From bc61bcb2ce60ac41e29e615a58bcbcc9b3fc52bc Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose Date: Tue, 14 Jun 2016 11:17:13 -0600 Subject: [PATCH] coresight: Fix tmc_read_unprepare_etr At the end of the trace capture, we free the allocated memory, resetting the drvdata->buf to NULL, to indicate that trace data was collected and the next trace session should allocate the memory in tmc_enable_etr_sink_sysfs. The tmc_enable_etr_sink_sysfs, we only allocate memory if drvdata->vaddr is not NULL (which is not performed at the end of previous session). This can cause, drvdata->vaddr getting assigned NULL and later we do memset() which causes a crash as below : Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = ffffffc9747f0000 [00000000] *pgd=00000009f402e003, *pud=00000009f402e003, *pmd=0000000000000000 Internal error: Oops: 96000046 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1592 Comm: bash Not tainted 4.7.0-rc1+ #1712 Hardware name: ARM Juno development board (r0) (DT) task: ffffffc078fe0080 ti: ffffffc974178000 task.ti: ffffffc974178000 PC is at __memset+0x1ac/0x200 LR is at tmc_enable_etr_sink+0xf8/0x304 pc : [] lr : [] pstate: 400001c5 sp : ffffffc97417bc00 x29: ffffffc97417bc00 x28: ffffffc974178000 Call trace: Exception stack(0xffffffc97417ba40 to 0xffffffc97417bb60) ba40: 0000000000000001 ffffffc974a5d098 ffffffc97417bc00 ffffff80083a002c ba60: ffffffc974a5d118 0000000000000000 0000000000000000 0000000000000000 ba80: 0000000000000001 0000000000000000 ffffff800859bdec 0000000000000040 baa0: ffffff8008b45b58 00000000000001c0 ffffffc97417baf0 ffffff80080eddb4 bac0: 0000000000000003 ffffffc078fe0080 ffffffc078fe0960 ffffffc078fe0940 bae0: 0000000000000000 0000000000000000 00000000007fffc0 0000000000000004 bb00: 0000000000000000 0000000000000040 000000000000003f 0000000000000000 bb20: 0000000000000000 0000000000000000 0000000000000000 0000000000000001 bb40: ffffffc078fe0960 0000000000000018 ffffffffffffffff 0008669628000000 [] __memset+0x1ac/0x200 [] coresight_enable_path+0xa8/0x1dc [] coresight_enable+0x88/0x1b8 [] enable_source_store+0x3c/0x6c [] dev_attr_store+0x18/0x28 [] sysfs_kf_write+0x54/0x64 [] kernfs_fop_write+0x148/0x1d8 [] __vfs_write+0x28/0x110 [] vfs_write+0xa0/0x198 [] SyS_write+0x44/0xa0 [] el0_svc_naked+0x24/0x28 Code: 91010108 54ffff4a 8b040108 cb050042 (d50b7428) This patch fixes the issue by clearing the drvdata->vaddr while we free the allocated buffer at the end of a session, so that we allocate the memory again. Cc: mathieu.poirier@linaro.org Signed-off-by: Suzuki K Poulose Signed-off-by: Mathieu Poirier Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 8e215298a15d5b93c6fa22895c406da538769bca) --- drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c index 847d1b5f2c13..3369d7a80a51 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c @@ -315,7 +315,7 @@ int tmc_read_unprepare_etr(struct tmc_drvdata *drvdata) */ vaddr = drvdata->vaddr; paddr = drvdata->paddr; - drvdata->buf = NULL; + drvdata->buf = drvdata->vaddr = NULL; } drvdata->reading = false; -- 2.34.1