[BUG][PATCH] cpqphp: fix kernel NULL pointer dereference - Kernel

This is a discussion on [BUG][PATCH] cpqphp: fix kernel NULL pointer dereference - Kernel ; Hi, The following patch fixes the regression in 2.6.27 that causes kernel NULL pointer dereference at cpqphp driver probe time. This patch should be backported to the .27 stable series. Thanks, Kenji Kaneshige Fix the following kernel panic problem reported ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: [BUG][PATCH] cpqphp: fix kernel NULL pointer dereference

  1. [BUG][PATCH] cpqphp: fix kernel NULL pointer dereference

    Hi,

    The following patch fixes the regression in 2.6.27 that causes
    kernel NULL pointer dereference at cpqphp driver probe time.
    This patch should be backported to the .27 stable series.

    Thanks,
    Kenji Kaneshige


    Fix the following kernel panic problem reported by Ingo Molnar. This
    seems to be introduced by f46753c5e354b857b20ab8e0fe7b2579831dc369.

    > [ 10.212026] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
    > [ 10.220030] initcall pci_hotplug_init+0x0/0x60 returned 0 after 7812
    > usecs [ 10.224030] calling cpqhpc_init+0x0/0x70 @ 1
    > [ 10.228026] cpqphp: Compaq Hot Plug PCI Controller Driver version: 0.9.8
    > [ 10.236101] bus: 'pci': add driver compaq_pci_hotplug
    > [ 10.240123] bus: 'pci': driver_probe_device: matched device 0000:00:0b.0
    > with driver compaq_pci_hotplug [ 10.252026] bus: 'pci': really_probe:
    > probing driver compaq_pci_hotplug with device 0000:00:0b.0 [ 10.260156]
    > compaq_pci_hotplug 0000:00:0b.0: PCI INT A -> GSI 26 (level, low) -> IRQ 26
    > [ 10.268064] cpqphp: Hot Plug Subsystem Device ID: a2f8
    > [ 10.276033] cpqphp: Initializing the PCI hot plug controller residing on
    > PCI bus 0 [ 10.280073] PCI: Using BIOS Interrupt Routing Table
    > [ 10.289396] PCI: Using BIOS Interrupt Routing Table
    > [ 10.294181] BUG: unable to handle kernel NULL pointer dereference at
    > 00000020 [ 10.302497] IP: [] pci_create_slot+0x28/0x170
    > [ 10.308022] *pde = 00000000
    > [ 10.311199] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
    > [ 10.312000] Dumping ftrace buffer:
    > [ 10.312000] (ftrace buffer empty)
    > [ 10.312000]
    > [ 10.312000] Pid: 1, comm: swapper Not tainted
    > (2.6.27-tip-03538-g2075f6f-dirty #2) ProLiant [ 10.312000] EIP:
    > 0060:[] EFLAGS: 00010213 CPU: 1
    > [ 10.312000] EIP is at pci_create_slot+0x28/0x170
    > [ 10.312000] EAX: 00000246 EBX: 00000001 ECX: 03eb1000 EDX: c0f1396c
    > [ 10.312000] ESI: 00000001 EDI: 00000000 EBP: f705bcac ESP: f705bc80
    > [ 10.312000] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
    > [ 10.312000] Process swapper (pid: 1, ti=f705a000 task=f7060000
    > task.ti=f705a000) [ 10.312000] Stack:
    > [ 10.312000] f705bc8c c04bf996 c0f13ae0 f705bc98 c0b296e2 c0f13b00
    > f5a97040 c04d1cbb [ 10.312000] 00000001 00000000 ffffffef f705bcd4
    > c04d2194 c04d61fd f620caf0 f6057e60 [ 10.312000] f6069a10 f6057e60
    > 00000001 00000000 f6069a10 f705bdbc c04d6439 f5a97040 [ 10.312000] Call
    > Trace:
    > [ 10.312000] [] ? _raw_spin_unlock+0x46/0x80
    > [ 10.312000] [] ? _spin_unlock+0x22/0x30
    > [ 10.312000] [] ? get_slot_from_name+0x5b/0x70
    > [ 10.312000] [] ? pci_hp_register+0x74/0x330
    > [ 10.312000] [] ? cpqhpc_probe+0x112d/0x1b90
    > [ 10.312000] [] ? cpqhpc_probe+0x1369/0x1b90
    > [ 10.312000] [] ? pci_match_id+0x9/0x90
    > [ 10.312000] [] ? pci_device_probe+0x5e/0x80
    > [ 10.312000] [] ? driver_probe_device+0xe0/0x1f0
    > [ 10.312000] [] ? __driver_attach+0x7a/0x80
    > [ 10.312000] [] ? bus_for_each_dev+0x49/0x70
    > [ 10.312000] [] ? driver_attach+0x1e/0x20
    > [ 10.312000] [] ? __driver_attach+0x0/0x80
    > [ 10.312000] [] ? bus_add_driver+0x1c3/0x240
    > [ 10.312000] [] ? pci_device_remove+0x0/0x40
    > [ 10.312000] [] ? driver_register+0x54/0x130
    > [ 10.312000] [] ? __spin_lock_init+0x32/0x60
    > [ 10.312000] [] ? cpqhpc_init+0x0/0x70
    > [ 10.312000] [] ? __pci_register_driver+0x63/0xa0
    > [ 10.312000] [] ? cpqhpc_init+0x0/0x70
    > [ 10.312000] [] ? cpqhpc_init+0x3b/0x70
    > [ 10.312000] [] ? cpqhpc_init+0x0/0x70
    > [ 10.312000] [] ? _stext+0x32/0x170
    > [ 10.312000] [] ? cpqhpc_init+0x0/0x70
    > [ 10.312000] [] ? native_sched_clock+0xd5/0x110
    > [ 10.312000] [] ? lock_release_holdtime+0x7c/0xb0
    > [ 10.312000] [] ? _raw_spin_unlock+0x46/0x80
    > [ 10.312000] [] ? _spin_unlock+0x22/0x30
    > [ 10.312000] [] ? proc_register+0x107/0x1c0
    > [ 10.312000] [] ? __proc_create+0xe9/0x100
    > [ 10.312000] [] ? register_irq_proc+0x14/0xd0
    > [ 10.312000] [] ? kernel_init+0x10d/0x170
    > [ 10.312000] [] ? kernel_init+0x0/0x170
    > [ 10.312000] [] ? kernel_thread_helper+0x7/0x10
    > [ 10.312000] Code: 5b 5d c3 55 89 e5 57 56 53 83 ec 20 e8 56 65 c3 ff 89
    > d6 89 c7 b8 40 39 f1 c0 89 4d ec e8 91 9f 65 00 83 fe ff 0f 84 7e 00 00 00
    > <8b> 5f 20 83 eb 04 8b 53 04 0f 18 02 90 8d 4f 20 8d 43 04 39 c8 [
    > 10.312000] EIP: [] pci_create_slot+0x28/0x170 SS:ESP
    >


