Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp99879pxb; Thu, 20 Jan 2022 09:37:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJwzyMeVJNK89a3P6QnzQQrnGqpFEk0sRHqyh7Je+OSWpdtPS4xLbxCUingo3GlseOLPwXVP X-Received: by 2002:a17:90a:5b04:: with SMTP id o4mr71354pji.20.1642700231943; Thu, 20 Jan 2022 09:37:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642700231; cv=none; d=google.com; s=arc-20160816; b=qUfevoIm6bZ65zn5GMjYIOnkcpknWeUL2KFY35l1zzkfYTIjGxcunNK4kN6Xd1kt3q ycCGfTrgBAqemBGe2h64IfrJaBGlj14xw9WatYyDwNmA9ingQHKQidRXe4bSkSl3ZlLU 1p4Ft+TPBzAEThcFAwf82Mt+zErHYc1bEwVFnarpppN0+7W+8D+EyJBcn3BM4cLXZs2Q X6cR+GPf3aj02iwdYPOfHVCaH2v6uOnbcl2FwwA8Duo0LpzvhaER+rAKiARpQFxjMUDZ N1kBVyNiWEAyPzOY+azzJ+od0ck5ou1ZzGkWxXme0bDF3Npc7gdscvTfKLNQAD3QLSra UK5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:dkim-signature:dkim-signature; bh=kzKWvA76ooSej4gfgZrClUbuWFVSATNe1t3ug/kwcIc=; b=KBDaFov6AjmWtCsUbIeIl/io/04YS2NMwJAJMesJ1foGIkwU3/zYdobcH3qcJ90qLp G5F0dTKGOWpq65n+avtJpoKbElQJ0a78zCZsU9+xsLUkyLBCIsLmi8SnHNdE3EYgJi4K P4YxGf5O6jWBOYsorch7H4z4iW1lDASceZczASnb/hNpW5PHZS9w/HaNB8X8qNot9nKD SckCstJ/py6PVEcOaF40VSwfLDOlUkU3vObZWd8ovuUjIzZbd1IxElio7UaERlQ3ScIt jQ4jxBHeFGjvU0vj8HY7Ey+7ztMtrmreUGcack7WQm7ezVZLLAtn6zei2q6/nTpTd447 ykyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alyssa.is header.s=fm2 header.b=GgQY8eJY; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=EQ5DbdWQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t62si3854725pgd.332.2022.01.20.09.36.59; Thu, 20 Jan 2022 09:37:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alyssa.is header.s=fm2 header.b=GgQY8eJY; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=EQ5DbdWQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244538AbiARQh7 (ORCPT + 99 others); Tue, 18 Jan 2022 11:37:59 -0500 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:37001 "EHLO wout4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243422AbiARQh6 (ORCPT ); Tue, 18 Jan 2022 11:37:58 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 428473201E15; Tue, 18 Jan 2022 11:37:57 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Tue, 18 Jan 2022 11:37:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h= date:from:to:cc:subject:message-id:mime-version:content-type; s= fm2; bh=kzKWvA76ooSej4gfgZrClUbuWFVSATNe1t3ug/kwcIc=; b=GgQY8eJY uy3NX8u1L1bo9DAgUvfgQS05c6ZiE2WAxFbGBOOzQbAOesh8NQJNmB/k9NRXpEFe i7sdZhrUkAh8GS+6ByqGJ3vv0+nQZq7udBFqLj6y8J+TZtWUiR3IylZ6j3uha2XJ 6szR4UWawG1o0bskl3nx+PXIfzlboK+A9/tLQrvSYYQVUH1QU1wyzQ0HSvIeuRcN IhtPxTStfKublEfbWtho4HL7zUxPIQWy+f1rHP+YytHbg2+VYXsI1r7JPmZftvmI 2xkZInSXu7BSX8SGTOEEagNpcj6pQDHWK8ukmuwAFDaqgtTuXa91VE8qAf7nEqvM 1kNo8Tc673rfRw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=kzKWvA76ooSej4gfgZrClUbuWFVSA TNe1t3ug/kwcIc=; b=EQ5DbdWQJGkc7FvnlOjn2xEp36NvK+370Vm7J0COQTk/Q fGIOU+BnARLbmB9KWc8HWKWyu3Vb0c4VQuQoz7Pa+49s/Qph5nweeOR3tYKcik3i