Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754353AbbBEUnQ (ORCPT ); Thu, 5 Feb 2015 15:43:16 -0500 Received: from mail-wi0-f182.google.com ([209.85.212.182]:46836 "EHLO mail-wi0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754016AbbBEUnM (ORCPT ); Thu, 5 Feb 2015 15:43:12 -0500 Message-ID: <1423168988.5723.38.camel@gmail.com> Subject: Re: [PATCH 1/2] clk: Fix __clk_get access to already freed owner field. From: Alban Browaeys To: Stephen Boyd Cc: Tomeu Vizoso , Mike Turquette , linux-kernel@vger.kernel.org Date: Thu, 05 Feb 2015 21:43:08 +0100 In-Reply-To: <54D3C4E0.80608@codeaurora.org> References: <1423160690-7853-1-git-send-email-prahal@yahoo.com> <54D3C4E0.80608@codeaurora.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.9-1+b1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 15416 Lines: 226 Le jeudi 05 février 2015 à 11:30 -0800, Stephen Boyd a écrit : > > Signed-off-by: Alban Browaeys > > --- > > drivers/clk/clk.c | 17 +++++++++-------- > > 1 file changed, 9 insertions(+), 8 deletions(-) > > > > diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c > > index df94668..8f33722 100644 > > --- a/drivers/clk/clk.c > > +++ b/drivers/clk/clk.c > > @@ -2485,15 +2485,18 @@ EXPORT_SYMBOL_GPL(clk_register); > > */ > > static void __clk_release(struct kref *ref) > > { > > - struct clk_core *clk = container_of(ref, struct clk_core, ref); > > - int i = clk->num_parents; > > + struct clk_core *core = container_of(ref, struct clk_core, ref); > > + struct clk *clk = container_of(&core, struct clk, core); > > How does this work? struct clk_core doesn't have a struct clk inside it. > Seems I am confused. The aim is to get the clk struct from its core field. If I cannot do that from within __clk_release , this fix is doomed. > > + int i = core->num_parents; > > > > - kfree(clk->parents); > > + kfree(core->parents); > > while (--i >= 0) > > - kfree_const(clk->parent_names[i]); > > + kfree_const(core->parent_names[i]); > > We don't have kfree_const() in the clk-next tree so please resend based > on clk-next, not linux-next. > I will do after we confirmed there is a way to get to clk from clk_core. Otherwise the fix makes no sense. > I'm still confused. Care to send the actual backtrace and describe which > hardware you're running on (perhaps some dts file to look at)? > This is the initial oops before any change (based on linux-next 20150204). [ 7.264186] Unable to handle kernel paging request at virtual address 6b6b6b77 [ 7.270206] pgd = eb0b4000 [ 7.272809] [6b6b6b77] *pgd=00000000 [ 7.276466] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 7.281667] Modules linked in: exynosdrm(+) drm_kms_helper phy_exynos_usb2 fuse [ 7.288950] CPU: 1 PID: 98 Comm: systemd-modules Not tainted 3.19.0-rc7-next-20150204-00052-g1059e6a #91 [ 7.298424] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) [ 7.304488] task: ebae3c00 ti: eb0bc000 task.ti: eb0bc000 [ 7.309888] PC is at __clk_get+0x30/0xa0 [ 7.313781] LR is at of_clk_get_by_clkspec+0x38/0x54 [ 7.318722] pc : [] lr : [] psr: 200d0053 [ 7.318722] sp : eb0bdbb0 ip : eb0bdbc8 fp : eb0bdbc4 [ 7.330187] r10: 00000006 r9 : 00000001 r8 : 00000000 [ 7.335398] r7 : eb0bdbf8 r6 : 00000000 r5 : ee5c7d80 r4 : 6b6b6b6b [ 7.341913] r3 : 00000001 r2 : 00000011 r1 : ee0b7004 r0 : ee0ff600 [ 7.341923] Flags: nzCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment user [ 7.341927] Control: 10c5387d Table: 6b0b404a DAC: 00000015 [ 7.341931] Process systemd-modules (pid: 98, stack limit = 0xeb0bc218) [ 7.341934] Stack: (0xeb0bdbb0 to 0xeb0be000) [ 7.341939] dba0: 00000001 ee0ff600 eb0bdbdc eb0bdbc8 [ 7.341945] dbc0: c055231c c0556074 00000001 ed834850 eb0bdc6c eb0bdbe0 c0558528 c05522f0 [ 7.341950] dbe0: eb0bdbf8 c01cc560 eb3e4710 ee2b4200 eb0bdc14 c01ced00 ee5e0d3c 00000001 [ 7.341956] dc00: 00000011 ee2b4200 eb0bdc34 eb3e4900 00000000 c08c5790 ee2b4200 eb3e4700 [ 7.341962] dc20: 00000001 00000006 eb0bdc5c eb0bdc38 c01ced00 c01cb2d0 ed834850 00000000 [ 7.341968] dc40: ed834858 ed834850 ed834850 bf06c0b4 c0aa82b8 00000000 bf06c0b4 00000006 [ 7.341974] dc60: eb0bdc8c eb0bdc70 c044213c c0558474 ed834850 c0b61248 c0b61254 c0aa82b8 [ 7.341979] dc80: eb0bdcc4 eb0bdc90 c043ff34 c0442120 00000000 bf0631f0 e9c3b700 ed834850 [ 7.341985] dca0: bf06c0b4 ed834884 00000000 bf0631f0 e9c3b700 c0a4f40c eb0bdce4 eb0bdcc8 [ 7.341991] dcc0: c044020c c043fdc8 00000000 00000000 bf06c0b4 c0440194 eb0bdd0c eb0bdce8 [ 7.341997] dce0: c043ded8 c04401a0 ee284e38 ed830900 c06f5728 bf06c0b4 eb1477c0 c0a87448 [ 7.342003] dd00: eb0bdd1c eb0bdd10 c043fa14 c043de88 eb0bdd44 eb0bdd20 c043f460 c043f9f4 [ 7.342009] dd20: bf069280 eb0bdd30 bf06c0b4 00000000 bf0631e8 bf06c388 eb0bdd5c eb0bdd48 [ 7.342014] dd40: c0440bfc c043f370 00000001 00000000 eb0bdd6c eb0bdd60 c0442094 c0440b50 [ 7.342020] dd60: eb0bddbc eb0bdd70 bf04ca08 c044203c 00000000 bf065090 ffffffff 00000000 [ 7.342026] dd80: 00000000 00000000 00000000 00000000 00000000 00000000 c0a53b20 bf06c208 [ 7.342031] dda0: c0a53b20 bf04c950 00000000 c0a53b20 eb0bde4c eb0bddc0 c0008b28 bf04c95c [ 7.342037] ddc0: 0010000f 00000000 eb0bddec eb0bddd8 c00504f4 c006dde0 eb0bc000 00000000 [ 7.342043] dde0: ee002140 000000d0 c06ed170 0000000c c0a50600 00000000 eb0bde4c eb0bde08 [ 7.342049] de00: c01541d8 c0153934 eb0bc008 eb0bde08 00000000 eb0bc008 ee002140 dc8cb100 [ 7.342055] de20: 00000001 bf06c208 00000001 e9c3b600 e9c3bb00 00000001 163c451c e9c3bb08 [ 7.342060] de40: eb0bde74 eb0bde50 c06ed1ac c00089ec eb0bde74 eb0bde60 c014496c eb0bdf48 [ 7.342066] de60: 00000001 bf06c208 eb0bdf3c eb0bde78 c00af61c c06ed148 bf06c214 00007fff [ 7.342072] de80: c00ac6a8 eb0bdf48 eb0bdeb4 f0473db8 00000780 00000777 f0473e84 bf06c214 [ 7.342078] dea0: bf06c378 b6e609f8 bf06c250 c0a4f40c c00ad024 c0169924 00000000 00000000 [ 7.342084] dec0: bf063194 00000009 00000000 00000000 6e72656b 00006c65 00000000 00000000 [ 