| Message ID | 20220123225717.1069538-1-ztong0001@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v1] scsi: myrs: fix crash on error case | expand |
On 1/23/22 23:57, Tong Zhang wrote: > In myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fail > with non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and > crash kernel. > > [ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A > [ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller > [ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000 > [ 1.110774] Call Trace: > [ 1.110950] myrs_cleanup+0xe4/0x150 [myrs] > [ 1.111135] myrs_probe.cold+0x91/0x56a [myrs] > [ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs] > [ 1.111500] local_pci_probe+0x48/0x90 > > Signed-off-by: Tong Zhang <ztong0001@gmail.com> > --- > drivers/scsi/myrs.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/scsi/myrs.c b/drivers/scsi/myrs.c > index 253ceca54a84..7eb8c39da366 100644 > --- a/drivers/scsi/myrs.c > +++ b/drivers/scsi/myrs.c > @@ -2267,7 +2267,8 @@ static void myrs_cleanup(struct myrs_hba *cs) > myrs_unmap(cs); > > if (cs->mmio_base) { > - cs->disable_intr(cs); > + if (cs->disable_intr) > + cs->disable_intr(cs); > iounmap(cs->mmio_base); > cs->mmio_base = NULL; > } Reviewed-by: Hannes Reinecke <hare@suse.de> Cheers, Hannes
On Sun, 23 Jan 2022 14:57:17 -0800, Tong Zhang wrote: > In myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fail > with non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and > crash kernel. > > [ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A > [ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller > [ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000 > [ 1.110774] Call Trace: > [ 1.110950] myrs_cleanup+0xe4/0x150 [myrs] > [ 1.111135] myrs_probe.cold+0x91/0x56a [myrs] > [ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs] > [ 1.111500] local_pci_probe+0x48/0x90 > > [...] Applied to 5.17/scsi-fixes, thanks! [1/1] scsi: myrs: fix crash on error case https://git.kernel.org/mkp/scsi/c/4db09593af0b
diff --git a/drivers/scsi/myrs.c b/drivers/scsi/myrs.c index 253ceca54a84..7eb8c39da366 100644 --- a/drivers/scsi/myrs.c +++ b/drivers/scsi/myrs.c @@ -2267,7 +2267,8 @@ static void myrs_cleanup(struct myrs_hba *cs) myrs_unmap(cs); if (cs->mmio_base) { - cs->disable_intr(cs); + if (cs->disable_intr) + cs->disable_intr(cs); iounmap(cs->mmio_base); cs->mmio_base = NULL; }
In myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fail with non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and crash kernel. [ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A [ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller [ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 1.110774] Call Trace: [ 1.110950] myrs_cleanup+0xe4/0x150 [myrs] [ 1.111135] myrs_probe.cold+0x91/0x56a [myrs] [ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs] [ 1.111500] local_pci_probe+0x48/0x90 Signed-off-by: Tong Zhang <ztong0001@gmail.com> --- drivers/scsi/myrs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)