Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3129451pxb; Fri, 5 Nov 2021 10:12:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxe9E0CtYcDligugKmNQJazpVPWwHtx60xd8JLWTa+5EJtiFCChdg8dlsnFeMVEHBo7YMUV X-Received: by 2002:a17:907:6e16:: with SMTP id sd22mr59190935ejc.542.1636132354319; Fri, 05 Nov 2021 10:12:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1636132354; cv=none; d=google.com; s=arc-20160816; b=mnllSYbQMoEDxMSPgpTtjrrBJXRuTgRbH0ou1LVMEJp6Brx+tfQ3wVi5ZkY+G/yYLz hNpP6EdUJpromVNSpEHjHKUcoiE16m1myzsZ0390VqN5s97ToBxGrSml129KNCRBlwRz sfFmeEDVostgywG1ba5P7wceRLZ63b/6ewTyaOLPnzLNy1DOEag3oZ0C2VIPWg/JF8q4 BInYvdMsTH3m2Nr0eeJJOa3hlMkCpBi+jVGd8xbolY+B1wU1J6efr74iuG0t2nZg3zI+ K2t1FOHpFRFx4R6OBeOt4RKWEOMcOcImXbXhDyf40IjeSli07t7LHNTsAuieVqlPPr/B Xqlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=rbAN5/q5aC9W3g+TNBCzDR83qZDPyKlQY+DOynOxaWc=; b=VAYpmr6pVghx+RG5zaiRx7t9LfWxOe3kloOHvbTY1fOsWN7/3YIRSGN4OW7MPASe1v mmw3sG4mPCfw2Vd91vON4gDb2BzKQe2IxLXxNAOB3PZe648posPPpwtRhw5s0XMlM1n8 mwMqIazScqEBWhr7FOE2G3FzIoVK2MUtIfxqXlhx12BXL+B6k9MotO337daZKIvB2nwe x2sjsbX7RoR131D537/eGzRMQYgzNReSmt9h1tTHY2RFMNNwtCqZfSR4tY8F28kEXJNm kuUP+cLh49eMdCSEoUqHTRiD7Ozd84QFFypT5OHmlzglzwNqCeDwt7xyh3Htv7MtHICu n7EA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VhRTph4H; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ee48si12126802edb.425.2021.11.05.10.12.06; Fri, 05 Nov 2021 10:12:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VhRTph4H; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232718AbhKEQW1 (ORCPT + 99 others); Fri, 5 Nov 2021 12:22:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232711AbhKEQW0 (ORCPT ); Fri, 5 Nov 2021 12:22:26 -0400 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B334C061205 for ; Fri, 5 Nov 2021 09:19:46 -0700 (PDT) Received: by mail-wr1-x42f.google.com with SMTP id n29so2835833wra.11 for ; Fri, 05 Nov 2021 09:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=rbAN5/q5aC9W3g+TNBCzDR83qZDPyKlQY+DOynOxaWc=; b=VhRTph4H734/VFWv5Yc71JjNDUjDWgs0/IuG/jYe+c8C50wENnseJ+QPDkeHwA/Nue 3Xbz6x92PZ1BndQkUjML5iQSRz57Exiqd4kboE5ww4Ti3PhYah3rJXKFO3VBZuHPSm5d /Vp2YxW1Ff7eL1Hof4VeOgn/6RiT1J2qNZBgTT5dWMbqkoNDUOHmieu/xtNsT+DOfHse lp4ngxhcokO09ZxK4RxQit5P3ZgRlqPR9QAcPp8UKoyZIKMT5Ch7QIC8S6CWCGMCMyRa K4TrMCiO7ZTy3gyYspywYPzKmkKetTIZYOYIW9iHGu85e53bazQM34oeM0j/mZqmD+Bq Zgqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=rbAN5/q5aC9W3g+TNBCzDR83qZDPyKlQY+DOynOxaWc=; b=lKgZTFfnzygvjRifzZXm0juOz8QkuCvmV672JQsu6Og/B26E9NeJl9wdJToKa5iAbT ypjx3ikWP2Ueei4RXt5+fay4tp554eyMifAkh3Sfu+ZCqFp4MHwieFxq9YZkXRo4qtLn MUuLex7/MEEadRQPTWpa5W0dc8vFwyAdpcZM9XJk3k+NWcWx4MICZQL5ADf5FkdaUKr+ uJ3SC8PMWWhoEEVRXU2q6v8CHuaHIzSa39uUrKvlAU0vpxZB1WrctSuy6Vj+t4psItN+ amlb/Cs+1On9roBcrclg0rx0mLK5hmV+G3pIvhyo0Ilt2SUnPLl2pjYfsty0cb+dRaGu tmig== X-Gm-Message-State: