Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3317182pxb; Fri, 5 Nov 2021 13:32:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx6tEvhi/njdn0/ewCDTDIPAndrZA6CQnjUwOCinTV+gyOHE0rboZINwUBwRQCsuZ3I5ZFU X-Received: by 2002:a05:6e02:8a3:: with SMTP id a3mr39396686ilt.88.1636144345504; Fri, 05 Nov 2021 13:32:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1636144345; cv=none; d=google.com; s=arc-20160816; b=JReUEyNYerwuySpJ6RoX3cgZsqwWviJl1xPWTgCGMHrFw83egt80ZwELm0vW7X4xPx Na5SOtzY7q8GE81CcKSaHuLsnC7ppj1idiEJM3lIKCAcUCpMImEhqXCztMSHb55KGlO0 CgF4TouBEt6lyypMI+vOU4toJWfZdTsQAaOQyQ1NgTWiPZxdUdJLM5IrU5jvKPy9ioIO worcAc8Sr4Sze7Td0YZtNhdxsFFtWfWJVFevtnfPh6j7HiiOc2twl9ab8DGhA5bJHYHt TnG4m9XNdU41Dz/N2kq7lDnyq5n3asQ9GSBGbxJnhTsaViAtksZQ04Y+GVRKUEL6IebP dnyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=iEQyOxEpu1v2n/yjp3OP13AcVAy+o4Y94WT9P1jQb/Q=; b=p9Y6hROY4Nc2Q75y9050+xpKpBMbfkO/80+FaW/NDAq7OXJQgZ2JgbJC+pp3QDfxGv XKpigIgiS25Ni0ALzxOiKu9BUoKZvNHva1hQvjPp550GoZ/c+AzRUjzS6sV254j1GPVe UbN4s57a8u2XueBWT8eWe++hY1f01Z1cpKb9vRSI9WXqZRapWVOebLD/9TO+VLtlelW5 TIaaQK1MiFM8KdCjF/YUzOVyEOm0ANPHEczReQKeQN1pOU2j6TITgPTN534HJc9rnYVR IFRZNns+cWsYSQTsfbXDCxVS8hAZ174mt5q/36WuPJoy4nRPZ0EB60i2Dy9mLgiKMIil wQ6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=cvwNZeD3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r8si1914468ioo.36.2021.11.05.13.32.13; Fri, 05 Nov 2021 13:32:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=cvwNZeD3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233152AbhKEULE (ORCPT + 99 others); Fri, 5 Nov 2021 16:11:04 -0400 Received: from alexa-out-sd-01.qualcomm.com ([199.106.114.38]:16998 "EHLO alexa-out-sd-01.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229698AbhKEULD (ORCPT ); Fri, 5 Nov 2021 16:11:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; i=@quicinc.com; q=dns/txt; s=qcdkim; t=1636142904; x=1667678904; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=iEQyOxEpu1v2n/yjp3OP13AcVAy+o4Y94WT9P1jQb/Q=; b=cvwNZeD3txYK7Ua4y3leTcyIze9BxN63bUDgobJSR1IVPi67f3rm4L6f uOr3wVBDugCbkxDKctzeq9x5Q70r3j8Pk1YXolk14VxdLrSbucJZJTXk1 UPKJRZYdnTh8nZTdfexPHcSLq+y5PShNdxEQSVOxYqCKjUjs/BanPJ4rj Q=; Received: from unknown (HELO ironmsg02-sd.qualcomm.com) ([10.53.140.142]) by alexa-out-sd-01.qualcomm.com with ESMTP; 05 Nov 2021 13:08:23 -0700 X-QCInternal: smtphost Received: from nasanex01c.na.qualcomm.com ([10.47.97.222]) by ironmsg02-sd.qualcomm.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Nov 2021 13:08:23 -0700 Received: from nalasex01a.na.qualcomm.com (10.47.209.196) by nasanex01c.na.qualcomm.com (10.47.97.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.922.7; Fri, 5 Nov 2021 13:08:23 -0700 Received: from [10.47.233.232] (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.922.7; Fri, 5 Nov 2021 13:08:22 -0700 Subject: Re: [RESEND PATCH v2] thermal: Fix a NULL pointer dereference To: "Rafael J. Wysocki" , Daniel Lezcano CC: Amit Kucheria , Zhang Rui , "Nick Desaulniers" , Linux PM , Linux Kernel Mailing List , David Collins , Manaf Meethalavalappu Pallikunhi , Stable References: <1636070227-15909-1-git-send-email-quic_subbaram@quicinc.com> From: Subbaraman Narayanamurthy Message-ID: <6fd1b6ca-15fc-757b-8755-7f8ec4110bcc@quicinc.com> Date: Fri, 5 Nov 2021 13:08:22 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [10.49.16.6] X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/5/21 9:37 AM, Rafael J. Wysocki wrote: > On Fri, Nov 5, 2021 at 5:19 PM Daniel Lezcano wrote: >> On 05/11/2021 16:14, Rafael J. Wysocki wrote: >>> On Fri, Nov 5, 2021 at 12:57 AM Subbaraman Narayanamurthy >>> wrote: >>>> of_parse_thermal_zones() parses the thermal-zones node and registers a >>>> thermal_zone device for each subnode. However, if a thermal zone is >>>> consuming a thermal sensor and that thermal sensor device hasn't probed >>>> yet, an attempt to set trip_point_*_temp for that thermal zone device >>>> can cause a NULL pointer dereference. Fix it. >>>> >>>> console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp >>>> ... >>>> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 >>>> ... >>>> Call trace: >>>> of_thermal_set_trip_temp+0x40/0xc4 >>>> trip_point_temp_store+0xc0/0x1dc >>>> dev_attr_store+0x38/0x88 >>>> sysfs_kf_write+0x64/0xc0 >>>> kernfs_fop_write_iter+0x108/0x1d0 >>>> vfs_write+0x2f4/0x368 >>>> ksys_write+0x7c/0xec >>>> __arm64_sys_write+0x20/0x30 >>>> el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc >>>> do_el0_svc+0x28/0xa0 >>>> el0_svc+0x14/0x24 >>>> el0_sync_handler+0x88/0xec >>>> el0_sync+0x1c0/0x200 >>>> >>>> While at it, fix the possible NULL pointer dereference in other >>>> functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(), >>>> of_thermal_get_trend(). >>> Can the subject be more specific, please? >>> >>> The issue appears to be limited to the of_thermal_ family of >>> functions, but the subject doesn't reflect that at all. >>> >>>> Suggested-by: David Collins >>>> Signed-off-by: Subbaraman Narayanamurthy >>> Daniel, any concerns regarding the code changes below? >> I've a concern about the root cause but I did not have time to >> investigate how to fix it nicely. >> >> thermal_of is responsible of introducing itself between the thermal core >> code and the backend. So it defines the ops which in turn call the >> sensor ops leading us to this problem. >> >> So, without a better solution, this fix can be applied until we rethink >> the thermal_of approach. >> >> Acked-by: Daniel Lezcano > Thanks! > > I've queued it up for 5.16-rc as "thermal: Fix NULL pointer > dereferences in of_thermal_ functions". Thanks, Daniel and Rafael. So, I guess I don't need to send v3 with fixing commit subject right? -Subbaraman