Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp653042pxb; Thu, 20 Jan 2022 23:22:25 -0800 (PST) X-Google-Smtp-Source: ABdhPJxD/XlnAwUooMnlCsDQjNqU2rdbFpuYVoA2yQP9WuivAZn5RkLjpVLxIKzkNqoYUhN1HUK4 X-Received: by 2002:a17:903:2345:b0:14b:1cd5:f7d with SMTP id c5-20020a170903234500b0014b1cd50f7dmr2196525plh.107.1642749745521; Thu, 20 Jan 2022 23:22:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642749745; cv=none; d=google.com; s=arc-20160816; b=lG32badpKWL/Cik+sm4r7vqs/FaTyZ7gZyrA3kYpKk5XcCJ1Qj9pO5O/QBtwDKvvwS LK8oXAEMABhZ7Ri8LuQ1wRZxUk5uzYg8cQDgh+GiIxvGnw0S218mu9x+Slg8mCxBtkIp k6G8vR30r+OcR0mg8/m1DENh+OpBOOlTUA3nl+5rLJPe/5xySWJM0m18oTqGoKwnDLsU 7knmFQ4hVpWF7ddePaYn7oa1Mtm+ReVvo1w3cO3kNXffAPNgnV6romMnUKyfSBdNWaRS LNxczUvo1FNaOtpbHRzb6vzr7lCjNO5ns4zWVvXIrWW42Zu4qagLEL685mz0Nfdm0D5x UVLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=OSqqLhyTtzJxhz0q3DXFIpxiiCpjsPm+6enDaOk0ioI=; b=R78ZTuFJNojEHC5yxPvuIa/nOoQ9fQ6R/b9BrzJbvGHKc/0kfFDOy07+CbgIi1v8SQ gqb4PNfoAZ7AhXQ6dzCOBBCVLV74bosd8In+P6iEp+VorwAEkkbip0aS12BOn7sJy+Iv m2VSmG9OZYJwJOAB89D5a4jgbeltNA/WEa5iiAwKiZQQjNfNgQz68GG6KvuBMH48z7aG GWKYQao6xKA4UyomHA2aK74ozOQKu4/0fYOHFAz2GlpW4QOmw3eZbkndS3SsvA4Vy89f IbfEf6QYumEzv8HaW+2aB3tYjnt/IxG0L3L1JBDP6fMhXlofwhzF3FZBDvPStUtEN6Lx 0VqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=nZta7Svi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id np11si6585185pjb.174.2022.01.20.23.22.13; Thu, 20 Jan 2022 23:22:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=nZta7Svi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348932AbiARUMr (ORCPT + 99 others); Tue, 18 Jan 2022 15:12:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52368 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343489AbiARUMq (ORCPT ); Tue, 18 Jan 2022 15:12:46 -0500 Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31878C061574 for ; Tue, 18 Jan 2022 12:12:46 -0800 (PST) Received: by mail-yb1-xb2b.google.com with SMTP id o80so376426yba.6 for ; Tue, 18 Jan 2022 12:12:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=OSqqLhyTtzJxhz0q3DXFIpxiiCpjsPm+6enDaOk0ioI=; b=nZta7SvitwxRUx3wprgyqeBWZ0dDlrCpUUNu6Hic5upqDFiLjb9UqZBc+u2Dm6OgCy xqddIBKlcrqDpBPrBTwBj0dnfPdNZIwZ7qCTO+scmQn874g6od62Vs0y9wPf7lZ43EUi VyuHxuG0cP5Y807TjuGVSg9Mp+0nMGmaqTSjc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=OSqqLhyTtzJxhz0q3DXFIpxiiCpjsPm+6enDaOk0ioI=; b=r+Ss/Ssy9/wAeyOV3lTDGgBFndAPvGpD/7fZVKr9KbqjC9rN8E9q6qywokme2T6zs1 IgIc7R21tSSguwvcAwl7WxYAZpf5Da4HmpL2b+xYFhHjcRvk6mwHfV4PC/pcn/aWA5Ww Hu4IqTbO/S0U00p0BG3kYdeVjO14OQzCyLRwaAV8eKfE1qShigosipj4/zXZYMmEfb8X WAIZO2T30VDDaQ/Gp44LulCEuDNHgh/wkUAWmuj16172mxmv9LOssgvU2Ax8tJgC0poh VSN6Gxkc07l/Auh4fVXQgpnlf0oINF72tEqaFHUaaqWejGNW6/SFTXuekUTSRxw1LRBt VCFg== X-Gm-Message-State: AOAM533R5KhndOGpDpM2r+7Z4TruurPxRZvWwVlBWymuxya4pGjPX7AX XIAFdj3xX0F/sD1A/KyguFLFaCLtGN6UXyrT2KJv3g== X-Received: by 2002:a25:b7cd:: with SMTP id u13mr35687434ybj.93.1642536765437; Tue, 18 Jan 2022 12:12:45 -0800 (PST) MIME-Version: 1.0 References: <20220118163754.nfy53mfjpazgw2a2@eve> In-Reply-To: From: Prashant Malani Date: Tue, 18 Jan 2022 12:12:34 -0800 Message-ID: Subject: Re: Null pointer dereference in cros-ec-typec To: Benson Leung , mr.chromebox@gmail.com Cc: Alyssa Ross , Benson Leung , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org (+Mr.Chromebox team; using the address listed in https://mrchromebox.tech/#support ) Hi Team Mr.Chromebox, Could