From c5866e62e48dc1f4b56074cebd1a1e9507bbf21c Mon Sep 17 00:00:00 2001 From: Janghyuck Kim Date: Wed, 22 Feb 2017 16:24:21 +0900 Subject: [PATCH] [COMMON] iommu/exynos: remove __initconst for sysmmu_of_match table KASAN reported use-after-free case like below. To avoid this case, __instconst is removed. BUG: KASAN: use-after-free in __of_match_node+0xb0/0x104 at addr ffffffc002653338 Read of size 1 by task kworker/u16:0/6 page:ffffffbdc00994c0 count:0 mapcount:0 mapping: (null) index:0x1 flags: 0x0() page dumped because: kasan: bad access detected .. < skip > .. Workqueue: deferwq deferred_probe_work_func Call trace: [] dump_backtrace+0x0/0x21c [] show_stack+0x14/0x1c [] dump_stack+0xa8/0xe8 [] kasan_report+0x468/0x484 [] __asan_report_load1_noabort+0x18/0x20 [] __of_match_node+0xb0/0x104 [] of_match_node+0x38/0x5c [] of_match_device+0x50/0x5c [] platform_match+0x9c/0x1c4 [] __device_attach_driver+0x100/0x180 [] bus_for_each_drv+0x15c/0x164 [] __device_attach+0x198/0x208 [] device_initial_probe+0x10/0x18 [] bus_probe_device+0x98/0x190 [] deferred_probe_work_func+0xd4/0xec [] process_one_work+0x978/0x1208 [] worker_thread+0x654/0x824 [] kthread+0x240/0x250 [] ret_from_fork+0x10/0x20 Memory state around the buggy address: Signed-off-by: Janghyuck Kim Change-Id: Ibc46808a38b0db3f9cc62a1e106022fa9383dd20 --- drivers/iommu/exynos-iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/exynos-iommu.c b/drivers/iommu/exynos-iommu.c index 87fb55682b55..9e10598bfa37 100644 --- a/drivers/iommu/exynos-iommu.c +++ b/drivers/iommu/exynos-iommu.c @@ -1067,7 +1067,7 @@ static const struct dev_pm_ops sysmmu_pm_ops = { SET_LATE_SYSTEM_SLEEP_PM_OPS(exynos_sysmmu_suspend, exynos_sysmmu_resume) }; -static const struct of_device_id sysmmu_of_match[] __initconst = { +static const struct of_device_id sysmmu_of_match[] = { { .compatible = "samsung,exynos-sysmmu", }, { }, }; -- 2.20.1