Hi,
The new mtk-socinfo driver has a double put of the nvmem device used to
read the socinfo data. While fixing it, I rewrote the read function to
make better use of the device node and device relationship.
Patch 1 rewrites the cell read function in the mtk-socinfo so that no
resource leaks happen, and device lookup is more efficient.
Sidenote: I think the cell read function could be reworked a bit more
to return different error codes for different failure modes.
Patch 2 adds an extra socinfo entry for MT8183. It seems that some units
have chips that have this one. At least mine does.
Patch 3 drops the custom nvmem device name from the mtk-efuse driver.
This was previously used for nvmem device lookup, but on MT8183 with
two efuses, one would fail to probe due to this. Since after patch 1
this is no longer used, we can just drop it.
Please merge. On the MT8183 ChromeOS devices this currently crashes.
Thanks
ChenYu
Chen-Yu Tsai (3):
soc: mediatek: mtk-socinfo: Clean up NVMEM cell read
soc: mediatek: mtk-socinfo: Add extra entry for MT8183
nvmem: mtk-efuse: Drop NVMEM device name
drivers/nvmem/mtk-efuse.c | 1 -
drivers/soc/mediatek/mtk-socinfo.c | 17 +++++++++++------
2 files changed, 11 insertions(+), 7 deletions(-)
--
2.43.0.429.g432eaa2c6b-goog
The mtk-socinfo grabs the NVMEM device devm_nvmem_device_get(), but then
proceeds to put the device directly with nvmem_device_put() if the read
is successful. If the device fails to probe and goes through the devres
release path, the device would be put a second time, triggering a
use-after-free error from KASAN.
Fix this by dropping the devres part. Since the NVMEM cell data is read
only once, there is no need to keep the reference around.
While at it, clean up the function to directly reference the NVMEM
device node and use that to find the NVMEM device, instead of finding it
by name, which is more fragile. The cell node is always a direct child
of the NVMEM device node, courtesy of the legacy NVMEM cell layout. Thus
of_get_child_by_name() is a better way of finding the cell. Last,
correctly put the device node once its use is over.
Fixes: 423a54da3c7e ("soc: mediatek: mtk-socinfo: Add driver for getting chip information")
Signed-off-by: Chen-Yu Tsai <[email protected]>
---
drivers/soc/mediatek/mtk-socinfo.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/soc/mediatek/mtk-socinfo.c b/drivers/soc/mediatek/mtk-socinfo.c
index 0094f43e1e08..3909d22062ce 100644
--- a/drivers/soc/mediatek/mtk-socinfo.c
+++ b/drivers/soc/mediatek/mtk-socinfo.c
@@ -9,6 +9,7 @@
#include <linux/pm_runtime.h>
#include <linux/nvmem-consumer.h>
#include <linux/device.h>
+#include <linux/device/bus.h>
#include <linux/debugfs.h>
#include <linux/seq_file.h>
#include <linux/string.h>
@@ -82,25 +83,28 @@ static int mtk_socinfo_create_socinfo_node(struct mtk_socinfo *mtk_socinfop)
static u32 mtk_socinfo_read_cell(struct device *dev, const char *name)
{
struct nvmem_device *nvmemp;
- struct device_node *np = dev->of_node;
+ struct device_node *np, *nvmem_node = dev->parent->of_node;
u32 offset;
u32 cell_val = CELL_NOT_USED;
- nvmemp = devm_nvmem_device_get(dev, "mtk-efuse0");
+ /* should never fail since the nvmem driver registers this child */
+ nvmemp = nvmem_device_find(nvmem_node, device_match_of_node);
if (IS_ERR(nvmemp))
goto out;
- np = of_find_node_by_name(NULL, name);
+ np = of_get_child_by_name(nvmem_node, name);
if (!np)
- goto out;
+ goto put_device;
if (of_property_read_u32_index(np, "reg", 0, &offset))
- goto out;
+ goto put_node;
nvmem_device_read(nvmemp, offset, sizeof(cell_val), &cell_val);
+put_node:
+ of_node_put(np);
+put_device:
nvmem_device_put(nvmemp);
-
out:
return cell_val;
}
--
2.43.0.429.g432eaa2c6b-goog
Il 30/01/24 10:56, Chen-Yu Tsai ha scritto:
> The mtk-socinfo grabs the NVMEM device devm_nvmem_device_get(), but then
> proceeds to put the device directly with nvmem_device_put() if the read
> is successful. If the device fails to probe and goes through the devres
> release path, the device would be put a second time, triggering a
> use-after-free error from KASAN.
>
> Fix this by dropping the devres part. Since the NVMEM cell data is read
> only once, there is no need to keep the reference around.
>
> While at it, clean up the function to directly reference the NVMEM
> device node and use that to find the NVMEM device, instead of finding it
> by name, which is more fragile. The cell node is always a direct child
> of the NVMEM device node, courtesy of the legacy NVMEM cell layout. Thus
> of_get_child_by_name() is a better way of finding the cell. Last,
> correctly put the device node once its use is over.
>
> Fixes: 423a54da3c7e ("soc: mediatek: mtk-socinfo: Add driver for getting chip information")
> Signed-off-by: Chen-Yu Tsai <[email protected]>
Reviewed-by: AngeloGioacchino Del Regno <[email protected]>
On Tue, 30 Jan 2024 17:56:50 +0800, Chen-Yu Tsai wrote:
> The new mtk-socinfo driver has a double put of the nvmem device used to
> read the socinfo data. While fixing it, I rewrote the read function to
> make better use of the device node and device relationship.
>
> Patch 1 rewrites the cell read function in the mtk-socinfo so that no
> resource leaks happen, and device lookup is more efficient.
>
> [...]
Applied to v6.8-next/soc, thanks!
[1/3] soc: mediatek: mtk-socinfo: Clean up NVMEM cell read
commit: 82e5d7d793e8aef1275dae266427cf048a7459d6
[2/3] soc: mediatek: mtk-socinfo: Add extra entry for MT8183
commit: 54d21dea6a6c117f3cab4caa1f9c3ffafb515dd6
Cheers,
Angelo
On Tue, 30 Jan 2024 17:56:50 +0800, Chen-Yu Tsai wrote:
> The new mtk-socinfo driver has a double put of the nvmem device used to
> read the socinfo data. While fixing it, I rewrote the read function to
> make better use of the device node and device relationship.
>
> Patch 1 rewrites the cell read function in the mtk-socinfo so that no
> resource leaks happen, and device lookup is more efficient.
>
> [...]
Applied, thanks!
[3/3] nvmem: mtk-efuse: Drop NVMEM device name
commit: eadaa6f9aaf682b1840bf08a8320907de4e32d50
Best regards,
--
Srinivas Kandagatla <[email protected]>