From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Krzysztof Kozlowski <k.kozlowski@samsung.com>,
Yadwinder Singh Brar <yadi.brar@samsung.com>,
Mike Turquette <mturquette@linaro.org>
Subject: [PATCH 3.15 38/84] clk: s2mps11: Fix double free corruption during driver unbind
Date: Tue, 15 Jul 2014 16:17:35 -0700 [thread overview]
Message-ID: <20140715231714.343249753@linuxfoundation.org> (raw)
In-Reply-To: <20140715231713.193785557@linuxfoundation.org>
3.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
commit 2a96dfa49c83a2a7cbdb11382976aaa6b2636764 upstream.
After unbinding the driver memory was corrupted by double free of
clk_lookup structure. This lead to OOPS when re-binding the driver
again.
The driver allocated memory for 'clk_lookup' with devm_kzalloc. During
driver removal this memory was freed twice: once by clkdev_drop() and
second by devm code.
Kernel panic log:
[ 30.839284] Unable to handle kernel paging request at virtual address 5f343173
[ 30.846476] pgd = dee14000
[ 30.849165] [5f343173] *pgd=00000000
[ 30.852703] Internal error: Oops: 805 [#1] PREEMPT SMP ARM
[ 30.858166] Modules linked in:
[ 30.861208] CPU: 0 PID: 1 Comm: bash Not tainted 3.16.0-rc2-00239-g94bdf617b07e-dirty #40
[ 30.869364] task: df478000 ti: df480000 task.ti: df480000
[ 30.874752] PC is at clkdev_add+0x2c/0x38
[ 30.878738] LR is at clkdev_add+0x18/0x38
[ 30.882732] pc : [<c0350908>] lr : [<c03508f4>] psr: 60000013
[ 30.882732] sp : df481e78 ip : 00000001 fp : c0700ed8
[ 30.894187] r10: 0000000c r9 : 00000000 r8 : c07b0e3c
[ 30.899396] r7 : 00000002 r6 : df45f9d0 r5 : df421390 r4 : c0700d6c
[ 30.905906] r3 : 5f343173 r2 : c0700d84 r1 : 60000013 r0 : c0700d6c
[ 30.912417] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 30.919534] Control: 10c53c7d Table: 5ee1406a DAC: 00000015
[ 30.925262] Process bash (pid: 1, stack limit = 0xdf480240)
[ 30.930817] Stack: (0xdf481e78 to 0xdf482000)
[ 30.935159] 1e60: 00001000 df6de610
[ 30.943321] 1e80: df7f4558 c0355650 c05ec6ec c0700eb0 df6de600 df7f4510 dec9d69c 00000014
[ 30.951480] 1ea0: 00167b48 df6de610 c0700e30 c0713518 00000000 c0700e30 dec9d69c 00000006
[ 30.959639] 1ec0: 00167b48 c02c1b7c c02c1b64 df6de610 c07aff48 c02c0420 c06fb150 c047cc20
[ 30.967798] 1ee0: df6de610 df6de610 c0700e30 df6de644 c06fb150 0000000c dec9d690 c02bef90
[ 30.975957] 1f00: dec9c6c0 dece4c00 df481f80 dece4c00 0000000c c02be73c 0000000c c016ca8c
[ 30.984116] 1f20: c016ca48 00000000 00000000 c016c1f4 00000000 00000000 b6f18000 df481f80
[ 30.992276] 1f40: df7f66c0 0000000c df480000 df480000 b6f18000 c011094c df47839c 60000013
[ 31.000435] 1f60: 00000000 00000000 df7f66c0 df7f66c0 0000000c df480000 b6f18000 c0110dd4
[ 31.008594] 1f80: 00000000 00000000 0000000c b6ec05d8 0000000c b6f18000 00000004 c000f2a8
[ 31.016753] 1fa0: 00001000 c000f0e0 b6ec05d8 0000000c 00000001 b6f18000 0000000c 00000000
[ 31.024912] 1fc0: b6ec05d8 0000000c b6f18000 00000004 0000000c 00000001 00000000 00167b48
[ 31.033071] 1fe0: 00000000 bed83a80 b6e004f0 b6e5122c 60000010 00000001 ffffffff ffffffff
[ 31.041248] [<c0350908>] (clkdev_add) from [<c0355650>] (s2mps11_clk_probe+0x2b4/0x3b4)
[ 31.049223] [<c0355650>] (s2mps11_clk_probe) from [<c02c1b7c>] (platform_drv_probe+0x18/0x48)
[ 31.057728] [<c02c1b7c>] (platform_drv_probe) from [<c02c0420>] (driver_probe_device+0x13c/0x384)
[ 31.066579] [<c02c0420>] (driver_probe_device) from [<c02bef90>] (bind_store+0x88/0xd8)
[ 31.074564] [<c02bef90>] (bind_store) from [<c02be73c>] (drv_attr_store+0x20/0x2c)
[ 31.082118] [<c02be73c>] (drv_attr_store) from [<c016ca8c>] (sysfs_kf_write+0x44/0x48)
[ 31.090016] [<c016ca8c>] (sysfs_kf_write) from [<c016c1f4>] (kernfs_fop_write+0xc0/0x17c)
[ 31.098176] [<c016c1f4>] (kernfs_fop_write) from [<c011094c>] (vfs_write+0xa0/0x1c4)
[ 31.105899] [<c011094c>] (vfs_write) from [<c0110dd4>] (SyS_write+0x40/0x8c)
[ 31.112931] [<c0110dd4>] (SyS_write) from [<c000f0e0>] (ret_fast_syscall+0x0/0x3c)
[ 31.120481] Code: e2842018 e584501c e1a00004 e885000c (e5835000)
[ 31.126596] ---[ end trace efad45bfa3a61b05 ]---
