regmap: regmap-debugfs.c crash if max_register is not set

From: Andreas Werner
Date: Sun May 31 2015 - 13:22:05 EST


Hi,
i am currently working on a driver using regmap.

The test system i my Mac Book Air using the i2c-stub driver for the first tests.
The Kernel is the Arch Linux Kernel 4.0.2-1-ARCH.

First thing after setting up all the ranges was to check the debugfs.
After i did a cat on the ranges debugfs entry i got a oops.

[15776.817084] ------------[ cut here ]------------
[15776.817097] WARNING: CPU: 1 PID: 7165 at drivers/base/regmap/regmap-debugfs.c:151 regmap_debugfs_get_dump_start.part.0+0x1f7/0x260()
[15776.817099] Modules linked in: menaf07bmc(O) i2c_stub(O) regmap_i2c rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 dns_resolver i2c_dev rfcomm
fuse bnep videodev media joydev msr ax88179_178a usbnet mii mousedev hid_apple hid_generic uas snd_hda_codec_hdmi btusb bluetooth usbhid hid bcm5974
nls_iso8859_1 nls_cp437 vfat fat wl(PO) iTCO_wdt iTCO_vendor_support evdev mac_hid coretemp intel_rapl iosf_mbi x86_pkg_temp_thermal
intel_powerclamp kvm_intel kvm snd_hda_codec_cirrus snd_hda_codec_generic crct10dif_pclmul i915 crc32_pclmul crc32c_intel ghash_clmulni_intel
applesmc led_class input_polldev hwmon snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep aesni_intel cfg80211 snd_pcm drm_kms_helper
aes_x86_64 lrw snd_timer gf128mul glue_helper snd ablk_helper cryptd drm pcspkr thunderbolt i2c_i801
[15776.817160] dw_dmac_pci sbs lpc_ich bdc_pci battery rfkill dw_dmac_core intel_gtt i2c_algo_bit sbshc i2c_core soundcore spi_pxa2xx_platform
apple_bl video ac mei_me button mei shpchp processor sch_fq_codel nfs lockd grace sunrpc fscache ext4 crc16 mbcache jbd2 usb_storage sd_mod ahci
libahci libata scsi_mod xhci_pci xhci_hcd usbcore usb_common [last unloaded: i2c_stub]
[15776.817193] CPU: 1 PID: 7165 Comm: cat Tainted: P W O 4.0.2-1-ARCH #1
[15776.817196] Hardware name: Apple Inc. MacBookAir6,1/Mac-35C1E88140C3E6CF, BIOS MBA61.88Z.0099.B09.1402071141 02/07/2014
[15776.817198] 0000000000000000 000000007c1475e9 ffff880137fcbda8 ffffffff81571be3
[15776.817202] 0000000000000000 0000000000000000 ffff880137fcbde8 ffffffff81074dda
[15776.817205] ffffffffff10200f ffff88008999c118 ffff88008999c000 ffff88008999c118
[15776.817208] Call Trace:
[15776.817218] [<ffffffff81571be3>] dump_stack+0x4c/0x6e
[15776.817226] [<ffffffff81074dda>] warn_slowpath_common+0x8a/0xc0
[15776.817230] [<ffffffff81074f0a>] warn_slowpath_null+0x1a/0x20
[15776.817234] [<ffffffff81404c37>] regmap_debugfs_get_dump_start.part.0+0x1f7/0x260
[15776.817238] [<ffffffff81405072>] regmap_reg_ranges_read_file+0xb2/0x280
[15776.817245] [<ffffffff811d8d48>] __vfs_read+0x18/0x50
[15776.817248] [<ffffffff811d8e07>] vfs_read+0x87/0x140
[15776.817252] [<ffffffff811d8f19>] SyS_read+0x59/0xd0
[15776.817258] [<ffffffff81577509>] system_call_fastpath+0x12/0x17
[15776.817260] ---[ end trace bd5c1e41e89c5481 ]---


My regmap config is as following:
static const struct regmap_config menaf07_config = {
.reg_bits = 8,
.val_bits = 8,
.wr_table = &menaf07bmc_writeable_table,
.rd_table = &menaf07bmc_readable_table,
}

I checked the code in regmap-debugfs.c and found that the
regmap_debugfs_get_dump_start function use the max_register to itterate over
the ranges.

I set the max_register in the config to a valid value and everything worked find.

In the documention of the regmap_config struct the max_register setting is defined as "optional".
Should it be defined as mandatory do prevent such an oops? May be we can also adapt the regmap_init
to check max_register for a valid value.

Regards
Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/