7.342089] dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 7.342095] df00: 00000000 00000000 00000000 dc8cb100 eb0bdf2c 00000000 00000006 b6e609f8 [ 7.342100] df20: 0000017b c000fb64 eb0bc000 00000000 eb0bdfa4 eb0bdf40 c00afdec c00ada4c [ 7.342106] df40: c0180738 00000000 f0454000 002bb414 f070ec6c f066643f f066dd80 00020390 [ 7.342112] df60: 00026450 bf06c1f0 00000001 00000000 0000002f 00000030 0000001a 00000000 [ 7.342118] df80: 00000008 00000000 00000000 b6e617d4 00028948 39980800 00000000 eb0bdfa8 [ 7.342124] dfa0: c000f9c0 c00afd54 b6e617d4 00028948 00000006 b6e609f8 00000000 b6e6131c [ 7.342129] dfc0: b6e617d4 00028948 39980800 0000017b 00020000 00015964 00015f34 0002e640 [ 7.342135] dfe0: beb38268 beb38258 b6e5ac4b b6f03d42 600d0070 00000006 5a5a5a5a 5a5a5a5a [ 7.342150] [] (__clk_get) from [] (of_clk_get_by_clkspec+0x38/0x54) [ 7.342162] [] (of_clk_get_by_clkspec) from [] (of_clk_set_defaults+0xc0/0x2ec) [ 7.342171] [] (of_clk_set_defaults) from [] (platform_drv_probe+0x28/0xb0) [ 7.342185] [] (platform_drv_probe) from [] (driver_probe_device+0x178/0x384) [ 7.342193] [] (driver_probe_device) from [] (__driver_attach+0x78/0x9c) [ 7.342201] [] (__driver_attach) from [] (bus_for_each_dev+0x5c/0xb4) [ 7.342208] [] (bus_for_each_dev) from [] (driver_attach+0x2c/0x30) [ 7.342215] [] (driver_attach) from [] (bus_add_driver+0xfc/0x228) [ 7.342222] [] (bus_add_driver) from [] (driver_register+0xb8/0xf8) [ 7.342231] [] (driver_register) from [] (__platform_driver_register+0x64/0x6c) [ 7.342326] [] (__platform_driver_register) from [] (exynos_drm_init+0xb8/0x1d0 [exynosdrm]) [ 7.342363] [] (exynos_drm_init [exynosdrm]) from [] (do_one_initcall+0x148/0x224) [ 7.342376] [] (do_one_initcall) from [] (do_init_module+0x70/0x1bc) [ 7.342390] [] (do_init_module) from [] (load_module+0x1bdc/0x21f0) [ 7.342399] [] (load_module) from [] (SyS_finit_module+0xa4/0xb4) [ 7.342409] [] (SyS_finit_module) from [] (ret_fast_syscall+0x0/0x34) [ 7.342415] Code: e89da818 e5904000 e3540000 0afffffa (e594000c) [ 7.342464] ---[ end trace d90d42eb4fbac408 ]--- dts with the offending fimc nodes arch/arm/boot/dts/exynos4412-odroid-common.dtsi in linus master and linux-next. another version of the oops with added pr_warn before calls to of_clk_get_by_clkspec : - __set_clk_parents: Assigned clk parents clk: try to get parent clock this before the assigned-clock-parents is sent to of_clk_get_by_clkspec in __set_clk_parents - __set_clk_parents: Assigned clocks clk: try to get parent clock this before the assigned-clocks is sent to of_clk_get_by_clkspec in __set_clk_parents - __set_clk_rates Assigned clocks clk: couldn't clock this before the assigned-clocks is sent to of_clk_get_by_clkspec in __set_clk_rates [ 7.212207] s5p-g2d 10800000.g2d: The exynos g2d(ver 4.1) successfully probed [ 7.215130] __set_clk_parents: Assigned clk parents clk: try to get parent clock 0 for /camera/fimc@11800000 [ 7.224297] __set_clk_parents: Assigned clocks clk: try to get