projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: beab47d) | patch
drivers/of: Validate device node in __unflatten_device_tree()
authorGavin Shan <gwshan@linux.vnet.ibm.com>
Mon, 1 Aug 2016 07:17:53 +0000 (17:17 +1000)
committerRob Herring <robh@kernel.org>
Tue, 9 Aug 2016 17:36:27 +0000 (12:36 -0500)
commit89c67752ae4dedc1244344b266c837ddb4053ebd
treeae9005a1f0b5d4ff191da7907da4dc347332bc47tree | snapshot (tar.gz zip)
parentbeab47d55b883e85bec7771a899ac791c6f92c80commit | diff
drivers/of: Validate device node in __unflatten_device_tree()

@mynodes is set to NULL when __unflatten_device_tree() is called
to unflatten device sub-tree in PCI hot add scenario on PowerPC
PowerNV platform. Marking @mynodes detached unconditionally causes
kernel crash as below backtrace shows:

Unable to handle kernel paging request for data at address 0x00000000
Faulting instruction address: 0xc000000000b26f64
cpu 0x0: Vector: 300 (Data Access) at [c000003fcc7cf740]
    pc: c000000000b26f64: __unflatten_device_tree+0xf4/0x190
    lr: c000000000b26f40: __unflatten_device_tree+0xd0/0x190
    sp: c000003fcc7cf9c0
   msr: 900000000280b033
   dar: 0
 dsisr: 40000000
  current = 0xc000003fcc281680
  paca    = 0xc00000000ff00000  softe: 0  irq_happened: 0x01
    pid   = 2724, comm = sh
Linux version 4.7.0-gavin-07754-g92a6836 (gwshan@gwshan) (gcc version \
4.9.3 (Buildroot 2016.02-rc2-00093-g5ea3bce) ) #539 SMP Mon Aug 1 \
12:40:29 AEST 2016
enter ? for help
[c000003fcc7cfa50c000000000b27060 of_fdt_unflatten_tree+0x60/0x90
[c000003fcc7cfaa0c0000000004c6288 pnv_php_set_slot_power_state+0x118/0x440
[c000003fcc7cfb80c0000000004c6a10 pnv_php_enable+0xc0/0x170
[c000003fcc7cfbd0c0000000004c4d80 power_write_file+0xa0/0x190
[c000003fcc7cfc50c0000000004be93c pci_slot_attr_store+0x3c/0x60
[c000003fcc7cfc70c0000000002d3fd4 sysfs_kf_write+0x94/0xc0
[c000003fcc7cfcb0c0000000002d2c30 kernfs_fop_write+0x180/0x260
[c000003fcc7cfd00c000000000230fe0 __vfs_write+0x40/0x190
[c000003fcc7cfd90c000000000232278 vfs_write+0xc8/0x240
[c000003fcc7cfde0c000000000233d90 SyS_write+0x60/0x110
[c000003fcc7cfe30c000000000009524 system_call+0x38/0x108

This avoids the kernel crash by marking @mynodes detached only when
@mynodes is dereferencing valid device node in __unflatten_device_tree().

Fixes: 1d1bde550ea3 ("of: fdt: mark unflattened tree as detached")
Reported-by: Meng Li <shlimeng@cn.ibm.com>
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Rob Herring <robh@kernel.org>
drivers/of/fdt.c diff | blob | blame | history