From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Tyrel Datwyler <tyreld@linux.vnet.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>
Subject: [PATCH 3.18 43/59] powerpc/pseries: Fix of_node_put() underflow during DLPAR remove
Date: Tue, 23 May 2017 22:10:11 +0200 [thread overview]
Message-ID: <20170523200852.694179180@linuxfoundation.org> (raw)
In-Reply-To: <20170523200849.241966497@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
commit 68baf692c435339e6295cb470ea5545cbc28160e upstream.
Historically struct device_node references were tracked using a kref embedded as
a struct field. Commit 75b57ecf9d1d ("of: Make device nodes kobjects so they
show up in sysfs") (Mar 2014) refactored device_nodes to be kobjects such that
the device tree could by more simply exposed to userspace using sysfs.
Commit 0829f6d1f69e ("of: device_node kobject lifecycle fixes") (Mar 2014)
followed up these changes to better control the kobject lifecycle and in
particular the referecne counting via of_node_get(), of_node_put(), and
of_node_init().
A result of this second commit was that it introduced an of_node_put() call when
a dynamic node is detached, in of_node_remove(), that removes the initial kobj
reference created by of_node_init().
Traditionally as the original dynamic device node user the pseries code had
assumed responsibilty for releasing this final reference in its platform
specific DLPAR detach code.
This patch fixes a refcount underflow introduced by commit 0829f6d1f6, and
recently exposed by the upstreaming of the recount API.
Messages like the following are no longer seen in the kernel log with this
patch following DLPAR remove operations of cpus and pci devices.
rpadlpar_io: slot PHB 72 removed
refcount_t: underflow; use-after-free.
------------[ cut here ]------------
WARNING: CPU: 5 PID: 3335 at lib/refcount.c:128 refcount_sub_and_test+0xf4/0x110
Fixes: 0829f6d1f69e ("of: device_node kobject lifecycle fixes")
Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
[mpe: Make change log commit references more verbose]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/dlpar.c | 1 -
1 file changed, 1 deletion(-)
--- a/arch/powerpc/platforms/pseries/dlpar.c
+++ b/arch/powerpc/platforms/pseries/dlpar.c
@@ -299,7 +299,6 @@ int dlpar_detach_node(struct device_node
if (rc)
return rc;
- of_node_put(dn); /* Must decrement the refcount */
return 0;
}
next prev parent reply other threads:[~2017-05-23 21:02 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-23 20:09 [PATCH 3.18 00/59] 3.18.55-stable review Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 01/59] USB: ene_usb6250: fix DMA to the stack Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 02/59] watchdog: pcwd_usb: fix NULL-deref at probe Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 03/59] char: lp: fix possible integer overflow in lp_setup() Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 04/59] USB: core: replace %p with %pK Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 05/59] dm btree: fix for dm_btree_find_lowest_key() Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 06/59] dm bufio: avoid a possible ABBA deadlock Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 07/59] dm thin metadata: call precommit before saving the roots Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 08/59] dm space map disk: fix some book keeping in the disk space map Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 09/59] mwifiex: pcie: fix cmd_buf use-after-free in remove/reset Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 11/59] regulator: tps65023: Fix inverted core enable logic Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 12/59] ath9k_htc: fix NULL-deref at probe Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 13/59] cdc-acm: fix possible invalid access when processing notification Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 14/59] of: fix sparse warning in of_pci_range_parser_one Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 15/59] of: fdt: add missing allocation-failure check Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 16/59] iio: dac: ad7303: fix channel description Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 17/59] pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 18/59] USB: serial: ftdi_sio: fix setting latency for unprivileged users Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 19/59] USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 20/59] usb: host: xhci-plat: propagate return value of platform_get_irq() Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 21/59] usb: host: xhci-mem: allocate zeroed Scratchpad Buffer Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 22/59] net: irda: irda-usb: fix firmware name on big-endian hosts Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 23/59] [media] usbvision: fix NULL-deref at probe Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 24/59] [media] mceusb: " Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 25/59] [media] ttusb2: limit messages to buffer size Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 26/59] usb: musb: tusb6010_omap: Do not reset the other directions packet size Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 27/59] USB: iowarrior: fix info ioctl on big-endian hosts Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 28/59] usb: serial: option: add Telit ME910 support Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 30/59] USB: serial: mct_u232: fix big-endian baud-rate handling Greg Kroah-Hartman
2017-05-23 20:09 ` [PATCH 3.18 31/59] USB: serial: io_ti: fix div-by-zero in set_termios Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 32/59] USB: hub: fix SS hub-descriptor handling Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 33/59] USB: hub: fix non-SS " Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 34/59] tty: Prevent ldisc drivers from re-using stale tty fields Greg Kroah-Hartman
2017-05-24 13:44 ` Alan Cox
2017-05-24 15:03 ` Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 36/59] iio: proximity: as3935: fix as3935_write Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 37/59] [media] gspca: konica: add missing endpoint sanity check Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 38/59] [media] s5p-mfc: Fix unbalanced call to clock management Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 39/59] [media] dib0700: fix NULL-deref at probe Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 40/59] [media] zr364xx: enforce minimum size when reading header Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 41/59] [media] cx231xx-cards: fix NULL-deref at probe Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 42/59] [media] cx231xx-audio: " Greg Kroah-Hartman
2017-05-23 20:10 ` Greg Kroah-Hartman [this message]
2017-05-23 20:10 ` [PATCH 3.18 44/59] ARM: dts: at91: sama5d3_xplained: fix ADC vref Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 45/59] ARM: dts: at91: sama5d3_xplained: not all ADC channels are available Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 46/59] arm64: uaccess: ensure extension of access_ok() addr Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 47/59] arm64: documentation: document tagged pointer stack constraints Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 48/59] xc2028: Fix use-after-free bug properly Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 49/59] mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 50/59] metag/uaccess: Fix access_ok() Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 51/59] metag/uaccess: Check access_ok in strncpy_from_user Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 52/59] stackprotector: Increase the per-task stack canarys random range from 32 bits to 64 bits on 64-bit platforms Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 53/59] uwb: fix device quirk on big-endian hosts Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 54/59] osf_wait4(): fix infoleak Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 55/59] tracing/kprobes: Enforce kprobes teardown after testing Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 56/59] PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 58/59] drivers: char: mem: Check for address space wraparound with mmap() Greg Kroah-Hartman
2017-05-23 20:10 ` [PATCH 3.18 59/59] usb: misc: legousbtower: Fix memory leak Greg Kroah-Hartman
[not found] ` <20170523211009.GX3956@linux.vnet.ibm.com>
2017-05-23 23:47 ` Use case for TASKS_RCU Steven Rostedt
2017-05-24 1:12 ` Paul E. McKenney
2017-05-24 15:45 ` [PATCH 3.18 00/59] 3.18.55-stable review Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170523200852.694179180@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpe@ellerman.id.au \
--cc=stable@vger.kernel.org \
--cc=tyreld@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).