nmEOdfSt5+38aOAmNEnaYfAq3gidX1VFow4JwBxCtrGq3Bgy0goBca7tUjKOKfa+ NBUuOsx3/vqzoFOhhKPaPMU6UU3z+geshU5KKRrMbGJu+u8TCUJIf3mdcDRAR08c 2SiHtDtf/bW1AGv4KYF3VECgVXVQSB3kx79XYDC8HfJ6OD82qMYFE5dqRfdxiFaP SM5uiwSJxGsIrwbMFZ6Q8ztJQzvx7VOJHBc93V0UA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudefgdeltdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkgggtugesghdtreertddtvdenucfhrhhomheptehlhihsshgrucft ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepueeghfdvte eifeekhfekgfehkedvgfegudehtedttdelvddvjeetffelffeigfdtnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepqhihlhhishhssegvvhgvrd hqhihlihhsshdrnhgvth X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 18 Jan 2022 11:37:56 -0500 (EST) Received: by eve.qyliss.net (Postfix, from userid 1000) id 671448E27; Tue, 18 Jan 2022 16:37:54 +0000 (UTC) Date: Tue, 18 Jan 2022 16:37:54 +0000 From: Alyssa Ross To: Benson Leung , Enric Balletbo i Serra Cc: linux-kernel@vger.kernel.org Subject: Null pointer dereference in cros-ec-typec Message-ID: <20220118163754.nfy53mfjpazgw2a2@eve> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="yiyer7cksutrzs6v" Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --yiyer7cksutrzs6v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline My distribution recently enabled the Chrome OS EC Type C control driver in its kernel builds. On my Google Pixelbook i7 (eve), the driver reports a null pointer dereference at boot. From what I can tell, this happens because typec->ec is set to NULL in cros_typec_probe. Other drivers, like cros-usbpd-notify, appear to be set up to handle this case. As a result of this bug, I'm no longer able to reboot my computer, because udevd hangs while trying to do something with the device whose driver isn't working. Here's the full Oops. I was able to reproduce the issue with every kernel I tried, from 5.10 to mainline. cros-usbpd-notify-acpi GOOG0003:00: Couldn't get Chrome EC device pointer. input: Intel Virtual Buttons as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input14 BUG: kernel NULL pointer dereference, address: 00000000000000d8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 1 PID: 561 Comm: systemd-udevd Not tainted 5.15.12 #4 Hardware name: Google Eve/Eve, BIOS MrChromebox-4.14 08/06/2021 RIP: 0010:__mutex_lock+0x59/0x8c0 Code: 53 48 89 cb 48 83 ec 70 89 75 9c be 3d 02 00 00 4c 89 45 90 e8 18 47 33 ff e8 e3 e2 ff ff 44 8b 35 a4 85 e8 02 45 85 f6 75 0a <4d> 3b 6d 68 0f 85 bf 07 00 00 65 ff 05 b6 5b 23 75 ff 75 90 4d 8d RSP: 0018:ffffb44580a4bb50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffffff8bf91320 RDI: ffff922cbba50e20 RBP: ffffb44580a4bbf0 R08: 0000000000000000 R09: ffff922c5bac8140 R10: ffffb44580a4bc10 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000070 R14: 0000000000000000 R15: 0000000000000001 FS: 