* [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init()
@ 2024-06-06 7:52 Aleksandr Mishin
2024-06-06 8:42 ` Peng Fan
2024-06-10 16:47 ` Mathieu Poirier
0 siblings, 2 replies; 7+ messages in thread
From: Aleksandr Mishin @ 2024-06-06 7:52 UTC (permalink / raw)
To: Oleksij Rempel
Cc: Aleksandr Mishin, Bjorn Andersson, Mathieu Poirier, Shawn Guo,
Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
linux-remoteproc, imx, linux-arm-kernel, linux-kernel,
lvc-project
In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts
number of phandles. But phandles may be empty. So of_parse_phandle() in
the parsing loop (0 < a < nph) may return NULL which is later dereferenced.
Adjust this issue by adding NULL-return check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: a0ff4aa6f010 ("remoteproc: imx_rproc: add a NXP/Freescale imx_rproc driver")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
---
drivers/remoteproc/imx_rproc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c
index 5a3fb902acc9..39eacd90af14 100644
--- a/drivers/remoteproc/imx_rproc.c
+++ b/drivers/remoteproc/imx_rproc.c
@@ -726,6 +726,8 @@ static int imx_rproc_addr_init(struct imx_rproc *priv,
struct resource res;
node = of_parse_phandle(np, "memory-region", a);
+ if (!node)
+ continue;
/* Not map vdevbuffer, vdevring region */
if (!strncmp(node->name, "vdev", strlen("vdev"))) {
of_node_put(node);
--
2.30.2
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 7+ messages in thread
* RE: [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init()
2024-06-06 7:52 [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init() Aleksandr Mishin
@ 2024-06-06 8:42 ` Peng Fan
2024-06-10 16:47 ` Mathieu Poirier
1 sibling, 0 replies; 7+ messages in thread
From: Peng Fan @ 2024-06-06 8:42 UTC (permalink / raw)
To: Aleksandr Mishin, Oleksij Rempel
Cc: Bjorn Andersson, Mathieu Poirier, Shawn Guo, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam,
linux-remoteproc@vger.kernel.org, imx@lists.linux.dev,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
Hi Aleksandr,
> Subject: [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while
> remapping optional addresses in imx_rproc_addr_init()
>
> In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts
> number of phandles. But phandles may be empty. So of_parse_phandle() in
> the parsing loop (0 < a < nph) may return NULL which is later dereferenced.
> Adjust this issue by adding NULL-return check.
It is good to add a check here. But I am not sure whether this will really
happen.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: a0ff4aa6f010 ("remoteproc: imx_rproc: add a NXP/Freescale imx_rproc
> driver")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Anyway LGTM:
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Thanks,
Peng.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init()
2024-06-06 7:52 [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init() Aleksandr Mishin
2024-06-06 8:42 ` Peng Fan
@ 2024-06-10 16:47 ` Mathieu Poirier
2024-06-10 17:36 ` [lvc-project] " Fedor Pchelkin
1 sibling, 1 reply; 7+ messages in thread
From: Mathieu Poirier @ 2024-06-10 16:47 UTC (permalink / raw)
To: Aleksandr Mishin
Cc: Oleksij Rempel, Bjorn Andersson, Shawn Guo, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam, linux-remoteproc, imx,
linux-arm-kernel, linux-kernel, lvc-project
On Thu, Jun 06, 2024 at 10:52:04AM +0300, Aleksandr Mishin wrote:
> In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts
> number of phandles. But phandles may be empty. So of_parse_phandle() in
> the parsing loop (0 < a < nph) may return NULL which is later dereferenced.
> Adjust this issue by adding NULL-return check.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: a0ff4aa6f010 ("remoteproc: imx_rproc: add a NXP/Freescale imx_rproc driver")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> ---
> drivers/remoteproc/imx_rproc.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c
> index 5a3fb902acc9..39eacd90af14 100644
> --- a/drivers/remoteproc/imx_rproc.c
> +++ b/drivers/remoteproc/imx_rproc.c
> @@ -726,6 +726,8 @@ static int imx_rproc_addr_init(struct imx_rproc *priv,
> struct resource res;
>
> node = of_parse_phandle(np, "memory-region", a);
> + if (!node)
You're missing an "of_node_put()" before continuing.
