Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3631565imm; Mon, 4 Jun 2018 06:55:57 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKC9M/+0uELXcDQCI8mIh/VRpGcUtEsIqlA6fuJ/Cylw5K9VTodrAy4p9Q2I8lc+idfDP1k X-Received: by 2002:a17:902:bb8a:: with SMTP id m10-v6mr13743990pls.236.1528120557455; Mon, 04 Jun 2018 06:55:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528120557; cv=none; d=google.com; s=arc-20160816; b=QOwwS0tZ5PdmMy2HoYyegFE3MNV9qWXyYCOqULoPJL9axiynFDJtqVZWl5AtusvDF5 qo3ZOc+N3Sw8/MTWRbIs+VxSySwwZ3SLdaIZ3luzchqiKueEQAIQ27rQJYCuYUR8jp1v dYvkuO4KKqQ5nxTN88O8UIYayzF+PoRQ6vwPFKBTF+KovChCdDhVTeCUoQO2nB5On2QJ PYKoxel1TONUnk/CvX3Wqxg5aMMolHz9Nu7Wd9h/jdcuMKPAzMWIpLLmRijOJtJILV/+ zFHhtBVf3XJw6qOofxIG9YpGb7hGj5F1kh62GHc4zErpn1rGwb1CkcXASFPGyShkSLns qzdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=SVKZ8ydeIT+3Hl1915LE9IGcq4iOPrfFxNTFj6076JU=; b=qelaVsX2BJYRYguAS9F5XGCWne+dkzi+T3IFONQky6rOjc/1tPtoCLfVizqillHIRG +BZSCIrnA5Zhq4TjLmARq9bZAQur/LjzlUKwJUNMBpvh+WAK6LgEFdZwErntAts7W6qZ 5DCeCF4apqnVpmjbQFhtBpILAqEfxTtOqSQdzwQDtXy+OC6w1kXguz/ee9nscO3QnZ8p 6n4Dx5ovXQ3ufpZqMJZrofKQzaEnr5f9AIvlcmdos56OeiNvBEw0Ch4sw63Kc9rD+Ls2 y+CyS2u3p3vmBmXQRBtJT9+v6PwKBDfCx8/PL+e0C8cOQfvjuKOtDLPOQcGiUDxC3Jgi YXmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kku/Yl0O; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n3-v6si45660820plp.550.2018.06.04.06.55.43; Mon, 04 Jun 2018 06:55:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kku/Yl0O; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753385AbeFDNy0 (ORCPT + 99 others); Mon, 4 Jun 2018 09:54:26 -0400 Received: from mail-wr0-f195.google.com ([209.85.128.195]:46923 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753063AbeFDNyY (ORCPT ); Mon, 4 Jun 2018 09:54:24 -0400 Received: by mail-wr0-f195.google.com with SMTP id v13-v6so32036742wrp.13 for ; Mon, 04 Jun 2018 06:54:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=SVKZ8ydeIT+3Hl1915LE9IGcq4iOPrfFxNTFj6076JU=; b=kku/Yl0OoJIYolbjeFnleuoxG7fLEdUkHr5J8wwbJjIKeTtyFVPj9OR6P173TSYbyP f8UzocTEQKhc4csb5L4hd78Idz02QzAkLvvur5TDCSs1YYqnPzpf4jfIwLH3XBNOWSap UFSblFsI1x0BZwNVxTXhg2TGv2f+hxBjIpXpQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=SVKZ8ydeIT+3Hl1915LE9IGcq4iOPrfFxNTFj6076JU=; b=sIQvjZSizJSJrfM8mbdOuIVXvd49YMd7GoU4ad3xx2yA6CEary+Xud/SxPJOyVcMUf buHnZ77KS8jYmy306w4KRYqAC/HFoXZHNSGq45Fgpscd9emnGzK2MLh9noiz/+jdN/yN XGBaXU+1tpxCmO5UZ9rbCZIRkleCgUK8ViffLW81r628L1g/abv/AotbO8nK9qwrYUP2 3RscEQE0BFoGQEY+kxxGCGoT2GDv/pZMOzsLcx5yQlwonFSMJXT5Og6Cp2FGDdHzNhXL k1LlS/AlHz2712rBF+8Zl1iHMsY0HCnv1BQ1TBbAvqiWDzrMSTu0R0tVBakLElONjs3s SsHA== X-Gm-Message-State: APt69E2s1U4+pu7SZl3aWkFZe6qcLqFjw3LSWmeAKyHlmE/6Bc3TNbJD uKd3JwjamR5ne4wgp8JOahaQXQ== X-Received: by 2002:a1c:c46:: with SMTP id 67-v6mr9646663wmm.79.1528120463011; Mon, 04 Jun 2018 06:54:23 -0700 (PDT) Received: from [192.168.0.18] (cpc90716-aztw32-2-0-cust92.18-1.cable.virginm.net. [86.26.100.93]) by smtp.googlemail.com with ESMTPSA id u4-v6sm309246wmc.1.2018.06.04.06.54.