00007f55338d6b40(0000) GS:ffff922fae200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000d8 CR3: 000000011bbb2006 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? fs_reclaim_acquire+0x4d/0xd0 ? lock_is_held_type+0xaa/0x120 ? cros_ec_cmd_xfer_status+0x1f/0x110 ? lock_is_held_type+0xaa/0x120 ? cros_ec_cmd_xfer_status+0x1f/0x110 cros_ec_cmd_xfer_status+0x1f/0x110 cros_typec_ec_command+0x91/0x1c0 [cros_ec_typec] cros_typec_probe+0x7f/0x5a8 [cros_ec_typec] platform_probe+0x3f/0x90 really_probe+0x1f5/0x3f0 __driver_probe_device+0xfe/0x180 driver_probe_device+0x1e/0x90 __driver_attach+0xc4/0x1d0 ? __device_attach_driver+0xe0/0xe0 ? __device_attach_driver+0xe0/0xe0 bus_for_each_dev+0x67/0x90 bus_add_driver+0x12e/0x1f0 driver_register+0x8f/0xe0 ? 0xffffffffc04ec000 do_one_initcall+0x67/0x320 ? rcu_read_lock_sched_held+0x3f/0x80 ? trace_kmalloc+0x38/0xe0 ? kmem_cache_alloc_trace+0x17c/0x2b0 do_init_module+0x5c/0x270 __do_sys_finit_module+0x95/0xe0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f55344b1f3d Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d bb ee 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007fff187f1388 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000055a53acbe6e0 RCX: 00007f55344b1f3d RDX: 0000000000000000 RSI: 00007f553461732c RDI: 000000000000000e RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000002 R10: 000000000000000e R11: 0000000000000246 R12: 00007f553461732c R13: 000055a53ad94010 R14: 0000000000000007 R15: 000055a53ad95690 Modules linked in: fjes(+) cros_ec_typec(+) typec intel_vbtn(+) cros_usbpd_notify sparse_keymap soc_button_array int3403_thermal int340x_thermal_zone int3400_thermal acpi_thermal_rel cros_kbd_led_backlight zram ip_tables i915 hid_multitouch i2c_algo_bit ttm crct10dif_pclmul crc32_pclmul crc32c_intel drm_kms_helper nvme ghash_clmulni_intel sdhci_pci cqhci cec nvme_core sdhci serio_raw drm mmc_core i2c_hid_acpi i2c_hid video pinctrl_sunrisepoint fuse CR2: 00000000000000d8 ---[ end trace 4a12c4896d70352b ]--- --yiyer7cksutrzs6v Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmHm7N4ACgkQ+dvtSFmy ccBrCRAAmF6grJVOlZ4n9mQigbLYWA6rDFpnSWa0H+Ua9Qd0y6XzFb3HY4MpybeV vE7plrNxpwDRddtFZqEbcl0OWcbwTA/Vmlt+16bMd92+LxL83PeSk4fMNhhnVBdw zQv4cfNnukPJ+M/PDwLpZRY+5mHRcc4Mzol7nAZ0R8ej2iBWPwMe/JCEZh3i7zNw quUntxfpSaT7+A0YQch8mUBgcLyc13kfMEd/NVn8MTYoZG50yScE3DSQzx7eeGTI x0Yqm3DtBVIF3qvjrYChrou3a7smO1sNFVARJOW2jxuR5Rl79Mp0wylpxYMUyZbI Hz3u/skfxvrcqdKxNwxnJgk7ugTlL1zcEuc+Elmj4D65I04NI0qzTTUAsEfKjWpV tona9Q3T5d1BGQQJc3uZmIa+fyd9wMQwKDAjMnmbueMc0Wg8aHcRfy41kVVRN1k8 ik9oVKLx2X9hN8VxFgraA8QQTAX0FiscpzEpLoCzmvMfn7yfW1SZTAy9U0NqmRxg kdJ9atSwaOF3CLLEOnxJ9UmVJsNGn7f19Az41PuaxarlfdJu4W0MDC2Wmllc/V+m nB1YHMwIZURpe0f1McOJhkU1+sBpyEVt4zcvX8OtjPpJzvlmYkVNIm9uR4voYrKE 0SlsYM3gmI6K+Qb0LnMhT1oEE+oxDbpwx/gU/J+dp9Xbxb69NOc= =5hiC -----END PGP SIGNATURE----- --yiyer7cksutrzs6v--