[PATCH] nvdimm: nvdimm_bus_register: Avoid adding device to the unregistered bus

From: Li Zhijian
Date: Thu Mar 16 2023 - 04:39:30 EST

nvdimm_bus_register() could be called from other modules, such as nfit,
but it can only be called after the nvdimm_bus_type is registered.

BUG: kernel NULL pointer dereference, address: 0000000000000098
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 0 PID: 117 Comm: systemd-udevd Not tainted 6.2.0-rc6-pmem+ #97
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:bus_add_device+0x58/0x150
Call Trace:
<TASK>
device_add+0x3ac/0x980
nvdimm_bus_register+0x16d/0x1d0
acpi_nfit_init+0xb72/0x1f90 [nfit]
acpi_nfit_add+0x1d5/0x200 [nfit]
acpi_device_probe+0x45/0x160
really_probe+0xce/0x390
__driver_probe_device+0x78/0x180
driver_probe_device+0x1e/0x90
__driver_attach+0xd6/0x1d0
bus_for_each_dev+0x7b/0xc0
bus_add_driver+0x1ac/0x200
driver_register+0x8f/0xf0
nfit_init+0x164/0xff0 [nfit]
do_one_initcall+0x5b/0x320
do_init_module+0x4c/0x1f0
__do_sys_finit_module+0xb4/0x130
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc

Signed-off-by: Li Zhijian <lizhijian@xxxxxxxxxxx>
---
drivers/nvdimm/bus.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c
index ada61bbf49c1..ea66053072cb 100644
--- a/drivers/nvdimm/bus.c
+++ b/drivers/nvdimm/bus.c
@@ -28,6 +28,7 @@
static int nvdimm_bus_major;
struct class *nd_class;
static DEFINE_IDA(nd_ida);
+static bool nvdimm_bus_type_registered;

static int to_nd_device_type(struct device *dev)
{
@@ -337,6 +338,10 @@ struct nvdimm_bus *nvdimm_bus_register(struct device *parent,
struct nvdimm_bus *nvdimm_bus;
int rc;

+ if (!nvdimm_bus_type_registered) {
+ pr_warn("nvdimm bus type is not registered\n");
+ return NULL;
+ }
nvdimm_bus = kzalloc(sizeof(*nvdimm_bus), GFP_KERNEL);
if (!nvdimm_bus)
return NULL;
@@ -1321,6 +1326,7 @@ int __init nvdimm_bus_init(void)
if (rc)
goto err_nd_bus;

+ nvdimm_bus_type_registered = true;
return 0;

err_nd_bus:
@@ -1343,4 +1349,5 @@ void nvdimm_bus_exit(void)
unregister_chrdev(nvdimm_major, "dimmctl");
bus_unregister(&nvdimm_bus_type);
ida_destroy(&nd_ida);
+ nvdimm_bus_type_registered = false;
}
--
1.8.3.1