> + continue;
> /* Not map vdevbuffer, vdevring region */
> if (!strncmp(node->name, "vdev", strlen("vdev"))) {
> of_node_put(node);
> --
> 2.30.2
>
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [lvc-project] [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init()
2024-06-10 16:47 ` Mathieu Poirier
@ 2024-06-10 17:36 ` Fedor Pchelkin
2024-06-11 16:45 ` Mathieu Poirier
0 siblings, 1 reply; 7+ messages in thread
From: Fedor Pchelkin @ 2024-06-10 17:36 UTC (permalink / raw)
To: Mathieu Poirier
Cc: Aleksandr Mishin, imx, lvc-project, Shawn Guo, Bjorn Andersson,
linux-remoteproc, linux-kernel, Oleksij Rempel,
Pengutronix Kernel Team, Fabio Estevam, Sascha Hauer,
linux-arm-kernel, Peng Fan
On Mon, 10. Jun 10:47, Mathieu Poirier wrote:
> On Thu, Jun 06, 2024 at 10:52:04AM +0300, Aleksandr Mishin wrote:
> > In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts
> > number of phandles. But phandles may be empty. So of_parse_phandle() in
> > the parsing loop (0 < a < nph) may return NULL which is later dereferenced.
> > Adjust this issue by adding NULL-return check.
> >
> > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> >
> > Fixes: a0ff4aa6f010 ("remoteproc: imx_rproc: add a NXP/Freescale imx_rproc driver")
> > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> > ---
> > drivers/remoteproc/imx_rproc.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c
> > index 5a3fb902acc9..39eacd90af14 100644
> > --- a/drivers/remoteproc/imx_rproc.c
> > +++ b/drivers/remoteproc/imx_rproc.c
> > @@ -726,6 +726,8 @@ static int imx_rproc_addr_init(struct imx_rproc *priv,
> > struct resource res;
> >
> > node = of_parse_phandle(np, "memory-region", a);
> > + if (!node)
>
> You're missing an "of_node_put()" before continuing.
>
The node is NULL in this case so of_node_put() is not needed..?
Btw, there is a "rsc-table" node->name check in the the end of the loop
body. It was added recently with commit 5e4c1243071d ("remoteproc:
imx_rproc: support remote cores booted before Linux Kernel"). Seems to me
it forgot that of_node_put() is called way before that.
Also commit 61afafe8b938 ("remoteproc: imx_rproc: Fix refcount leak in
imx_rproc_addr_init") was dealing with the last of_node_put() call here
but it's still not in the right place I'd say.
> > + continue;
> > /* Not map vdevbuffer, vdevring region */
> > if (!strncmp(node->name, "vdev", strlen("vdev"))) {
> > of_node_put(node);
> > --
> > 2.30.2
> >
> >
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [lvc-project] [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init()
2024-06-10 17:36 ` [lvc-project] " Fedor Pchelkin
@ 2024-06-11 16:45 ` Mathieu Poirier
2024-06-12 8:32 ` Fedor Pchelkin
2024-06-12 13:20 ` Aleksandr Mishin
0 siblings, 2 replies; 7+ messages in thread
From: Mathieu Poirier @ 2024-06-11 16:45 UTC (permalink / raw)
To: Fedor Pchelkin
Cc: Aleksandr Mishin, imx, lvc-project, Shawn Guo, Bjorn Andersson,
linux-remoteproc, linux-kernel, Oleksij Rempel,
Pengutronix Kernel Team, Fabio Estevam, Sascha Hauer,
linux-arm-kernel, Peng Fan
On Mon, Jun 10, 2024 at 08:36:19PM +0300, Fedor Pchelkin wrote:
> On Mon, 10. Jun 10:47, Mathieu Poirier wrote:
> > On Thu, Jun 06, 2024 at 10:52:04AM +0300, Aleksandr Mishin wrote:
> > > In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts
> > > number of phandles. But phandles may be empty. So of_parse_phandle() in
> > > the parsing loop (0 < a < nph) may return NULL which is later dereferenced.
