From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8E1BC43612 for ; Tue, 8 Jan 2019 20:09:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 86B2020660 for ; Tue, 8 Jan 2019 20:09:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1546978190; bh=YaT1tGfXdBj9KomnnX0NcNptWWp0E2WfpRcig9w1rI4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=AZTVlBmKKJrWjMkvhn6LVCz2X96/JkRlqRuH/i9/6JbiYhGsAVkh762jB/ANFyKNb 5xSUurRhgJ7NanxzIS4JP0GwpySIJhL/t8oBVo3L1kUSjN1FBjLH0QBz8hF36K9sWw Ah8o35bQH/8TbIhXFuvqD8M49WV73ND584mQeTXs= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729328AbfAHT0z (ORCPT ); Tue, 8 Jan 2019 14:26:55 -0500 Received: from mail.kernel.org ([198.145.29.99]:60888 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729148AbfAHT0u (ORCPT ); Tue, 8 Jan 2019 14:26:50 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2E55B20883; Tue, 8 Jan 2019 19:26:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1546975609; bh=YaT1tGfXdBj9KomnnX0NcNptWWp0E2WfpRcig9w1rI4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=A25w9AC0sTevGT6VrZBeQzImq+8HvmmhVRYs5zi+4YNZROIAYRYQ9FYrEX934WLNx +e1r8BVCLyko9OZWbHYL+xBuoIMWYKQI2CJfFMKUUrCy3zH85BffmCcZr0ajOePO9d 9nqOmXajh4dIJTgBzCt8xugFztXzi/+qkzJ4IyCE= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Frank Rowand , Sasha Levin , devicetree@vger.kernel.org Subject: [PATCH AUTOSEL 4.20 012/117] of: overlay: add missing of_node_put() after add new node to changeset Date: Tue, 8 Jan 2019 14:24:40 -0500 Message-Id: <20190108192628.121270-12-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190108192628.121270-1-sashal@kernel.org> References: <20190108192628.121270-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Frank Rowand [ Upstream commit 7c528e457d53c75107d5aa56892316d265c778de ] The refcount of a newly added overlay node decrements to one (instead of zero) when the overlay changeset is destroyed. This change will cause the final decrement be to zero. After applying this patch, new validation warnings will be reported from the devicetree unittest during boot due to a pre-existing devicetree bug. The warnings will be similar to: OF: ERROR: memory leak before free overlay changeset, /testcase-data/overlay-node/test-bus/test-unittest4 This pre-existing devicetree bug will also trigger a WARN_ONCE() from refcount_sub_and_test_checked() when an overlay changeset is destroyed without having first been applied. This scenario occurs when an error in the overlay is detected during the overlay changeset creation: WARNING: CPU: 0 PID: 1 at lib/refcount.c:187 refcount_sub_and_test_checked+0xa8/0xbc refcount_t: underflow; use-after-free. (unwind_backtrace) from (show_stack+0x10/0x14) (show_stack) from (dump_stack+0x6c/0x8c) (dump_stack) from (__warn+0xdc/0x104) (__warn) from (warn_slowpath_fmt+0x44/0x6c) (warn_slowpath_fmt) from (refcount_sub_and_test_checked+0xa8/0xbc) (refcount_sub_and_test_checked) from (kobject_put+0x24/0x208) (kobject_put) from (of_changeset_destroy+0x2c/0xb4) (of_changeset_destroy) from (free_overlay_changeset+0x1c/0x9c) (free_overlay_changeset) from (of_overlay_remove+0x284/0x2cc) (of_overlay_remove) from (of_unittest_apply_revert_overlay_check.constprop.4+0xf8/0x1e8) (of_unittest_apply_revert_overlay_check.constprop.4) from (of_unittest_overlay+0x960/0xed8) (of_unittest_overlay) from (of_unittest+0x1cc4/0x2138) (of_unittest) from (do_one_initcall+0x4c/0x28c) (do_one_initcall) from (kernel_init_freeable+0x29c/0x378) (kernel_init_freeable) from (kernel_init+0x8/0x110) (kernel_init) from (ret_from_fork+0x14/0x2c) Tested-by: Alan Tull Signed-off-by: Frank Rowand Signed-off-by: Sasha Levin --- drivers/of/overlay.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c index 42b1f73ac5f6..1e058196f23f 100644 --- a/drivers/of/overlay.c +++ b/drivers/of/overlay.c @@ -378,7 +378,9 @@ static int add_changeset_node(struct overlay_changeset *ovcs, if (ret) return ret; - return build_changeset_next_level(ovcs, tchild, node); + ret = build_changeset_next_level(ovcs, tchild, node); + of_node_put(tchild); + return ret; } if (node->phandle && tchild->phandle) -- 2.19.1