parent clock 0 for /camera/fimc@11800000 [ 7.233505] __set_clk_rates Assigned clocks clk: couldn't get clock 1 for /camera/fimc@11800000 [ 7.241902] cam-power-domain: Power-on latency exceeded, new value 369958 ns [ 7.249084] __set_clk_parents: Assigned clk parents clk: try to get parent clock 0 for /camera/fimc@11810000 [ 7.258246] Unable to handle kernel paging request at virtual address 6b6b6b77 [ 7.265425] pgd = eb114000 [ 7.268067] [6b6b6b77] *pgd=00000000 [ 7.271625] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 7.276922] Modules linked in: exynosdrm(+) drm_kms_helper phy_exynos_usb2 fuse [ 7.284209] CPU: 1 PID: 100 Comm: systemd-modules Not tainted 3.19.0-rc7-next-20150204-00056-g37e6c6e-dirty #106 [ 7.294382] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) [ 7.300447] task: ebad4b00 ti: eb094000 task.ti: eb094000 [ 7.300462] PC is at __clk_get+0x30/0xa0 [ 7.300467] LR is at of_clk_get_by_clkspec+0x38/0x54 [ 7.300471] pc : [] lr : [] psr: 200e0053 [ 7.300471] sp : eb095bb0 ip : eb095bc8 fp : eb095bc4 [ 7.300474] r10: 00000007 r9 : bf06c0a8 r8 : 00000000 [ 7.300477] r7 : 00000001 r6 : 00000000 r5 : ed850850 r4 : 6b6b6b6b [ 7.300480] r3 : 00000000 r2 : 00000011 r1 : ee0b7004 r0 : ee0ff600 [ 7.300484] Flags: nzCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment user [ 7.300487] Control: 10c5387d Table: 6b11404a DAC: 00000015 [ 7.300491] Process systemd-modules (pid: 100, stack limit = 0xeb094218) [ 7.300494] Stack: (0xeb095bb0 to 0xeb096000) [ 7.300499] 5ba0: 00000000 ee0ff600 eb095bdc eb095bc8 [ 7.300505] 5bc0: c055230c c0556064 00000000 ee5c7d80 eb095c6c eb095be0 c055852c c05522e0 [ 7.300511] 5be0: eb095bf8 c01cc560 eb2a4310 ed847200 eb095c14 c01ced00 ee5e0d3c 00000001 [ 7.300516] 5c00: 00000011 ed847200 eb095c34 eb2a4100 00000000 c08c6798 ed847200 eb2a4300 [ 7.300522] 5c20: 00000001 00000007 eb095c5c eb095c38 c01ced00 c01cb2d0 ed850850 00000000 [ 7.300527] 5c40: ed850858 ed850850 ed850850 bf06c0a8 c0aa82b8 00000000 bf06c0a8 00000007 [ 7.300533] 5c60: eb095c8c eb095c70 c044212c c0558464 ed850850 c0b61248 c0b61254 c0aa82b8 [ 7.300539] 5c80: eb095cc4 eb095c90 c043ff24 c0442110 00000000 bf0631e4 eb389700 ed850850 [ 7.300545] 5ca0: bf06c0a8 ed850884 00000000 bf0631e4 eb389700 c0a4f40c eb095ce4 eb095cc8 [ 7.300550] 5cc0: c04401fc c043fdb8 00000000 00000000 bf06c0a8 c0440184 eb095d0c eb095ce8 [ 7.300556] 5ce0: c043dec8 c0440190 ee284e38 ed84e900 c06f5750 bf06c0a8 eb08dcc0 c0a87448 [ 7.300562] 5d00: eb095d1c eb095d10 c043fa04 c043de78 eb095d44 eb095d20 c043f450 c043f9e4 [ 7.300568] 5d20: bf069274 eb095d30 bf06c0a8 00000000 bf0631dc bf06c378 eb095d5c eb095d48 [ 7.300574] 5d40: c0440bec c043f360 00000001 00000000 eb095d6c eb095d60 c0442084 c0440b40 [ 7.300580] 5d60: eb095dbc eb095d70 bf04ca08 c044202c 00000000 bf065084 ffffffff 00000000 [ 7.300585] 5d80: 00000000 00000000 00000000 00000000 00000000 00000000 c0a53b20 bf06c1f8 [ 7.300591] 5da0: c0a53b20 bf04c950 00000000 c0a53b20 