Re: [PATCH] driver core: platform: don't oops on unbound devices
From: Uwe Kleine-König
Date: Sat Dec 12 2020 - 10:43:59 EST
Hello,
On Sat, Dec 12, 2020 at 12:41:32PM +0100, Greg Kroah-Hartman wrote:
> On Sat, Dec 12, 2020 at 04:14:26AM +0300, Dmitry Baryshkov wrote:
> > Platform code stopped checking if the device is bound to the actual
> > platform driver, thus calling non-existing drv->shutdown(). Verify that
> > _dev->driver is not NULL before calling remove/shutdown callbacks.
> >
> > Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx>
> > Fixes: 9c30921fe799 ("driver core: platform: use bus_type functions")
> > ---
> > drivers/base/platform.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/base/platform.c b/drivers/base/platform.c
> > index 0358dc3ea3ad..93f44e69b472 100644
> > --- a/drivers/base/platform.c
> > +++ b/drivers/base/platform.c
> > @@ -1342,7 +1342,7 @@ static int platform_remove(struct device *_dev)
> > struct platform_device *dev = to_platform_device(_dev);
> > int ret = 0;
> >
> > - if (drv->remove)
> > + if (_dev->driver && drv->remove)
> > ret = drv->remove(dev);
> > dev_pm_domain_detach(_dev, true);
>
> I don't object to this, but it always feels odd to be doing pointer math
> on a NULL value, wait until the static-checkers get ahold of this and
> you get crazy emails saying you are crashing the kernel (hint, they are
> broken).
I think you refer to the line
struct platform_driver *drv = to_platform_driver(_dev->driver);
which when _dev->driver is NULL results in drv being something really
big?!
Accoding to my understanding platform_remove() shouldn't be called if
the device isn't bound to a driver.
> But, I don't see why this check is needed? If a driver is not bound to
> a device, shouldn't this whole function just not be called? Or error
> out at the top?
>
> Uwe, I'd really like your review/ack of this before taking it.
So I agree and have the same question. So I wonder: @Dmitry, did you see
a crash? When did it happen?
For one of the bus types I changed recently
(arch/powerpc/platforms/ps3/system-bus.c) the bus's shutdown function
does:
if (drv->shutdown)
drv->shutdown(dev);
else if (drv->remove) {
dev_dbg(&dev->core, ...
drv->remove(dev);
} ...
but for the platform bus I'm not aware that remove is used in absence of
a shutdown callback.
Relevant callers of bus->remove are all in drivers/base/dd.c, and for
all of them dev->driver should be set.
I look forward to an explaination about why this patch was created.
Best regards
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | https://www.pengutronix.de/ |
Attachment:
signature.asc
Description: PGP signature