you kindly provide some more detail regarding how the GOOG0014 Type C ACPI device is set up in the Mr Chromebox BIOS for Chromebooks (the driver expects it to be embedded in the GOOG0004 EC device)? We want to enable Alyssa and other developers using the Mr.Chromebox BIOS to have a functional cros-ec-typec driver, so would like to help ensure that the device is set up correctly in ACPI. Thanks! -Prashant On Tue, Jan 18, 2022 at 11:49 AM Prashant Malani wro= te: > > Hi Benson and Alyssa, > > On Tue, Jan 18, 2022 at 11:33 AM Benson Leung wrote: > > > > Hi Alyssa, > > > > Thanks for reaching out. > > > > On Tue, Jan 18, 2022 at 04:37:54PM +0000, Alyssa Ross wrote: > > > My distribution recently enabled the Chrome OS EC Type C control driv= er > > > in its kernel builds. On my Google Pixelbook i7 (eve), the driver re= ports > > > a null pointer dereference at boot. From what I can tell, this happe= ns > > > because typec->ec is set to NULL in cros_typec_probe. Other drivers, > > > like cros-usbpd-notify, appear to be set up to handle this case. As = a > > > result of this bug, I'm no longer able to reboot my computer, because > > > udevd hangs while trying to do something with the device whose driver > > > isn't working. > > > > > > > I've copied Prashant, who's the author of the typec driver as well as > > cros-usbpd-notify. > > > > Prashant, any thoughts on a more graceful failure out of the typec driv= er's > > probe in case there's no ec object? > > We can add a NULL check and just abort the driver probe if the pointer is > not valid (the driver is useless without that pointer anyway). > > A note: The NULL check makes sense on older drivers like cros-usbpd-notif= y since > they can exist in ACPI configurations where they are *not* embedded > inside the GOOG0004 > EC device (on older Chromebooks). That is not the case for the EC Type C = device. > > This raises another issue: the custom BIOS from Mr. Chromebox is > likely not setting > up the EC Type C ACPI (GOOG0014) device correctly; it *must* be > embedded inside the overall > EC device (GOOG0004). If this is not being done, then the GOOG0014 > device should not > be added to the ACPI tables at all. > > I would like to understand whether the above was intentional from the > Mr. Chromebox BIOS developers; > otherwise we are letting an incorrect ACPI configuration just fail > with a probe error. > > Thanks, > > -Prashant > > > > > > Here's the full Oops. I was able to reproduce the issue with every > > > kernel I tried, from 5.10 to mainline. > > > > > > cros-usbpd-notify-acpi GOOG0003:00: Couldn't get Chrome EC device poi= nter. > > > input: Intel Virtual Buttons as /devices/pci0000:00/0000:00:1f.0/PNP0= C09:00/INT33D6:00/input/input14 > > > BUG: kernel NULL pointer dereference, address: 00000000000000d8 > > > #PF: supervisor read access in kernel mode > > > #PF: error_code(0x0000) - not-present page > > > PGD 0 P4D 0 > > > Oops: 0000 [#1] SMP PTI > > > CPU: 1 PID: 561 Comm: systemd-udevd Not tainted 5.15.12 #4 > > > Hardware name: Google Eve/Eve, BIOS MrChromebox-4.14 08/06/2021 > > > > > > Ah, here's the problem. It looks like this is a custom bios from Mr Chr= omebox, > > so this is not a bios combination we validate at Google. > > > > Thank you for the report. We'll look into fixing this and marking the f= ix > > for stable kernels so that it goes back to 