> > > Adjust this issue by adding NULL-return check.
> > >
> > > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> > >
> > > Fixes: a0ff4aa6f010 ("remoteproc: imx_rproc: add a NXP/Freescale imx_rproc driver")
> > > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> > > ---
> > > drivers/remoteproc/imx_rproc.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c
> > > index 5a3fb902acc9..39eacd90af14 100644
> > > --- a/drivers/remoteproc/imx_rproc.c
> > > +++ b/drivers/remoteproc/imx_rproc.c
> > > @@ -726,6 +726,8 @@ static int imx_rproc_addr_init(struct imx_rproc *priv,
> > > struct resource res;
> > >
> > > node = of_parse_phandle(np, "memory-region", a);
> > > + if (!node)
> >
> > You're missing an "of_node_put()" before continuing.
> >
>
> The node is NULL in this case so of_node_put() is not needed..?
Oh yeah, doing a of_node_put() with a NULL value is are really good idea...
I will pickup this patch.
>
> Btw, there is a "rsc-table" node->name check in the the end of the loop
> body. It was added recently with commit 5e4c1243071d ("remoteproc:
> imx_rproc: support remote cores booted before Linux Kernel"). Seems to me
> it forgot that of_node_put() is called way before that.
>
I agree.
> Also commit 61afafe8b938 ("remoteproc: imx_rproc: Fix refcount leak in
> imx_rproc_addr_init") was dealing with the last of_node_put() call here
> but it's still not in the right place I'd say.
>
You mean becaue of node->name being used after the last of_node_put() or is
there something else?
Aleksandr - Can you send another patch for the above?
Thanks,
Mathieu
> > > + continue;
> > > /* Not map vdevbuffer, vdevring region */
> > > if (!strncmp(node->name, "vdev", strlen("vdev"))) {
> > > of_node_put(node);
> > > --
> > > 2.30.2
> > >
> > >
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [lvc-project] [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init()
2024-06-11 16:45 ` Mathieu Poirier
@ 2024-06-12 8:32 ` Fedor Pchelkin
2024-06-12 13:20 ` Aleksandr Mishin
1 sibling, 0 replies; 7+ messages in thread
From: Fedor Pchelkin @ 2024-06-12 8:32 UTC (permalink / raw)
To: Mathieu Poirier
Cc: Aleksandr Mishin, imx, lvc-project, Shawn Guo, Bjorn Andersson,
linux-remoteproc, linux-kernel, Oleksij Rempel,
Pengutronix Kernel Team, Fabio Estevam, Sascha Hauer,
linux-arm-kernel, Peng Fan
On Tue, 11. Jun 10:45, Mathieu Poirier wrote:
> On Mon, Jun 10, 2024 at 08:36:19PM +0300, Fedor Pchelkin wrote:
> > Btw, there is a "rsc-table" node->name check in the the end of the loop
> > body. It was added recently with commit 5e4c1243071d ("remoteproc:
> > imx_rproc: support remote cores booted before Linux Kernel"). Seems to me
> > it forgot that of_node_put() is called way before that.
> >
>
> I agree.
>
> > Also commit 61afafe8b938 ("remoteproc: imx_rproc: Fix refcount leak in
> > imx_rproc_addr_init") was dealing with the last of_node_put() call here
> > but it's still not in the right place I'd say.
> >
>
> You mean becaue of node->name being used after the last of_node_put() or is
Yes, this one. Only that node->name is used after the last of_node_put().
