Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5585463img; Wed, 27 Mar 2019 11:10:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqwJY9H0K1VD3PZEpaHusYZ5dkS42WYXAOOo0ooi36Xehq0UA1E1tbezumSNcXG6HmSnVd/G X-Received: by 2002:a17:902:e20e:: with SMTP id ce14mr24703503plb.193.1553710224151; Wed, 27 Mar 2019 11:10:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553710224; cv=none; d=google.com; s=arc-20160816; b=ptL//S3q3v29zKAuo+oMpH6nJtb4vj7a6waVkMLu1W5qeMNlWtcnNaFqNLWUj04G3H BcShaErsIijEeCc74e0SFam2Yp+LxGa6yuvQPvsJ89KeiugIeHGEsWUP4lIC1eDWGDnx oJRzQeLEYW0fVqMaZTADZSWliHbNXlSmSzZBsFusIYUpdqyAeJ4xTUWKtW/obrLWu9RJ b/6Zv9/gFDzrg7BU7usU5tWgXyG0vQkJgU10Xfcp1m0BNKrUIchDoazIUwBGcbnCk6Ok OcpbpL1UP9T5dC5Wop8PEVCotzyX1UjS+aUbQiFzTPd+/z90j66nT0u5UOj3l+/3bImY swtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qu644KVPVd66mjOMJ6tKldQQ/dU6PoQ0/qmIALMJ/EE=; b=tC0edi9lQHL1qdA1dsfQT+iN1sUfScxNRciUrfclvb79qlPjVngBA8sThxGFTW6qrV 8u3QJH71dxHdYQdm6qLXlLMRKWHG6XHT/sWFCJQkeR5sDXaxWuQRYt7fqyPtOuHLpdJc EabF27AS3iApYUFFR1vTexnayFq1g1gTMB10P0GhZyTNnIRePl/oilSsL99wTRIfreCu sN2m/AX6dAoG0qr93GsM/3VCLxVCj/N9wvaAey5HzCnAYCbl9y1zOLs3rF4wyMWtVhTi iRmLsJDHBkDfiTWAyX0l9EdjEl6+r+oFep9CAl+vxfcdkh9fsCWtglPutmaIn1JqUR4G oj+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Up9N3n7y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a95si21558940pla.350.2019.03.27.11.10.08; Wed, 27 Mar 2019 11:10:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Up9N3n7y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388511AbfC0SJK (ORCPT + 99 others); Wed, 27 Mar 2019 14:09:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:50950 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388500AbfC0SJI (ORCPT ); Wed, 27 Mar 2019 14:09:08 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A5AE32063F; Wed, 27 Mar 2019 18:09:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553710147; bh=nQWkrAGZT1WT2M1gYYlrH5k4ifylVNwinfdKOWwdX14=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Up9N3n7yRFPtvA9VJqBicd0IuTJku7EQ05c8m2A8Yl2kDVCTcgMWsd23co1PGWoQd Ln8hrS8mwcdxgEh+KmAJyBTf8GhkaPvs6N9w/YZDs1KEjtYf3BaUCyaz35jiQKbtjk 4Gvv4S9vM4JdtMbmgsEMrzW4wSEaCXr/rzTA0SdM= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Timo Alho , Thierry Reding , Sasha Levin , linux-tegra@vger.kernel.org Subject: [PATCH AUTOSEL 5.0 217/262] soc/tegra: fuse: Fix illegal free of IO base address Date: Wed, 27 Mar 2019 14:01:12 -0400 Message-Id: <20190327180158.10245-217-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190327180158.10245-1-sashal@kernel.org> References: <20190327180158.10245-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Timo Alho [ Upstream commit 51294bf6b9e897d595466dcda5a3f2751906a200 ] On cases where device tree entries for fuse and clock provider are in different order, fuse driver needs to defer probing. This leads to freeing incorrect IO base address as the fuse->base variable gets overwritten once during first probe invocation. This leads to the following spew during boot: [ 3.082285] Trying to vfree() nonexistent vm area (00000000cfe8fd94) [ 3.082308] WARNING: CPU: 5 PID: 126 at /hdd/l4t/kernel/stable/mm/vmalloc.c:1511 __vunmap+0xcc/0xd8 [ 3.082318] Modules linked in: [ 3.082330] CPU: 5 PID: 126 Comm: kworker/5:1 Tainted: G S 4.19.7-tegra-gce119d3 #1 [ 3.082340] Hardware name: quill (DT) [ 3.082353] Workqueue: events deferred_probe_work_func [ 3.082364] pstate: 40000005 (nZcv daif -PAN -UAO) [ 3.082372] pc : __vunmap+0xcc/0xd8 [ 3.082379] lr : __vunmap+0xcc/0xd8 [ 3.082385] sp : ffff00000a1d3b60 [ 3.082391] x29: ffff00000a1d3b60 x28: 0000000000000000 [ 3.082402] x27: 0000000000000000 x26: ffff000008e8b610 [ 3.082413] x25: 0000000000000000 x24: 0000000000000009 [ 3.082423] x23: ffff000009221a90 x22: ffff000009f6d000 [ 3.082432] x21: 0000000000000000 x20: 0000000000000000 [ 3.082442] x19: ffff000009f6d000 x18: ffffffffffffffff [ 3.082452] x17: 0000000000000000 x16: 0000000000000000 [ 3.082462] x15: ffff0000091396c8 x14: 0720072007200720 [ 3.082471] x13: 0720072007200720 x12: 0720072907340739 [ 3.082481] x11: 0764076607380765 x10: 0766076307300730 [ 3.082491] x9 : 0730073007300730 x8 : 0730073007280720 [ 3.082501] x7 : 0761076507720761 x6 : 0000000000000102 [ 3.082510] x5 : 0000000000000000 x4 : 0000000000000000 [ 3.082519] x3 : ffffffffffffffff x2 : ffff000009150ff8 [ 3.082528] x1 : 3d95b1429fff5200 x0 : 0000000000000000 [ 3.082538] Call trace: [ 3.082545] __vunmap+0xcc/0xd8 [ 3.082552] vunmap+0x24/0x30 [ 3.082561] __iounmap+0x2c/0x38 [ 3.082569] tegra_fuse_probe+0xc8/0x118 [ 3.082577] platform_drv_probe+0x50/0xa0 [ 3.082585] really_probe+0x1b0/0x288 [ 3.082593] driver_probe_device+0x58/0x100 [ 3.082601] __device_attach_driver+0x98/0xf0 [ 3.082609] bus_for_each_drv+0x64/0xc8 [ 3.082616] __device_attach+0xd8/0x130 [ 3.082624] device_initial_probe+0x10/0x18 [ 3.082631] bus_probe_device+0x90/0x98 [ 3.082638] deferred_probe_work_func+0x74/0xb0 [ 3.082649] process_one_work+0x1e0/0x318 [ 3.082656] worker_thread+0x228/0x450 [ 3.082664] kthread+0x128/0x130 [ 3.082672] ret_from_fork+0x10/0x18 [ 3.082678] ---[ end trace 0810fe6ba772c1c7 ]--- Fix this by retaining the value of fuse->base until driver has successfully probed. Signed-off-by: Timo Alho Acked-by: Jon Hunter Signed-off-by: Thierry Reding Signed-off-by: Sasha Levin --- drivers/soc/tegra/fuse/fuse-tegra.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c index a33ee8ef8b6b..51625703399e 100644 --- a/drivers/soc/tegra/fuse/fuse-tegra.c +++ b/drivers/soc/tegra/fuse/fuse-tegra.c @@ -137,13 +137,17 @@ static int tegra_fuse_probe(struct platform_device *pdev) res = platform_get_resource(pdev, IORESOURCE_MEM, 0); fuse->phys = res->start; fuse->base = devm_ioremap_resource(&pdev->dev, res); - if (IS_ERR(fuse->base)) - return PTR_ERR(fuse->base); + if (IS_ERR(fuse->base)) { + err = PTR_ERR(fuse->base); + fuse->base = base; + return err; + } fuse->clk = devm_clk_get(&pdev->dev, "fuse"); if (IS_ERR(fuse->clk)) { dev_err(&pdev->dev, "failed to get FUSE clock: %ld", PTR_ERR(fuse->clk)); + fuse->base = base; return PTR_ERR(fuse->clk); } @@ -152,8 +156,10 @@ static int tegra_fuse_probe(struct platform_device *pdev) if (fuse->soc->probe) { err = fuse->soc->probe(fuse); - if (err < 0) + if (err < 0) { + fuse->base = base; return err; + } } if (tegra_fuse_create_sysfs(&pdev->dev, fuse->soc->info->size, -- 2.19.1