5.10. > > > > Thanks, > > > > Benson > > > > > RIP: 0010:__mutex_lock+0x59/0x8c0 > > > Code: 53 48 89 cb 48 83 ec 70 89 75 9c be 3d 02 00 00 4c 89 45 90 e8 = 18 47 33 ff e8 e3 e2 ff ff 44 8b 35 a4 85 e8 02 45 85 f6 75 0a <4d> 3b 6d 6= 8 0f 85 bf 07 00 00 65 ff 05 b6 5b 23 75 ff 75 90 4d 8d > > > RSP: 0018:ffffb44580a4bb50 EFLAGS: 00010246 > > > RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 > > > RDX: 0000000000000000 RSI: ffffffff8bf91320 RDI: ffff922cbba50e20 > > > RBP: ffffb44580a4bbf0 R08: 0000000000000000 R09: ffff922c5bac8140 > > > R10: ffffb44580a4bc10 R11: 0000000000000000 R12: 0000000000000000 > > > R13: 0000000000000070 R14: 0000000000000000 R15: 0000000000000001 > > > FS: 00007f55338d6b40(0000) GS:ffff922fae200000(0000) knlGS:000000000= 0000000 > > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > > CR2: 00000000000000d8 CR3: 000000011bbb2006 CR4: 00000000003706e0 > > > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > > > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > > > Call Trace: > > > > > > ? fs_reclaim_acquire+0x4d/0xd0 > > > ? lock_is_held_type+0xaa/0x120 > > > ? cros_ec_cmd_xfer_status+0x1f/0x110 > > > ? lock_is_held_type+0xaa/0x120 > > > ? cros_ec_cmd_xfer_status+0x1f/0x110 > > > cros_ec_cmd_xfer_status+0x1f/0x110 > > > cros_typec_ec_command+0x91/0x1c0 [cros_ec_typec] > > > cros_typec_probe+0x7f/0x5a8 [cros_ec_typec] > > > platform_probe+0x3f/0x90 > > > really_probe+0x1f5/0x3f0 > > > __driver_probe_device+0xfe/0x180 > > > driver_probe_device+0x1e/0x90 > > > __driver_attach+0xc4/0x1d0 > > > ? __device_attach_driver+0xe0/0xe0 > > > ? __device_attach_driver+0xe0/0xe0 > > > bus_for_each_dev+0x67/0x90 > > > bus_add_driver+0x12e/0x1f0 > > > driver_register+0x8f/0xe0 > > > ? 0xffffffffc04ec000 > > > do_one_initcall+0x67/0x320 > > > ? rcu_read_lock_sched_held+0x3f/0x80 > > > ? trace_kmalloc+0x38/0xe0 > > > ? kmem_cache_alloc_trace+0x17c/0x2b0 > > > do_init_module+0x5c/0x270 > > > __do_sys_finit_module+0x95/0xe0 > > > do_syscall_64+0x3b/0x90 > > > entry_SYSCALL_64_after_hwframe+0x44/0xae > > > RIP: 0033:0x7f55344b1f3d > > > Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 = 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f= 0 ff ff 73 01 c3 48 8b 0d bb ee 0e 00 f7 d8 64 89 01 48 > > > RSP: 002b:00007fff187f1388 EFLAGS: 00000246 ORIG_RAX: 000000000000013= 9 > > > RAX: ffffffffffffffda RBX: 000055a53acbe6e0 RCX: 00007f55344b1f3d > > > RDX: 0000000000000000 RSI: 00007f553461732c RDI: 000000000000000e > > > RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000002 > > > R10: 000000000000000e R11: 0000000000000246 R12: 00007f553461732c > > > R13: 000055a53ad94010 R14: 0000000000000007 R15: 000055a53ad95690 > > > > > > Modules linked in: fjes(+) cros_ec_typec(+) typec intel_vbtn(+) cros_= usbpd_notify sparse_keymap soc_button_array int3403_thermal int340x_thermal= _zone int3400_thermal acpi_thermal_rel cros_kbd_led_backlight zram ip_table= s i915 hid_multitouch i2c_algo_bit ttm crct10dif_pclmul crc32_pclmul crc32c= _intel drm_kms_helper nvme ghash_clmulni_intel sdhci_pci cqhci cec nvme_cor= e sdhci serio_raw drm mmc_core i2c_hid_acpi i2c_hid video pinctrl_sunrisepo= int fuse > > > CR2: 00000000000000d8 > > > ---[ end trace 4a12c4896d70352b ]--- > > > > > > > > -- > > Benson Leung > > Staff Software Engineer > > Chrome OS Kernel > > Google Inc. > > bleung@google.com > > Chromium OS Project > > bleung@chromium.org