eb095e4c eb095dc0 c0008b28 bf04c95c [ 7.300597] 5dc0: 0010000f 00000000 eb095dec eb095dd8 c00504f4 c006dde0 eb094000 00000000 [ 7.300602] 5de0: ee002140 000000d0 c06ed198 0000000c c0a50600 00000002 eb095e4c eb095e08 [ 7.300608] 5e00: c01541d8 c0153934 eb094008 eb095e08 00000002 eb094008 ee002140 dc8cb100 [ 7.300614] 5e20: 00000001 bf06c1f8 00000001 ebb3cf00 eb389300 00000001 14c76d1c eb389308 [ 7.300620] 5e40: eb095e74 eb095e50 c06ed1d4 c00089ec eb095e74 eb095e60 c014496c eb095f48 [ 7.300626] 5e60: 00000001 bf06c1f8 eb095f3c eb095e78 c00af61c c06ed170 bf06c204 00007fff [ 7.300632] 5e80: c00ac6a8 eb095f48 eb095eb4 f0473db8 00000780 00000777 f0473e84 bf06c204 [ 7.300637] 5ea0: bf06c368 b6df59f8 bf06c240 c0a4f40c c00ad024 c0169924 00000000 00000000 [ 7.300643] 5ec0: bf063188 00000009 00000000 00000000 6e72656b 00006c65 00000000 00000000 [ 7.300648] 5ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 7.300654] 5f00: 00000000 00000000 00000000 dc8cb100 eb095f2c 00000000 00000006 b6df59f8 [ 7.300660] 5f20: 0000017b c000fb64 eb094000 00000000 eb095fa4 eb095f40 c00afdec c00ada4c [ 7.300666] 5f40: c0180738 00000000 f0454000 002bb374 f070ebcc f06663c5 f066dd08 00020380 [ 7.300672] 5f60: 00026440 bf06c1e0 00000001 00000000 0000002f 00000030 0000001a 00000000 [ 7.300677] 5f80: 00000008 00000000 00000000 b6df67d4 00028948 1747b100 00000000 eb095fa8 [ 7.300683] 5fa0: c000f9c0 c00afd54 b6df67d4 00028948 00000006 b6df59f8 00000000 b6df631c [ 7.300689] 5fc0: b6df67d4 00028948 1747b100 0000017b 00020000 00015964 00015f34 0002e640 [ 7.300695] 5fe0: bebf0268 bebf0258 b6defc4b b6e98d42 600d0070 00000006 5a5a5a5a 5a5a5a5a [ 7.300706] [] (__clk_get) from [] (of_clk_get_by_clkspec+0x38/0x54) [ 7.300717] [] (of_clk_get_by_clkspec) from [] (of_clk_set_defaults+0xd4/0x324) [ 7.300726] [] (of_clk_set_defaults) from [] (platform_drv_probe+0x28/0xb0) [ 7.300739] [] (platform_drv_probe) from [] (driver_probe_device+0x178/0x384) [ 7.300747] [] (driver_probe_device) from [] (__driver_attach+0x78/0x9c) [ 7.300755] [] (__driver_attach) from [] (bus_for_each_dev+0x5c/0xb4) [ 7.300762] [] (bus_for_each_dev) from [] (driver_attach+0x2c/0x30) [ 7.300769] [] (driver_attach) from [] (bus_add_driver+0xfc/0x228) [ 7.300776] [] (bus_add_driver) from [] (driver_register+0xb8/0xf8) [ 7.300785] [] (driver_register) from [] (__platform_driver_register+0x64/0x6c) [ 7.300872] [] (__platform_driver_register) from [] (exynos_drm_init+0xb8/0x1d0 [exynosdrm]) [ 7.300905] [] (exynos_drm_init [exynosdrm]) from [] (do_one_initcall+0x148/0x224) [ 7.300918] [] (do_one_initcall) from [] (do_init_module+0x70/0x1bc) [ 7.300931] [] (do_init_module) from [] (load_module+0x1bdc/0x21f0) [ 7.300939] [] (load_module) from [] (SyS_finit_module+0xa4/0xb4) [ 7.300950] [] (SyS_finit_module) from [] (ret_fast_syscall+0x0/0x34) [ 7.300956] Code: e89da818 e5904000 e3540000 0afffffa (e594000� Best regards, Alban -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/