[ 31.131181] Kernel panic - not syncing: Fatal exception
[ 31.136368] CPU1: stopping
[ 31.139054] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 3.16.0-rc2-00239-g94bdf617b07e-dirty #40
[ 31.148697] [<c0016480>] (unwind_backtrace) from [<c0012950>] (show_stack+0x10/0x14)
[ 31.156419] [<c0012950>] (show_stack) from [<c0480db8>] (dump_stack+0x80/0xcc)
[ 31.163622] [<c0480db8>] (dump_stack) from [<c001499c>] (handle_IPI+0x130/0x15c)
[ 31.170998] [<c001499c>] (handle_IPI) from [<c000862c>] (gic_handle_irq+0x60/0x68)
[ 31.178549] [<c000862c>] (gic_handle_irq) from [<c0013480>] (__irq_svc+0x40/0x70)
[ 31.186009] Exception stack(0xdf4bdf88 to 0xdf4bdfd0)
[ 31.191046] df80: ffffffed 00000000 00000000 00000000 df4bc000 c06d042c
[ 31.199207] dfa0: 00000000 ffffffed c06d03c0 00000000 c070c288 00000000 00000000 df4bdfd0
[ 31.207363] dfc0: c0010324 c0010328 60000013 ffffffff
[ 31.212402] [<c0013480>] (__irq_svc) from [<c0010328>] (arch_cpu_idle+0x28/0x30)
[ 31.219783] [<c0010328>] (arch_cpu_idle) from [<c005f150>] (cpu_startup_entry+0x2c4/0x3f0)
[ 31.228027] [<c005f150>] (cpu_startup_entry) from [<400086c4>] (0x400086c4)
[ 31.234968] ---[ end Kernel panic - not syncing: Fatal exception
Fixes: 7cc560dea415 ("clk: s2mps11: Add support for s2mps11")
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reviewed-by: Yadwinder Singh Brar <yadi.brar@samsung.com>
Signed-off-by: Mike Turquette <mturquette@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/clk-s2mps11.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/drivers/clk/clk-s2mps11.c
+++ b/drivers/clk/clk-s2mps11.c
@@ -206,16 +206,13 @@ static int s2mps11_clk_probe(struct plat
goto err_reg;
}
- s2mps11_clk->lookup = devm_kzalloc(&pdev->dev,
- sizeof(struct clk_lookup), GFP_KERNEL);
+ s2mps11_clk->lookup = clkdev_alloc(s2mps11_clk->clk,
+ s2mps11_name(s2mps11_clk), NULL);
if (!s2mps11_clk->lookup) {
ret = -ENOMEM;
goto err_lup;
}
- s2mps11_clk->lookup->con_id = s2mps11_name(s2mps11_clk);
- s2mps11_clk->lookup->clk = s2mps11_clk->clk;
-
clkdev_add(s2mps11_clk->lookup);
}
next prev parent reply other threads:[~2014-07-15 23:40 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-15 23:16 [PATCH 3.15 00/84] 3.15.6-stable review Greg Kroah-Hartman
2014-07-15 23:16 ` [PATCH 3.15 01/84] usb: option: Add ID for Telewell TW-LTE 4G v2 Greg Kroah-Hartman
2014-07-15 23:16 ` [PATCH 3.15 02/84] USB: cp210x: add support for Corsair usb dongle Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 03/84] USB: ftdi_sio: Add extra PID Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 04/84] USB: serial: ftdi_sio: Add Infineon Triboard Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 05/84] iio: ti_am335x_adc: Fix: Use same step id at FIFOs both ends Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 06/84] serial: Test for no tx data on tx restart Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 07/84] parisc: add serial ports of C8000/1GHz machine to hardware database Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 08/84] parisc: fix fanotify_mark() syscall on 32bit compat kernel Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 09/84] workqueue: fix dev_set_uevent_suppress() imbalance Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 10/84] cpuset,mempolicy: fix sleeping function called from invalid context Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 11/84] workqueue: zero cpumask of wq_numa_possible_cpumask on init Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 12/84] ahci: imx: manage only sata_ref_clk in imx_sata_enable[disable] Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 13/84] i8k: Fix non-SMP operation Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 14/84] serial: imx: Fix build breakage Greg Kroah-Hartman
2014-07-16 0:24 ` Stephen Rothwell
2014-07-16 0:42 ` Greg Kroah-Hartman
2014-07-16 0:56 ` Stephen Rothwell
2014-07-16 1:07 ` Greg Kroah-Hartman
2014-07-16 1:08 ` Stephen Rothwell