> there something else?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [lvc-project] [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init()
2024-06-11 16:45 ` Mathieu Poirier
2024-06-12 8:32 ` Fedor Pchelkin
@ 2024-06-12 13:20 ` Aleksandr Mishin
1 sibling, 0 replies; 7+ messages in thread
From: Aleksandr Mishin @ 2024-06-12 13:20 UTC (permalink / raw)
To: Mathieu Poirier, Fedor Pchelkin
Cc: imx, lvc-project, Shawn Guo, Bjorn Andersson, linux-remoteproc,
linux-kernel, Oleksij Rempel, Pengutronix Kernel Team,
Fabio Estevam, Sascha Hauer, linux-arm-kernel, Peng Fan
On 11.06.2024 19:45, Mathieu Poirier wrote:
> On Mon, Jun 10, 2024 at 08:36:19PM +0300, Fedor Pchelkin wrote:
>> On Mon, 10. Jun 10:47, Mathieu Poirier wrote:
>>> On Thu, Jun 06, 2024 at 10:52:04AM +0300, Aleksandr Mishin wrote:
>>>> In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts
>>>> number of phandles. But phandles may be empty. So of_parse_phandle() in
>>>> the parsing loop (0 < a < nph) may return NULL which is later dereferenced.
>>>> Adjust this issue by adding NULL-return check.
>>>>
>>>> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>>>>
>>>> Fixes: a0ff4aa6f010 ("remoteproc: imx_rproc: add a NXP/Freescale imx_rproc driver")
>>>> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
>>>> ---
>>>> drivers/remoteproc/imx_rproc.c | 2 ++
>>>> 1 file changed, 2 insertions(+)
>>>>
>>>> diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c
>>>> index 5a3fb902acc9..39eacd90af14 100644
>>>> --- a/drivers/remoteproc/imx_rproc.c
>>>> +++ b/drivers/remoteproc/imx_rproc.c
>>>> @@ -726,6 +726,8 @@ static int imx_rproc_addr_init(struct imx_rproc *priv,
>>>> struct resource res;
>>>>
>>>> node = of_parse_phandle(np, "memory-region", a);
>>>> + if (!node)
>>>
>>> You're missing an "of_node_put()" before continuing.
>>>
>>
>> The node is NULL in this case so of_node_put() is not needed..?
>
> Oh yeah, doing a of_node_put() with a NULL value is are really good idea...
>
> I will pickup this patch.
>
>>
>> Btw, there is a "rsc-table" node->name check in the the end of the loop
>> body. It was added recently with commit 5e4c1243071d ("remoteproc:
>> imx_rproc: support remote cores booted before Linux Kernel"). Seems to me
>> it forgot that of_node_put() is called way before that.
>>
>
> I agree.
>
>> Also commit 61afafe8b938 ("remoteproc: imx_rproc: Fix refcount leak in
>> imx_rproc_addr_init") was dealing with the last of_node_put() call here
>> but it's still not in the right place I'd say.
>>
>
> You mean becaue of node->name being used after the last of_node_put() or is
> there something else?
>
> Aleksandr - Can you send another patch for the above?
Patch is sent.
https://lore.kernel.org/all/20240612131714.12907-1-amishin@t-argos.ru/
>
> Thanks,
> Mathieu
>
>>>> + continue;
>>>> /* Not map vdevbuffer, vdevring region */
>>>> if (!strncmp(node->name, "vdev", strlen("vdev"))) {
>>>> of_node_put(node);
>>>> --
>>>> 2.30.2
>>>>
>>>>
--
Kind regards
Aleksandr
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-06-12 13:25 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-06 7:52 [PATCH] remoteproc: imx_rproc: Adjust phandle parsing issue while remapping optional addresses in imx_rproc_addr_init() Aleksandr Mishin
2024-06-06 8:42 ` Peng Fan
2024-06-10 16:47 ` Mathieu Poirier
2024-06-10 17:36 ` [lvc-project] " Fedor Pchelkin
2024-06-11 16:45 ` Mathieu Poirier
2024-06-12 8:32 ` Fedor Pchelkin
2024-06-12 13:20 ` Aleksandr Mishin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).