[PATCH V6 10/10] scsi: ufs: qcom : Refactor phy_power_on/off calls

Nitin Rawat quic_nitirawa at quicinc.com
Sat Jun 21 10:15:57 PDT 2025 


On 6/21/2025 3:14 AM, Aishwarya wrote:
> Hi Nitin,
> 
> To clarify — the defconfig kernel does boot successfully on our Arm64
> Qualcomm platforms (RB5 and DB845C). However, starting from
> next-20250613, we are seeing the following three test failures in the
> `bootrr` baseline test in our CI environment:
> 
>    - baseline.bootrr.scsi-disk-device0-probed
>    - dmesg.alert
>    - dmesg.emerg
> 

Hi Aishwarya,

Thanks for testing and reporting this issue. Can you please
test with the attached fix and let me know if it helps.

Regards,
Nitin

> Test suite:
>    https://github.com/kernelci/bootrr/tree/main
> 
> These failures are due to kernel alerts seen in the boot logs. A relevant
> snippet is shown below:
> 
>    kern  :alert : Unable to handle kernel NULL pointer dereference at
>    virtual address 0000000000000000
>    kern  :alert : Mem abort info:
>    kern  :alert :   ESR = 0x0000000096000004
>    kern  :alert :   EC = 0x25: DABT (current EL), IL = 32 bits
>    kern  :alert :   SET = 0, FnV = 0
>    kern  :alert :   EA = 0, S1PTW = 0
>    kern  :alert :   FSC = 0x04: level 0 translation fault
>    kern  :alert : Data abort info:
>    kern  :alert :   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
>    kern  :alert :   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
>    kern  :alert :   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
>    kern  :alert : user pgtable: 4k pages, 48-bit VAs, pgdp=0000000109c41000
>    kern  :alert : [0000000000000000] pgd=0000000000000000
>    <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=alert RESULT=fail UNITS=lines
>    MEASUREMENT=13>
> 
>    kern  :emerg : Internal error: Oops: 0000000096000004 [#1] SMP
>    kern  :emerg : Code: a90157f3 aa0003f3 f90013f6 f9405c15 (f94002b6)
>    <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=emerg RESULT=fail UNITS=lines
>    MEASUREMENT=2>
> 
> Please let me know if you need full logs or further details to help
> with debugging.
> 
> Thanks,
> Aishwarya
-------------- next part --------------
From 3f6abf0f5a1ad6dba975824c97c94a77babb9d38 Mon Sep 17 00:00:00 2001
From: Nitin Rawat <quic_nitirawa at quicinc.com>
Date: Sat, 21 Jun 2025 21:40:42 +0530
Subject: [PATCH V1] scsi: ufs: qcom : Fix NULL pointer dereference in
 ufs_qcom_setup_clocks

Fix a NULL pointer dereference in ufs_qcom_setup_clocks due to an
uninitialized 'host' variable. The variable 'phy' is now assigned
after confirming 'host' is not NULL.

Call Stack:

[    6.448070] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000
[    6.448449] ufs_qcom_setup_clocks+0x28/0x148 ufs_qcom (P)
[    6.448466] ufshcd_setup_clocks (drivers/ufs/core/ufshcd-priv.h:142)
[    6.448477] ufshcd_init (drivers/ufs/core/ufshcd.c:9468)
[    6.448485] ufshcd_pltfrm_init (drivers/ufs/host/ufshcd-pltfrm.c:504)
[    6.448495] ufs_qcom_probe+0x28/0x68 ufs_qcom
[    6.448508] platform_probe (drivers/base/platform.c:1404)
[    6.448519] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:657)
[    6.448526] __driver_probe_device (drivers/base/dd.c:799)
[    6.448532] driver_probe_device (drivers/base/dd.c:829)
[    6.448539] __driver_attach (drivers/base/dd.c:1216)
[    6.448545] bus_for_each_dev (drivers/base/bus.c:370)
[    6.448556] driver_attach (drivers/base/dd.c:1234)
[    6.448567] bus_add_driver (drivers/base/bus.c:678)
[    6.448577] driver_register (drivers/base/driver.c:249)
[    6.448584] __platform_driver_register (drivers/base/platform.c:868)
[    6.448592] ufs_qcom_pltform_init+0x28/0xff8 ufs_qcom
[    6.448605] do_one_initcall (init/main.c:1274)
[    6.448615] do_init_module (kernel/module/main.c:3041)
[    6.448626] load_module (kernel/module/main.c:3511)
[    6.448635] init_module_from_file (kernel/module/main.c:3704)
[    6.448644] __arm64_sys_finit_module (kernel/module/main.c:3715.

Fixes: 77d2fa54a945 ("scsi: ufs: qcom : Refactor phy_power_on/off calls")
Reported-by: Aishwarya <aishwarya.tcv at arm.com>
Closes: https://lore.kernel.org/lkml/20250620214408.11028-1-aishwarya.tcv@arm.com/
Reported-by: Naresh Kamboju <naresh.kamboju at linaro.org>
Closes: https://lkml.org/lkml/2025/6/21/107
Co-developed-by: Ram Kumar Dwivedi <quic_rdwivedi at quicinc.com>
Signed-off-by: Ram Kumar Dwivedi <quic_rdwivedi at quicinc.com>
Signed-off-by: Nitin Rawat <quic_nitirawa at quicinc.com>
---
 drivers/ufs/host/ufs-qcom.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c
index ba4b2880279c..318dca7fe3d7 100644
--- a/drivers/ufs/host/ufs-qcom.c
+++ b/drivers/ufs/host/ufs-qcom.c
@@ -1124,7 +1124,7 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
 				 enum ufs_notify_change_status status)
 {
 	struct ufs_qcom_host *host = ufshcd_get_variant(hba);
-	struct phy *phy = host->generic_phy;
+	struct phy *phy;
 	int err;

 	/*
@@ -1135,6 +1135,8 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
 	if (!host)
 		return 0;

+	phy = host->generic_phy;
+
 	switch (status) {
 	case PRE_CHANGE:
 		if (on) {
--
2.48.1

More information about the linux-phy mailing list