    The root cause of this problem seems that cpqphp driver calls
    pci_hp_register() wrongly. In current implementation, cpqphp driver
    passes 'ctrl->pci_dev->subordinate' as a second parameter for
    pci_hp_register(). But because hotplug slots and it's hotplug
    controller (exists as a pci funcion) are on the same bus, it should be
    'ctrl->pci_dev->bus' instead.

    Cc:
    Tested-by: Ingo Molnar
    Signed-off-by: Kenji Kaneshige

    ---
    drivers/pci/hotplug/cpqphp_core.c | 2 +-
    1 file changed, 1 insertion(+), 1 deletion(-)

    Index: linux-2.6-tip/drivers/pci/hotplug/cpqphp_core.c
    ================================================== =================
    --- linux-2.6-tip.orig/drivers/pci/hotplug/cpqphp_core.c
    +++ linux-2.6-tip/drivers/pci/hotplug/cpqphp_core.c
    @@ -435,7 +435,7 @@ static int ctrl_slot_setup(struct contro
    slot->number, ctrl->slot_device_offset,
    slot_number);
    result = pci_hp_register(hotplug_slot,
    - ctrl->pci_dev->subordinate,
    + ctrl->pci_dev->bus,
    slot->device);
    if (result) {
    err("pci_hp_register failed with error %d\n", result);

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: [BUG][PATCH] cpqphp: fix kernel NULL pointer dereference

    * Kenji Kaneshige :
    >
    > The root cause of this problem seems that cpqphp driver calls
    > pci_hp_register() wrongly. In current implementation, cpqphp driver
    > passes 'ctrl->pci_dev->subordinate' as a second parameter for
    > pci_hp_register(). But because hotplug slots and it's hotplug
    > controller (exists as a pci funcion) are on the same bus, it should be
    > 'ctrl->pci_dev->bus' instead.
    >
    > Cc:


    Acked-by: Alex Chiang

    > Tested-by: Ingo Molnar
    > Signed-off-by: Kenji Kaneshige
    >
    > ---
    > drivers/pci/hotplug/cpqphp_core.c | 2 +-
    > 1 file changed, 1 insertion(+), 1 deletion(-)
    >
    > Index: linux-2.6-tip/drivers/pci/hotplug/cpqphp_core.c
    > ================================================== =================
    > --- linux-2.6-tip.orig/drivers/pci/hotplug/cpqphp_core.c
    > +++ linux-2.6-tip/drivers/pci/hotplug/cpqphp_core.c
    > @@ -435,7 +435,7 @@ static int ctrl_slot_setup(struct contro
    > slot->number, ctrl->slot_device_offset,
    > slot_number);
    > result = pci_hp_register(hotplug_slot,
    > - ctrl->pci_dev->subordinate,
    > + ctrl->pci_dev->bus,
    > slot->device);
    > if (result) {
    > err("pci_hp_register failed with error %d\n", result);
    >

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: [stable] [BUG][PATCH] cpqphp: fix kernel NULL pointer dereference

    On Thu, Oct 16, 2008 at 06:33:34PM -0600, Alex Chiang wrote:
    > * Kenji Kaneshige :
    > >
    > > The root cause of this problem seems that cpqphp driver calls
    > > pci_hp_register() wrongly. In current implementation, cpqphp driver
    > > passes 'ctrl->pci_dev->subordinate' as a second parameter for
    > > pci_hp_register(). But because hotplug slots and it's hotplug
    > > controller (exists as a pci funcion) are on the same bus, it should be
    > > 'ctrl->pci_dev->bus' instead.
    > >
    > > Cc:

    >
    > Acked-by: Alex Chiang


    This patch doesn't seem to have made it upstream.

    Jesse, is it queued up in any of your trees?

    thanks,

    greg k-h

    >
    > > Tested-by: Ingo Molnar
    > > Signed-off-by: Kenji Kaneshige
    > >
    > > ---
    > > drivers/pci/hotplug/cpqphp_core.c | 2 +-
    > > 1 file changed, 1 insertion(+), 1 deletion(-)
    > >
    > > Index: linux-2.6-tip/drivers/pci/hotplug/cpqphp_core.c
    > > ================================================== =================
    > > --- linux-2.6-tip.orig/drivers/pci/hotplug/cpqphp_core.c
    > > +++ linux-2.6-tip/drivers/pci/hotplug/cpqphp_core.c
    > > @@ -435,7 +435,7 @@ static int ctrl_slot_setup(struct contro
    > > slot->number, ctrl->slot_device_offset,
    > > slot_number);
    > > result = pci_hp_register(hotplug_slot,
    > > - ctrl->pci_dev->subordinate,
    > > + ctrl->pci_dev->bus,
    > > slot->device);
    > > if (result) {
    > > err("pci_hp_register failed with error %d\n", result);
    > >

    >
    > _______________________________________________
    > stable mailing list
    > stable@linux.kernel.org
    > http://linux.kernel.org/mailman/listinfo/stable

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  4. Re: [stable] [BUG][PATCH] cpqphp: fix kernel NULL pointer dereference

    On Thursday, October 23, 2008 1:37 pm Greg KH wrote:
    > On Thu, Oct 16, 2008 at 06:33:34PM -0600, Alex Chiang wrote:
    > > * Kenji Kaneshige :
    > > > The root cause of this problem seems that cpqphp driver calls
    > > > pci_hp_register() wrongly. In current implementation, cpqphp driver
    > > > passes 'ctrl->pci_dev->subordinate' as a second parameter for
    > > > pci_hp_register(). But because hotplug slots and it's hotplug
    > > > controller (exists as a pci funcion) are on the same bus, it should be
    > > > 'ctrl->pci_dev->bus' instead.
    > > >
    > > > Cc:

    > >
    > > Acked-by: Alex Chiang

    >
    > This patch doesn't seem to have made it upstream.
    >
    > Jesse, is it queued up in any of your trees?


    No I missed it initially. I've got it queued up now though.

    Jesse
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  5. Re: [BUG][PATCH] cpqphp: fix kernel NULL pointer dereference

    On Thursday, October 16, 2008 5:23 pm Kenji Kaneshige wrote:
    > Hi,
    >
    > The following patch fixes the regression in 2.6.27 that causes
    > kernel NULL pointer dereference at cpqphp driver probe time.
    > This patch should be backported to the .27 stable series.


    Applied, thanks.

    Jesse
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread