Re: [3.15-rc3] BUG: null ptr dereference in ichx_gpio_request_regions()

[Josh Boyer]

On Fri, May 9, 2014 at 7:30 AM, Peter Hurley <peter@xxxxxxxxxxxxxxxxxx> wrote:
> On 05/09/2014 03:20 AM, Lee Jones wrote:
>>
>> On Thu, 08 May 2014, Linus Walleij wrote:
>>
>>> On Wed, May 7, 2014 at 4:33 PM, Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
>>> wrote:
>>>>
>>>> Hi Vincent,
>>>>
>>>> On 05/07/2014 10:05 AM, Vincent Donnefort wrote:
>>>>>
>>>>>
>>>>> Hello Peter,
>>>>
>>>>
>>>>
>>>>>> This is almost certainly caused by the uninitialized regs ptr
>>>>>> in the ich6_desc struct (i3100_desc struct has the same problem)
>>>>>> introduced in this commit:
>>>>>>
>>>>>> commit bb62a35bd5d96e506af0ea8dd145480b9172a2a6
>>>>>> Author: Vincent Donnefort <vdonnefort@xxxxxxxxx>
>>>>>> Date:   Fri Feb 14 15:01:56 2014 +0100
>>>>>>
>>>>>>       gpio: ich: Add support for multiple register addresses
>>>>>>
>>>>>>       This patch introduces regs and reglen pointers which allow a
>>>>>> chipset
>>>>>> to have
>>>>>>       register addresses differing from ICH ones.
>>>>>>
>>>>>>       Acked-by: Linus Walleij <linus.walleij@xxxxxxxxxx>
>>>>>>       Signed-off-by: Vincent Donnefort <vdonnefort@xxxxxxxxx>
>>>>>>       Signed-off-by: Lee Jones <lee.jones@xxxxxxxxxx>
>>>>>>
>>>>>
>>>>> Yes indeed, this must be linked to this thread
>>>>> https://lkml.org/lkml/2014/4/15/292
>>>>
>>>>
>>>>
>>>> Thanks for the link.
>>>>
>>>> I searched through LKML but without the driver name or the offending
>>>> function
>>>> in the commit message I couldn't find it.
>>>>
>>>> Linus,
>>>>
>>>> What tree is this bug fix trapped in? I see it didn't make -rc4 either.
>>>
>>>
>>> Since the last signoff is Lee I guess it's in the MFD tree?
>>
>>
>> This patch is in Mainline.
>>
>> Search for $SUBJECT.
>
>
> Hmmm. Search for '[PATCH] gpio: ich: set regs and reglen for i3100 and ich6
> chipset'
> (which is the bug fix for the buggy commit) turns up nothing in mainline.

It's not in mainline (as you've found).

> This bug was reported on April 14 in -rc1 by Eric Paris here
> http://lkml.iu.edu/hypermail/linux/kernel/1404.1/03833.html
> and _fixed_ a day later on April 15 by Vincent Donnefort here
> https://lkml.org/lkml/2014/4/15/292
> It was signed off by Linus Walleij on the same day here
> https://lkml.org/lkml/2014/4/22/1128

To add to this, Fedora picked up the patch shortly after that as an
add-on patch to 3.15-rcX.  We are still carrying that separate patch
on top of 3.15-rc4.

> Since this bug fix never made it to mainline, I re-discovered
> the bug in -rc3 and reported it here
> http://lists-archives.com/linux-kernel/28051348-bug-null-ptr-dereference-in-ichx_gpio_request_regions.html
> (presumably, you received a copy of that email).
> Vincent replied with the link to the previous bug fix.

Right, still missing in -rc4.

> Since that time, I have been trying to find in which tree that
> bug fix is stuck, but I just keep getting replies which show
> an uncareful reading of this thread.

Yep.

Someone please get this into the mainline tree.

josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/