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Jun 2018 06:54:22 -0700 (PDT) Subject: Re: [PATCH v2] of: platform: stop accessing invalid dev in of_platform_device_destroy To: Rob Herring Cc: Frank Rowand , linux-arm-msm , Banajit Goswami , devicetree@vger.kernel.org, "linux-kernel@vger.kernel.org" , "moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE" , Rohit Kumar References: <20180602000343.20045-1-srinivas.kandagatla@linaro.org> From: Srinivas Kandagatla Message-ID: <467d5a5d-bb58-299e-a1fc-06e6974b7a0f@linaro.org> Date: Mon, 4 Jun 2018 14:54:21 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/06/18 14:44, Rob Herring wrote: > On Fri, Jun 1, 2018 at 7:03 PM, Srinivas Kandagatla > wrote: >> Immediately after the platform_device_unregister() the device will be cleaned up. >> Accessing the freed pointer immediately after that will crash the system. >> >> Found this bug when kernel is built with CONFIG_PAGE_POISONING and testing >> loading/unloading audio drivers in a loop on Qcom platforms. > > Curious, does the unittest not catch this too? > Not sure! >> >> Fix this by removing accessing the dev pointer. >> Below is the carsh trace: > > s/carsh/crash/ Yep. > > [...] > >> diff --git a/drivers/of/platform.c b/drivers/of/platform.c >> index c00d81dfac0b..84c5c899187b 100644 >> --- a/drivers/of/platform.c >> +++ b/drivers/of/platform.c >> @@ -529,10 +529,13 @@ arch_initcall_sync(of_platform_default_populate_init); >> >> int of_platform_device_destroy(struct device *dev, void *data) >> { >> + struct device_node *np; >> + >> /* Do not touch devices not populated from the device tree */ >> if (!dev->of_node || !of_node_check_flag(dev->of_node, OF_POPULATED)) >> return 0; >> >> + np = dev->of_node; >> /* Recurse for any nodes that were treated as busses */ >> if (of_node_check_flag(dev->of_node, OF_POPULATED_BUS)) >> device_for_each_child(dev, NULL, of_platform_device_destroy); >> @@ -544,8 +547,8 @@ int of_platform_device_destroy(struct device *dev, void *data) >> amba_device_unregister(to_amba_device(dev)); >> #endif >> >> - of_node_clear_flag(dev->of_node, OF_POPULATED); >> - of_node_clear_flag(dev->of_node, OF_POPULATED_BUS); > > Just move these 2 lines to before unregister calls. Make sense.. I will do that in v3. thanks, srini > >> + of_node_clear_flag(np, OF_POPULATED); >> + of_node_clear_flag(np, OF_POPULATED_BUS); >> return 0; >> } >> EXPORT_SYMBOL_GPL(of_platform_device_destroy); >> -- >> 2.16.2 >>