2014-07-15 23:17 ` [PATCH 3.15 15/84] thermal: hwmon: Make the check for critical temp valid consistent Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 16/84] hwmon: (adc128d818) Drop write support on inX_input attributes Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 17/84] hwmon: (amc6821) Fix permissions for temp2_input Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 18/84] hwmon: (emc2103) Clamp limits instead of bailing out Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 19/84] hwmon: (adm1031) Fix writes to limit registers Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 20/84] hwmon: (adm1029) Ensure the fan_div cache is updated in set_fan_div Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 21/84] hwmon: (adm1021) Fix cache problem when writing temperature limits Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 22/84] Revert "ACPI / AC: Remove ACs proc directory." Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 23/84] ACPI / resources: only reject zero length resources based at address zero Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 24/84] ACPI / EC: Avoid race condition related to advance_transaction() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 25/84] ACPI / EC: Add asynchronous command byte write support Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 26/84] ACPI / EC: Remove duplicated ec_wait_ibf0() waiter Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 27/84] ACPI / EC: Fix race condition in ec_transaction_completed() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 28/84] powerpc/kvm: Remove redundant save of SIER AND MMCR2 Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 29/84] powerpc/perf: Never program book3s PMCs with values >= 0x80000000 Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 30/84] powerpc/perf: Add PPMU_ARCH_207S define Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 31/84] powerpc/perf: Clear MMCR2 when enabling PMU Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 32/84] cpufreq: Makefile: fix compilation for davinci platform Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 33/84] crypto: sha512_ssse3 - fix byte count to bit count conversion Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 34/84] crypto: caam - fix memleak in caam_jr module Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 35/84] arm64: implement TASK_SIZE_OF Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 36/84] phy: core: Fix error path in phy_create() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 37/84] clk: spear3xx: Use proper control register offset Greg Kroah-Hartman
2014-07-15 23:17 ` Greg Kroah-Hartman [this message]
2014-07-15 23:17 ` [PATCH 3.15 39/84] clk: qcom: HDMI source sel is 3 not 2 Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 40/84] Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 41/84] dm mpath: fix IO hang due to logic bug in multipath_busy Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 42/84] dm io: fix a race condition in the wake up code for sync_io Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 43/84] dm: allocate a special workqueue for deferred device removal Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 44/84] intel_pstate: Fix setting VID Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 45/84] intel_pstate: dont touch turbo bit if turbo disabled or unavailable Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 46/84] intel_pstate: Update documentation of {max,min}_perf_pct sysfs files Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 47/84] intel_pstate: Set CPU number before accessing MSRs Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 48/84] PCI: Fix unaligned access in AF transaction pending test Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 49/84] ext4: fix unjournalled bg descriptor while initializing inode bitmap Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 50/84] ext4: clarify error count warning messages Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 51/84] ext4: clarify ext4_error message in ext4_mb_generate_buddy_error() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 52/84] ext4: disable synchronous transaction batching if max_batch_time==0 Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 53/84] ext4: revert commit which was causing fs corruption after journal replays Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 54/84] ext4: fix a potential deadlock in __ext4_es_shrink() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 55/84] drm/radeon/dpm: Reenabling SS on Cayman Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 56/84] drm/radeon: fix typo in ci_stop_dpm() Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 57/84] drm/radeon: fix typo in golden register setup on evergreen Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 60/84] drm/i915: quirk asserts controllable backlight presence, overriding VBT Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 61/84] drm/i915: Acer C720 and C720P have controllable backlights Greg Kroah-Hartman
2014-07-15 23:17 ` [PATCH 3.15 62/84] drm/i915: Toshiba CB35 has a controllable backlight Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 64/84] DMA, CMA: fix possible memory leak Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 65/84] ring-buffer: Check if buffer exists before polling Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 66/84] i40e: fix passing wrong error code to i40e_open() Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 67/84] mtd: nand: omap: fix omap_calculate_ecc_bch() for-loop error Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 68/84] cgroup: fix mount failure in a corner case Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 69/84] kernfs: implement kernfs_root->supers list Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 70/84] kernfs: introduce kernfs_pin_sb() Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 71/84] cgroup: fix a race between cgroup_mount() and cgroup_kill_sb() Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 72/84] f2fs: adjust free mem size to flush dentry blocks Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 73/84] f2fs: check bdi->dirty_exceeded when trying to skip data writes Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 74/84] drivers/rtc/rtc-puv3.c: remove "&dev->" for typo issue Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 75/84] drivers/rtc/rtc-puv3.c: use dev_dbg() instead of dev_debug() " Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 76/84] powerpc: Disable RELOCATABLE for COMPILE_TEST with PPC64 Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 77/84] Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime option" Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 78/84] x86-64, espfix: Dont leak bits 31:16 of %esp returning to 16-bit stack Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 79/84] x86, espfix: Move espfix definitions into a separate header file Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 80/84] x86, espfix: Fix broken header guard Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 81/84] x86, espfix: Make espfix64 a Kconfig option, fix UML Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 82/84] x86, espfix: Make it possible to disable 16-bit support Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 83/84] x86, ioremap: Speed up check for RAM pages Greg Kroah-Hartman
2014-07-15 23:18 ` [PATCH 3.15 84/84] ACPI / battery: Retry to get battery information if failed during probing Greg Kroah-Hartman
2014-07-16 4:28 ` [PATCH 3.15 00/84] 3.15.6-stable review Guenter Roeck
2014-07-16 10:53 ` Satoru Takeuchi
2014-07-17 1:51 ` Greg Kroah-Hartman
2014-07-16 23:09 ` Greg Kroah-Hartman
2014-07-17 0:12 ` Guenter Roeck
2014-07-17 1:50 ` Greg Kroah-Hartman
2014-07-17 12:29 ` Satoru Takeuchi
2014-07-17 21:23 ` Greg Kroah-Hartman
2014-07-17 13:24 ` Shuah Khan
2014-07-17 21:23 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140715231714.343249753@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=k.kozlowski@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mturquette@linaro.org \
--cc=stable@vger.kernel.org \
--cc=yadi.brar@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.