret_fast_syscall+0x0/0x3c) [ 51.140000] Code: eb010ec2 e30a0d08 e34c005a eb0ae5a7 (e5993000) [ 51.150000] ---[ end trace fb3c370da3ea4794 ]--- Fixes: a0b957f306fa ("pinctrl: at91: allow to have disabled gpio bank") Cc: stable@vger.kernel.org # 3.18 Signed-off-by: David Dueck Acked-by: Ludovic Desroches Acked-by: Alexandre Belloni Acked-by: Nicolas Ferre Cc: Boris Brezillon Cc: Jean-Christophe PLAGNIOL-VILLARD Cc: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Linus Walleij Signed-off-by: Sasha Levin --- drivers/pinctrl/pinctrl-at91.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/pinctrl/pinctrl-at91.c b/drivers/pinctrl/pinctrl-at91.c index d6380c187db6..ceebe2e3882f 100644 --- a/drivers/pinctrl/pinctrl-at91.c +++ b/drivers/pinctrl/pinctrl-at91.c @@ -322,6 +322,9 @@ static const struct pinctrl_ops at91_pctrl_ops = { static void __iomem *pin_to_controller(struct at91_pinctrl *info, unsigned int bank) { + if (!gpio_chips[bank]) + return NULL; + return gpio_chips[bank]->regbase; } @@ -731,6 +734,10 @@ static int at91_pmx_set(struct pinctrl_dev *pctldev, unsigned selector, pin = &pins_conf[i]; at91_pin_dbg(info->dev, pin); pio = pin_to_controller(info, pin->bank); + + if (!pio) + continue; + mask = pin_to_mask(pin->pin); at91_mux_disable_interrupt(pio, mask); switch (pin->mux) { @@ -850,6 +857,10 @@ static int at91_pinconf_get(struct pinctrl_dev *pctldev, *config = 0; dev_dbg(info->dev, "%s:%d, pin_id=%d", __func__, __LINE__, pin_id); pio = pin_to_controller(info, pin_to_bank(pin_id)); + + if (!pio) + return -EINVAL; + pin = pin_id % MAX_NB_GPIO_PER_BANK; if (at91_mux_get_multidrive(pio, pin)) @@ -891,6 +902,10 @@ static int at91_pinconf_set(struct pinctrl_dev *pctldev, "%s:%d, pin_id=%d, config=0x%lx", __func__, __LINE__, pin_id, config); pio = pin_to_controller(info, pin_to_bank(pin_id)); + + if (!pio) + return -EINVAL; + pin = pin_id % MAX_NB_GPIO_PER_BANK; mask = pin_to_mask(pin); -- 2.17.1