Re: [PATCH] kernel/resource: Invalid memory access in __release_resource

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bjorn Helgaas <bhelgaas@google.com>
To: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Vivek Goyal <vgoyal@redhat.com>,
	Vinod Koul <vinod.koul@intel.com>, Cliff Wickman <cpw@sgi.com>,
	Jiang Liu <jiang.liu@linux.intel.com>,
	Jakub Sitnicki <jsitnicki@gmail.com>,
	Thierry Reding <treding@nvidia.com>, Mike Travis <travis@sgi.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Grant Likely <grant.likely@linaro.org>
Subject: Re: [PATCH] kernel/resource: Invalid memory access in __release_resource
Date: Mon, 20 Apr 2015 15:36:45 -0500	[thread overview]
Message-ID: <20150420203645.GE20701@google.com> (raw)
In-Reply-To: <CAPybu_0oOtnHPAJfQM2iX5JrHy58LawNX-qhUHm8r83ZD1t+1Q@mail.gmail.com>

On Mon, Apr 20, 2015 at 10:24:25PM +0200, Ricardo Ribalda Delgado wrote:
> Hi Bjorn!
> 
> Thanks for your promtly response.
> 
> On Mon, Apr 20, 2015 at 9:28 PM, Bjorn Helgaas <bhelgaas@google.com> wrote:
> > [+cc Grant (author of ac80a51e2ce5)]
> >
> > Hi Ricardo,
> >
> > On Mon, Apr 20, 2015 at 06:22:52PM +0200, Ricardo Ribalda Delgado wrote:
> >>
> >> If of_platform_depopulate is called later, resource->parent is
> >> accessed (Offset 0x30 of address 0), causing a kernel error.
> >
> > Interesting; how'd you find this?  It looks like the
> > of_platform_depopulate() code has been this way for a long time, so we
> > must be doing something new that makes us trip over this now.  More
> > analysis below...
> 
> I have an out of tree driver that dynamically adds devices to the device tree.
> 
> It was developed before the dynamic_of and dt_overlays existed. Now I
> am porting my code to the new interfaces available. I am trying to do
> it small steps.
> 
> First step was being able to depopulate a previously loaded device
> tree. Old, code was calling of_platform_populate, so calling
> of_platform_depopulate looked like the right choice. Unfortunately
> everything crashed, and it turned out that this was the issue.
> 
> On my defense I would say, that the plan is to make this driver
> public, once the hardware is stabilized and sold to the public.

No need to defend yourself; to me this looks like a bug in the
of_platform code, so it's a good thing you tripped over it :)

The obvious bug is the NULL pointer dereference.  The not-quite-so-
obvious bug is that I think the lack of insert_resource() means the
resource tree (/proc/iomem, /proc/ioports) is missing some useful
information.

> > From reading drivers/base/platform.c, it looks like the intent is
> > that platform device users would use these interfaces:
> 
> I can take a look to modify OF to use insert_resource(), but I still
> think that no matter what, we should add this extra check, like the
> propossed patch or maybe with a BUG_ON()....

I think it would be nicer to make OF use platform_device_add_resources()
and platform_device_add() because then there's less duplication of code.
But Grant might have had a reason for avoiding that.

Bjorn

next prev parent reply	other threads:[~2015-04-20 20:36 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-04-20 16:22 [PATCH] kernel/resource: Invalid memory access in __release_resource Ricardo Ribalda Delgado
2015-04-20 19:28 ` Bjorn Helgaas
2015-04-20 20:24   ` Ricardo Ribalda Delgado
2015-04-20 20:36     ` Bjorn Helgaas [this message]
2015-04-20 20:49       ` Ricardo Ribalda Delgado
2015-04-21  6:59         ` Thierry Reding

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150420203645.GE20701@google.com \
    --to=bhelgaas@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=cpw@sgi.com \
    --cc=grant.likely@linaro.org \
    --cc=jiang.liu@linux.intel.com \
    --cc=jsitnicki@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ricardo.ribalda@gmail.com \
    --cc=travis@sgi.com \
    --cc=treding@nvidia.com \
    --cc=vgoyal@redhat.com \
    --cc=vinod.koul@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.