Re: [PATCH v4] tty: serial: jsm: allocate queue buffer at probe time

From: Jiri Slaby
Date: Wed Jul 07 2021 - 03:49:43 EST

Next message: Lukasz Luba: "Re: [PATCH 1/3] sched/fair: Prepare variables for increased precision of EAS estimated energy"
Previous message: Paul Menzel: "Re: [smartpqi updates PATCH 8/9] smartpqi: fix isr accessing null structure member"
In reply to: Zheyu Ma: "[PATCH v4] tty: serial: jsm: allocate queue buffer at probe time"
Next in thread: Zheyu Ma: "Re: [PATCH v4] tty: serial: jsm: allocate queue buffer at probe time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05. 07. 21, 14:53, Zheyu Ma wrote:

In function 'neo_intr', the driver uses 'ch->ch_equeue' and
'ch->ch_reuque'. These two pointers are initialized in 'jsm_tty_open',
but the interrupt handler 'neo_intr' has been registered in the probe
progress. If 'jsm_tty_open' has not been called at this time, it will
cause null pointer dereference.

Once the driver registers the interrupt handler, the driver should be
ready to handle it.

Fix this by allocating the memory at probe time and not at open time.

You are allocating the buffer in jsm_tty_init now. But that is still called after request_irq() in probe. So care to explain how this helps exactly? As I understand it, you only made the window much smaller.

Anyway, I'm no expert on jsm, but AFAICS jsm_tty_open first allocates the buffers, brd->bd_ops->uart_init() / neo_uart_init() clears ier and only brd->bd_ops->param() / neo_param() enables interrupts on the device (by ier update and write). So how it comes an interrupt came before neo_param() in jsm_tty_open was called?

This log reveals it:

[ 12.771912] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 12.774932] #PF: supervisor write access in kernel mode
[ 12.775314] #PF: error_code(0x0002) - not-present page
[ 12.775689] PGD 0 P4D 0
[ 12.775881] Oops: 0002 [#1] PREEMPT SMP PTI
[ 12.776212] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 5.12.4-g70e7f0549188-dirty #106
[ 12.776803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[ 12.777627] RIP: 0010:memcpy_fromio+0x75/0xa0
[ 12.777983] Code: e9 02 f3 a5 41 f6 c5 02 74 02 66 a5 41 f6 c5 01 74 01 a4 e8 5d 4e 6b ff 5b 41 5c 41 5d 5d c3 e8 51 4e 6b ff 4c 89 e7 48 89 de <a4> 49 89 fc 48 89 f3 49 83 ed 01 eb a4 e8 39 4e 6b ff 4c 89 e7 48
[ 12.779377] RSP: 0018:ffffc90000118db0 EFLAGS: 00010046
[ 12.779771] RAX: ffff888100258000 RBX: ffffc90007d0010f RCX: 0000000000000000
[ 12.780298] RDX: 0000000000000000 RSI: ffffc90007d0010f RDI: 0000000000000000
[ 12.780820] RBP: ffffc90000118dc8 R08: 0000000000000000 R09: 0000000000000000
[ 12.781359] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[ 12.781928] R13: 0000000000000001 R14: 0000000007d0009e R15: 0000000000000000
[ 12.782453] FS: 0000000000000000(0000) GS:ffff88817bc80000(0000) knlGS:0000000000000000
[ 12.783067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 12.783499] CR2: 0000000000000000 CR3: 0000000005e2e000 CR4: 00000000000006e0
[ 12.784051] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 12.784579] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 12.785105] Call Trace:
[ 12.785295] <IRQ>
[ 12.785457] neo_copy_data_from_uart_to_queue+0x2f7/0x4e0
[ 12.785871] neo_parse_isr.part.4+0x175/0x4d0
[ 12.786217] neo_intr+0x188/0x7a0

thanks,
--
--
js
suse labs

Next message: Lukasz Luba: "Re: [PATCH 1/3] sched/fair: Prepare variables for increased precision of EAS estimated energy"
Previous message: Paul Menzel: "Re: [smartpqi updates PATCH 8/9] smartpqi: fix isr accessing null structure member"
In reply to: Zheyu Ma: "[PATCH v4] tty: serial: jsm: allocate queue buffer at probe time"
Next in thread: Zheyu Ma: "Re: [PATCH v4] tty: serial: jsm: allocate queue buffer at probe time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]