From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stepan Moskovchenko Subject: Re: [PATCH] of: Deep-copy names of platform devices Date: Tue, 12 Aug 2014 17:27:18 -0700 Message-ID: <53EAB0E6.2040204@codeaurora.org> References: <1407811356-24222-1-git-send-email-stepanm@codeaurora.org> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: Received: from smtp.codeaurora.org ([198.145.11.231]:50252 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752080AbaHMA1T (ORCPT ); Tue, 12 Aug 2014 20:27:19 -0400 In-Reply-To: Sender: linux-arm-msm-owner@vger.kernel.org List-Id: linux-arm-msm@vger.kernel.org To: Kumar Gala Cc: grant.likely@linaro.org, Rob Herring , devicetree-discuss@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org On 8/12/2014 9:12 AM, Kumar Gala wrote: > > On Aug 11, 2014, at 9:42 PM, Stepan Moskovchenko wrote: > >> When we parse the device tree and allocate platform >> devices, the 'name' of the newly-created platform_device >> is set to point to the 'name' field of the 'struct device' >> embedded within the platform_device. This is dangerous, >> because the name of the 'struct device' is dynamically >> allocated. Drivers may call dev_set_name() on the device, >> which will free and reallocate the name of the device, >> leaving the 'name' of the platform_device pointing to the >> now-freed memory. >> >> Furthermore, if the dev_set_name() call is made from a >> driver's probe() function and a subsequent request results >> in probe deferral, the dangling 'name' reference may lead >> to the device being re-probed using the wrong driver. >> >> To mitigate these scenarios, we use kstrdup to perform a >> deep copy of the device name when assigning the name of the >> platform_device, so that the platform_device name is >> unaffected by any calls to dev_set_name() that might made >> by drivers to rename the embedded 'struct device'. >> >> Signed-off-by: Stepan Moskovchenko >> --- >> I suppose creating a 'pdev_set_name' API may seem like >> another possibility, but I feel that dev.name and pdev.name >> have two different meanings. One is used for device/driver >> binding purposes, whereas the other serves a more general >> identification purpose, and is used for things like sysfs. >> Drivers might want to change dev.name while leaving the >> pdev.name alone. I guess yet another possibility would be >> to prohibit calling dev_set_name() on devices created from >> device tree, but a driver does not necessarily know how a >> given platform_device was allocated. >> >> drivers/of/device.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/of/device.c b/drivers/of/device.c >> index f685e55..fe5f025 100644 >> --- a/drivers/of/device.c >> +++ b/drivers/of/device.c >> @@ -54,7 +54,7 @@ int of_device_add(struct platform_device *ofdev) >> >> /* name and id have to be set so that the platform bus doesn't get >> * confused on matching */ >> - ofdev->name =3D dev_name(&ofdev->dev); >> + ofdev->name =3D kstrdup(dev_name(&ofdev->dev), GFP_KERNEL); >> ofdev->id =3D -1; >> >> /* device_add will assume that this device is on the same node as > > Don=92t we need to free this is of_device_unregister() now? > > - k > Argh. I was confused by the asymmetric naming of the APIs, but after=20 digging through the callers outside from drivers/of/, it looks like=20 things do eventually filter down to of_device_add() in all the cases I=20 could find. So yes, this does need to be fixed. Expect v2 soon. Thanks Steve --=20 The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum= , hosted by The Linux Foundation