linux

mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00

History

Krzysztof Sobota cb36e29bb0 watchdog: initialize device before misc_register When watchdog device is being registered, it calls misc_register that makes watchdog available for systemd to open. This is a data race scenario, because when device is open it may still have device struct not initialized - this in turn causes a crash. This patch moves device initialization before misc_register call and it solves the problem printed below. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 1 at lib/kobject.c:612 kobject_get+0x50/0x54 kobject: '(null)' ((ptrval)): is not initialized, yet kobject_get() is being called. Modules linked in: k2_reset_status(O) davinci_wdt(+) sfn_platform_hwbcn(O) fsmddg_sfn(O) clk_misc_mmap(O) clk_sw_bcn(O) fsp_reset(O) cma_mod(O) slave_sup_notif(O) fpga_master(O) latency(O+) evnotify(O) enable_arm_pmu(O) xge(O) rio_mport_cdev br_netfilter bridge stp llc nvrd_checksum(O) ipv6 CPU: 3 PID: 1 Comm: systemd Tainted: G O 4.19.113-g2579778-fsm4_k2 #1 Hardware name: Keystone [<c02126c4>] (unwind_backtrace) from [<c020da94>] (show_stack+0x18/0x1c) [<c020da94>] (show_stack) from [<c07f87d8>] (dump_stack+0xb4/0xe8) [<c07f87d8>] (dump_stack) from [<c0221f70>] (__warn+0xfc/0x114) [<c0221f70>] (__warn) from [<c0221fd8>] (warn_slowpath_fmt+0x50/0x74) [<c0221fd8>] (warn_slowpath_fmt) from [<c07fd394>] (kobject_get+0x50/0x54) [<c07fd394>] (kobject_get) from [<c0602ce8>] (get_device+0x1c/0x24) [<c0602ce8>] (get_device) from [<c06961e0>] (watchdog_open+0x90/0xf0) [<c06961e0>] (watchdog_open) from [<c06001dc>] (misc_open+0x130/0x17c) [<c06001dc>] (misc_open) from [<c0388228>] (chrdev_open+0xec/0x1a8) [<c0388228>] (chrdev_open) from [<c037fa98>] (do_dentry_open+0x204/0x3cc) [<c037fa98>] (do_dentry_open) from [<c0391e2c>] (path_openat+0x330/0x1148) [<c0391e2c>] (path_openat) from [<c0394518>] (do_filp_open+0x78/0xec) [<c0394518>] (do_filp_open) from [<c0381100>] (do_sys_open+0x130/0x1f4) [<c0381100>] (do_sys_open) from [<c0201000>] (ret_fast_syscall+0x0/0x28) Exception stack(0xd2ceffa8 to 0xd2cefff0) ffa0: b6f69968 00000000 ffffff9c b6ebd210 000a0001 00000000 ffc0: b6f69968 00000000 00000000 00000142 fffffffd ffffffff 00b65530 bed7bb78 ffe0: 00000142 bed7ba70 b6cc2503 b6cc41d6 ---[ end trace 7b16eb105513974f ]--- ------------[ cut here ]------------ WARNING: CPU: 3 PID: 1 at lib/refcount.c:153 kobject_get+0x24/0x54 refcount_t: increment on 0; use-after-free. Modules linked in: k2_reset_status(O) davinci_wdt(+) sfn_platform_hwbcn(O) fsmddg_sfn(O) clk_misc_mmap(O) clk_sw_bcn(O) fsp_reset(O) cma_mod(O) slave_sup_notif(O) fpga_master(O) latency(O+) evnotify(O) enable_arm_pmu(O) xge(O) rio_mport_cdev br_netfilter bridge stp llc nvrd_checksum(O) ipv6 CPU: 3 PID: 1 Comm: systemd Tainted: G W O 4.19.113-g2579778-fsm4_k2 #1 Hardware name: Keystone [<c02126c4>] (unwind_backtrace) from [<c020da94>] (show_stack+0x18/0x1c) [<c020da94>] (show_stack) from [<c07f87d8>] (dump_stack+0xb4/0xe8) [<c07f87d8>] (dump_stack) from [<c0221f70>] (__warn+0xfc/0x114) [<c0221f70>] (__warn) from [<c0221fd8>] (warn_slowpath_fmt+0x50/0x74) [<c0221fd8>] (warn_slowpath_fmt) from [<c07fd368>] (kobject_get+0x24/0x54) [<c07fd368>] (kobject_get) from [<c0602ce8>] (get_device+0x1c/0x24) [<c0602ce8>] (get_device) from [<c06961e0>] (watchdog_open+0x90/0xf0) [<c06961e0>] (watchdog_open) from [<c06001dc>] (misc_open+0x130/0x17c) [<c06001dc>] (misc_open) from [<c0388228>] (chrdev_open+0xec/0x1a8) [<c0388228>] (chrdev_open) from [<c037fa98>] (do_dentry_open+0x204/0x3cc) [<c037fa98>] (do_dentry_open) from [<c0391e2c>] (path_openat+0x330/0x1148) [<c0391e2c>] (path_openat) from [<c0394518>] (do_filp_open+0x78/0xec) [<c0394518>] (do_filp_open) from [<c0381100>] (do_sys_open+0x130/0x1f4) [<c0381100>] (do_sys_open) from [<c0201000>] (ret_fast_syscall+0x0/0x28) Exception stack(0xd2ceffa8 to 0xd2cefff0) ffa0: b6f69968 00000000 ffffff9c b6ebd210 000a0001 00000000 ffc0: b6f69968 00000000 00000000 00000142 fffffffd ffffffff 00b65530 bed7bb78 ffe0: 00000142 bed7ba70 b6cc2503 b6cc41d6 ---[ end trace 7b16eb1055139750 ]--- Fixes: `72139dfa24` ("watchdog: Fix the race between the release of watchdog_core_data and cdev") Reviewed-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> Signed-off-by: Krzysztof Sobota <krzysztof.sobota@nokia.com> Link: https://lore.kernel.org/r/20200717103109.14660-1-krzysztof.sobota@nokia.com Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>		2020-08-05 18:43:00 +02:00
..
accessibility	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
acpi	Merge branch 'acpi-fan'	2020-07-03 16:15:31 +02:00
amba	ARM: tegra: Replace zero-length array with flexible-array	2020-06-15 23:08:28 -05:00
android	binder: Don't use mmput() from shrinker function.	2020-07-23 09:47:12 +02:00
ata	libata-5.8-2020-06-19	2020-06-19 13:09:40 -07:00
atm	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
auxdisplay	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
base	device property: Avoid NULL pointer dereference in device_get_next_child_node()	2020-07-23 17:04:28 +02:00
bcma
block	Char/Misc fixes for 5.8-rc6	2020-07-16 11:26:40 -07:00
bluetooth	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-06-03 16:27:18 -07:00
bus	Fix a suspend/resume regression (crash) on TI AM3/AM4 SoC's.	2020-07-25 13:27:12 -07:00
cdrom	Merge branch 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2020-06-10 16:05:54 -07:00
char	/dev/mem: Add missing memory barriers for devmem_inode	2020-07-23 09:47:13 +02:00
clk	A couple build fixes for issues exposed this merge window and a fix for	2020-07-15 19:00:12 -07:00
clocksource	Fix a suspend/resume regression (crash) on TI AM3/AM4 SoC's.	2020-07-25 13:27:12 -07:00
connector	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
counter	counter: 104-quad-8: Add lock guards - filter clock prescaler	2020-06-14 14:46:52 +01:00
cpufreq	cpufreq: intel_pstate: Fix active mode setting from command line	2020-07-13 17:55:57 +02:00
cpuidle	cpuidle: Rearrange s2idle-specific idle state entry code	2020-06-25 13:52:53 +02:00
crypto	crypto/chtls: correct net_device reference count	2020-07-20 18:28:04 -07:00
dax	device-dax: add memory via add_memory_driver_managed()	2020-06-04 19:06:23 -07:00
dca
devfreq
dio	maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault	2020-06-17 10:57:41 -07:00
dma	dmaengine fixes for v5.5-rc6	2020-07-15 15:58:11 -07:00
dma-buf	dmabuf: use spinlock to access dmabuf->name	2020-07-10 15:39:29 +05:30
edac	EDAC/amd64: Read back the scrub rate PCI register on F15h	2020-06-18 20:25:25 +02:00
eisa	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
extcon
firewire	firewire: ohci: Replace zero-length array with flexible-array	2020-06-15 23:08:31 -05:00
firmware	Various EFI fixes:	2020-07-25 13:18:42 -07:00
fpga	fpga: dfl: fix bug in port reset handshake	2020-07-13 22:11:17 -07:00
fsi	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
gnss	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
gpio	gpio fixes for v5.8-rc3	2020-06-26 23:53:25 +02:00
gpu	Merge tag 'amd-drm-fixes-5.8-2020-07-22' of git://people.freedesktop.org/~agd5f/linux into drm-fixes	2020-07-23 14:06:16 +10:00
greybus	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
hid	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid into master	2020-07-17 09:43:13 -07:00
hsi	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
hv	Drivers: hv: Change flag to write log level in panic msg to false	2020-06-29 10:30:35 +00:00
hwmon	hwmon: (drivetemp) Avoid SCT usage on Toshiba DT01ACA family drives	2020-07-18 08:11:44 -07:00
hwspinlock
hwtracing	intel_th: Fix a NULL dereference when hub driver is not loaded	2020-07-10 15:12:48 +02:00
i2c	i2c: i2c-qcom-geni: Fix DMA transfer race	2020-07-23 22:26:44 +02:00
i3c
ide	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
idle
iio	First set of IIO and counter fixes in the 5.8 cycle.	2020-07-08 09:20:50 +02:00
infiniband	RDMA/mlx5: Prevent prefetch from racing with implicit destruction	2020-07-21 13:51:35 -03:00
input	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input	2020-07-13 18:31:15 -07:00
interconnect	interconnect: msm8916: Fix buswidth of pcnoc_s nodes	2020-07-23 10:45:24 +02:00
iommu	iommu/qcom: Use domain rather than dev as tlb cookie	2020-07-22 17:29:28 +02:00
ipack	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
irqchip	Bugfixes and a one-liner patch to silence sparse.	2020-07-06 12:48:04 -07:00
isdn	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
leds	LEDs pull request for 5.8-rc1.	2020-06-04 11:03:45 -07:00
lightnvm	for-5.8/block-2020-06-01	2020-06-02 15:29:19 -07:00
macintosh	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
mailbox	mailbox: qcom: Add ipq6018 apcs compatible	2020-06-10 22:43:57 -05:00
mcb
md	dm integrity: fix integrity recalculation that is improperly skipped	2020-07-23 14:39:37 -04:00
media	media: omap3isp: remove cacheflush.h	2020-06-26 00:27:37 -07:00
memory
memstick
message	scsi: mptfusion: Don't use GFP_ATOMIC for larger DMA allocations	2020-06-26 22:51:53 -04:00
mfd	irqdomain/treewide: Keep firmware node unconditionally allocated	2020-07-14 17:44:42 +02:00
misc	habanalabs: prevent possible out-of-bounds array access	2020-07-19 08:15:36 +03:00
mmc	mmc: sdhci-of-aspeed: Fix clock divider calculation	2020-07-13 12:17:34 +02:00
most
mtd	mtd: rawnand: xway: Fix build issue	2020-07-07 21:04:38 +02:00
mux
net	drivers/net/wan: lapb: Corrected the usage of skb_cow	2020-07-24 20:17:42 -07:00
nfc	nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame	2020-07-20 18:31:33 -07:00
ntb	NTB: perf: Fix race condition when run with ntb_test	2020-06-05 20:02:09 -04:00
nubus
nvdimm	libnvdimm/security: Fix key lookup permissions	2020-07-08 17:08:01 -07:00
nvme	nvme: explicitly update mpath disk capacity on revalidation	2020-07-16 16:40:27 +02:00
nvmem
of	of: of_mdio: Correct loop scanning logic	2020-06-19 13:39:00 -07:00
opp	opp: Increase parsed_static_opps in _of_add_opp_table_v1()	2020-07-16 08:50:54 +05:30
oprofile	oprofile: Replace zero-length array with flexible-array	2020-06-15 23:08:32 -05:00
parisc
parport	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
pci	pci-v5.8-fixes-2	2020-07-24 18:30:24 -07:00
pcmcia	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
perf	drivers/perf: Prevent forced unbinding of PMU drivers	2020-07-17 10:51:44 +01:00
phy	phy: fixes for 5.8	2020-07-08 18:00:07 +02:00
pinctrl	intel-pinctrl for v5.8-2	2020-06-28 01:08:21 +02:00
platform	platform/x86: mlx-platform: support new watchdog type with longer timeout	2020-08-05 18:42:44 +02:00
pnp	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
power	power supply and reset changes for the v5.8 series	2020-06-10 11:28:35 -07:00
powercap	Kbuild updates for v5.8 (2nd)	2020-06-13 13:29:16 -07:00
pps	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
ps3
ptp	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
pwm	pwm: Add missing "CONFIG_" prefix	2020-06-04 19:09:28 +02:00
rapidio	rapidio: Replace zero-length array with flexible-array	2020-06-15 23:08:32 -05:00
ras
regulator	regulator: rename da903x to da903x-regulator	2020-06-25 15:29:21 +01:00
remoteproc	remoteproc updates for v5.8	2020-06-08 13:01:08 -07:00
reset	Char/Misc driver patches for 5.8-rc1	2020-06-07 10:59:32 -07:00
rpmsg	remoteproc updates for v5.8	2020-06-08 13:01:08 -07:00
rtc	RTC for 5.8	2020-06-07 16:11:23 -07:00
s390	vfio-ccw: Fix a build error due to missing include of linux/slab.h	2020-07-03 11:41:31 +02:00
sbus	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
scsi	scsi: core: Run queue in case of I/O resource contention failure	2020-07-20 21:38:20 -04:00
sfi	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
sh
siox
slimbus
soc	i.MX fixes for 5.8, round 2:	2020-07-16 22:08:07 +02:00
soundwire	soundwire: intel: fix memory leak with devm_kasprintf	2020-06-22 17:15:20 +05:30
spi	spi: Fixes for v5.8	2020-07-17 10:24:09 -07:00
spmi
ssb
staging	Staging driver fixes for 5.8-rc7	2020-07-26 09:14:59 -07:00
target	Kbuild updates for v5.8 (2nd)	2020-06-13 13:29:16 -07:00
tc
tee	mmap locking API: use coccinelle to convert mmap_sem rwsem call sites	2020-06-09 09:39:14 -07:00
thermal	- Fix invalid index array access on int340x_thermal leading to a	2020-07-16 11:08:54 -07:00
thunderbolt	thunderbolt: Fix path indices used in USB3 tunnel discovery	2020-06-25 15:45:30 +03:00
tty	serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X	2020-07-24 10:58:14 +02:00
uio	uio_pdrv_genirq: fix use without device tree and no interrupt	2020-07-03 10:52:02 +02:00
usb	usb: tegra: Fix allocation for the FPCI context	2020-07-23 13:21:01 +02:00
vdpa	vdpa: fix typos in the comments for __vdpa_alloc_device()	2020-06-22 12:34:21 -04:00
vfio	vfio/pci: fix racy on error and request eventfd ctx	2020-07-17 08:28:40 -06:00
vhost	tools/virtio: Add --reset	2020-06-22 12:34:21 -04:00
video	fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.	2020-07-23 16:22:25 +02:00
virt	virt: vbox: Fix guest capabilities mask check	2020-07-10 13:40:19 +02:00
virtio	pci-v5.8-fixes-2	2020-07-24 18:30:24 -07:00
visorbus	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
vlynq
vme	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
w1	w1: Replace zero-length array with flexible-array	2020-06-15 23:08:32 -05:00
watchdog	watchdog: initialize device before misc_register	2020-08-05 18:43:00 +02:00
xen	xen: branch for v5.8-rc5	2020-07-11 11:16:46 -07:00
zorro	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
Kconfig
Makefile