AOAM5339ChBzbGa+uYs1WaO8N5SeWTSJVu+MudTQNMgu4VWSJlq/RQFX yjYe0pdlKSbTQAdzrkZ4VL0o6A== X-Received: by 2002:a5d:4575:: with SMTP id a21mr60441042wrc.193.1636129184919; Fri, 05 Nov 2021 09:19:44 -0700 (PDT) Received: from ?IPv6:2a01:e34:ed2f:f020:decd:efcb:adc8:b46? ([2a01:e34:ed2f:f020:decd:efcb:adc8:b46]) by smtp.googlemail.com with ESMTPSA id x4sm6686432wmi.3.2021.11.05.09.19.43 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Nov 2021 09:19:43 -0700 (PDT) Subject: Re: [RESEND PATCH v2] thermal: Fix a NULL pointer dereference To: "Rafael J. Wysocki" , Subbaraman Narayanamurthy Cc: Amit Kucheria , Zhang Rui , Nick Desaulniers , Linux PM , Linux Kernel Mailing List , David Collins , Manaf Meethalavalappu Pallikunhi , Stable References: <1636070227-15909-1-git-send-email-quic_subbaram@quicinc.com> From: Daniel Lezcano Message-ID: Date: Fri, 5 Nov 2021 17:19:42 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/11/2021 16:14, Rafael J. Wysocki wrote: > On Fri, Nov 5, 2021 at 12:57 AM Subbaraman Narayanamurthy > wrote: >> >> of_parse_thermal_zones() parses the thermal-zones node and registers a >> thermal_zone device for each subnode. However, if a thermal zone is >> consuming a thermal sensor and that thermal sensor device hasn't probed >> yet, an attempt to set trip_point_*_temp for that thermal zone device >> can cause a NULL pointer dereference. Fix it. >> >> console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp >> ... >> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 >> ... >> Call trace: >> of_thermal_set_trip_temp+0x40/0xc4 >> trip_point_temp_store+0xc0/0x1dc >> dev_attr_store+0x38/0x88 >> sysfs_kf_write+0x64/0xc0 >> kernfs_fop_write_iter+0x108/0x1d0 >> vfs_write+0x2f4/0x368 >> ksys_write+0x7c/0xec >> __arm64_sys_write+0x20/0x30 >> el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc >> do_el0_svc+0x28/0xa0 >> el0_svc+0x14/0x24 >> el0_sync_handler+0x88/0xec >> el0_sync+0x1c0/0x200 >> >> While at it, fix the possible NULL pointer dereference in other >> functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(), >> of_thermal_get_trend(). > > Can the subject be more specific, please? > > The issue appears to be limited to the of_thermal_ family of > functions, but the subject doesn't reflect that at all. > >> Suggested-by: David Collins >> Signed-off-by: Subbaraman Narayanamurthy > > Daniel, any concerns regarding the code changes below? I've a concern about the root cause but I did not have time to investigate how to fix it nicely. thermal_of is responsible of introducing itself between the thermal core code and the backend. So it defines the ops which in turn call the sensor ops leading us to this problem. So, without a better solution, this fix can be applied until we rethink the thermal_of approach. Acked-by: Daniel Lezcano -- Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog