soc/tegra: fuse: Fix crash in tegra_fuse_readl()

Commit c5b2d43e67bb ("soc/tegra: fuse: Add ACPI support for Tegra194 and
Tegra234") updated the Tegra fuse driver to add ACPI support and added a
test to the tegra_fuse_readl() function to check if the device is
booting with device-tree. This test passes 'fuse->dev' variable to
dev_fwnode() but does not check first is 'fuse->dev' is valid. This is
causing a crash to occur in Tegra XUSB PHY driver that calls the
tegra_fuse_readl() function before 'fuse->dev' variable has been
initialised ...

 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000290
 Mem abort info:
   ESR = 0x0000000096000004
   EC = 0x25: DABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
   FSC = 0x04: level 0 translation fault
 Data abort info:
   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
 [0000000000000290] user address but active_mm is swapper
 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
 Modules linked in:
 CPU: 7 PID: 70 Comm: kworker/u16:4 Not tainted 6.8.0-rc1-next-20240129-02825-g596764183be8 #1
 Hardware name: NVIDIA Jetson AGX Xavier Developer Kit (DT)
 Workqueue: events_unbound deferred_probe_work_func
 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
 pc : __dev_fwnode+0x0/0x18
 lr : tegra_fuse_readl+0x24/0x98
 sp : ffff80008393ba10
 x29: ffff80008393ba10 x28: 0000000000000000 x27: ffff800081233c10
 x26: 00000000000001c8 x25: ffff000080b7bc10 x24: ffff000082df3b00
 x23: fffffffffffffff4 x22: 0000000000000004 x21: ffff80008393ba84
 x20: 00000000000000f0 x19: ffff800082f1e000 x18: ffff800081d72000
 x17: 0000000000000001 x16: 0000000000000001 x15: ffff800082fcdfff
 x14: 0000000000000000 x13: 0000000003541000 x12: 0000000000000020
 x11: 0140000000000000 x10: ffff800080000000 x9 : 0000000000000000
 x8 : ffff000082df3b40 x7 : 0000000000000000 x6 : 000000000000003f
 x5 : 00000000ffffffff x4 : 0000000000000dc0 x3 : 00000000000000c0
 x2 : 0000000000000001 x1 : ffff80008393ba84 x0 : 0000000000000000
 Call trace:
  __dev_fwnode+0x0/0x18
  tegra186_xusb_padctl_probe+0xb0/0x1a8
  tegra_xusb_padctl_probe+0x7c/0xebc
  platform_probe+0x90/0xd8
  really_probe+0x13c/0x29c
  __driver_probe_device+0x7c/0x124
  driver_probe_device+0x38/0x11c
  __device_attach_driver+0x90/0xdc
  bus_for_each_drv+0x78/0xdc
  __device_attach+0xfc/0x188
  device_initial_probe+0x10/0x18
  bus_probe_device+0xa4/0xa8
  deferred_probe_work_func+0x80/0xb4
  process_scheduled_works+0x178/0x3e0
  worker_thread+0x164/0x2e8
  kthread+0xfc/0x11c
  ret_from_fork+0x10/0x20
 Code: a8c27bfd d65f03c0 128002a0 d65f03c0 (f9414801)
 ---[ end trace 0000000000000000 ]---

Fix this by verifying that 'fuse->dev' is valid before passing to
dev_fwnode().

Fixes: c5b2d43e67bb ("soc/tegra: fuse: Add ACPI support for Tegra194 and Tegra234")
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-by: Kartik <kkartik@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>

diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c
index c34efa5bf44c2f8b159810887c4fd892098a6555..b6bfd6729df3904adbe5affd1208e59f9a5608dc 100644 (file)
--- a/drivers/soc/tegra/fuse/fuse-tegra.c
+++ b/drivers/soc/tegra/fuse/fuse-tegra.c
@@ -345,6 +345,9 @@ u32 __init tegra_fuse_read_early(unsigned int offset)
 
 int tegra_fuse_readl(unsigned long offset, u32 *value)
 {
+       if (!fuse->dev)
+               return -EPROBE_DEFER;
+
        /*
         * Wait for fuse->clk to be initialized if device-tree boot is used.
         */