Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1730104imu; Thu, 13 Dec 2018 22:44:22 -0800 (PST) X-Google-Smtp-Source: AFSGD/UMm3BH4/iuZbhuK7Uo8XnnKhsUAC6NilD7/xBmOTZvp3pVrtOP3COOQQZEM52AI7m/Ttpt X-Received: by 2002:a63:6486:: with SMTP id y128mr987635pgb.18.1544769862840; Thu, 13 Dec 2018 22:44:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544769862; cv=none; d=google.com; s=arc-20160816; b=ah+bBhRnkhCm8flpcF8OiA8W398AY1ZzDt/APsA/vs4VIpJZzNw4Phs121XbSKwoPR EQoqUWkIvKzdmYpTTOe8RmvQxPeouBT9l70RZij6sZNtdxCFnlCqQxOAb14/SGjWfDNk ZQI0gftGE7r78Q2l46KpgbN5i7c5ZKGwxuGETH2IcIaqa1vyBhiAtH7gYQdbL0jQkmcC FMR2tYKIrTUOSYT3cEq9ayQ4l6aavziXD8W+D63SBg5N6Jnqltfnia4EooWwFFtJW2Dl l5xoZEVKcYdRCoyOg/Flxkc8TeBQ41dygplqhcnNs36G7QsHUaY0ygg4SZ1B13ALeBFU 0sbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=gA0jjFvqXawpO1c/FWHMHxoWZzQrmYYLnCnbfaTehzE=; b=qIy3al6S9srUeecGWIamzYQNKLSN8GvQSKKv4iPNHeIoyVaLdcasg2ulQ437FkbHBS ybryFW3tYQ9IMN9hyRZw8PTpBWfO3o/NapUySyN/WNfUFIFY5HW65zoe6dEl4MlazgE8 3WkCgvwAIYxS8yh0U9GOSl8uDr9P170bmUk+ikMn7m+6RnYwFk5bz7w1NL7w83mxSm7v bCZZ4/7TqjFkJPGESppt1UrzbeytL3tiYeA7p4Eg0wNxsai/w0WxSjxU2ptXSKOl/j/Y Hx/Zhy4jFhlLvdbatmZmbkF7FiHepLsppglg1lWgSVyOIiEKfeDqhGWhtkStHa+WfyIF PvaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ak48fdZD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u28si3457434pgn.436.2018.12.13.22.44.04; Thu, 13 Dec 2018 22:44:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ak48fdZD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726662AbeLNGnI (ORCPT + 99 others); Fri, 14 Dec 2018 01:43:08 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:43703 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726437AbeLNGnI (ORCPT ); Fri, 14 Dec 2018 01:43:08 -0500 Received: by mail-pl1-f196.google.com with SMTP id gn14so2265253plb.10; Thu, 13 Dec 2018 22:43:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=gA0jjFvqXawpO1c/FWHMHxoWZzQrmYYLnCnbfaTehzE=; b=Ak48fdZDPscI3Qhx1DAK4DG/Lv8F46+49EEd8YjVksMlMauCCPTaYSBM45NGUzJeBT fEj0EvnQijn9j0KNnphonzZPYmanio3BGJOlEAqDCUTKGscMeFZlwnS6ndzkbgfq441G wXMhRqOcyDEOo6yrb9vYuxIuJY4t5WK+OyVsVVh1haJ3JXysr1HP6G1p2Gf+GBtuuRjd xBMEDz6w9yy8o3+M+5bPFCoeQVk4RfYFr6KJIlCoi6X2si/PxuYrupKCJr0X7aW6as/X baLrv5PEGH2jgqmvn2eAJEUq6LOQQL4RsB6koyaqSs9YvQVxIhUhypzkR2SIz2fgDGBt 8bWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=gA0jjFvqXawpO1c/FWHMHxoWZzQrmYYLnCnbfaTehzE=; b=pGu4ch+/zvQJGeibKODI/26WKM0mJen7SDYq3BvZLzJDLEu9RYYH1ruzAmHTFtspnL vSdOqQ1SEU3EEM4HR8XEBlCmSAlZqTxFzpYmyJY3JOTtHi+QMx5lT5tmT0opnWBhIN89 yZmBmT1+VLaw4tJTXlD41+lNG40ga5E0ukYcQOIGx164wATuBc93mcOAp1+XAhJc52t1 WGcyZ7oSIT0en1WyGDnlWyS2q/E0ROkimqB4t6ZKmIzbDs2jAh7zTMaiCApg4zeM2Uja DkrHHqoQUWJNJOQ9QfvAv4lJcNDihul+dpfbL7fpwrUBNFcZ986C7p22q+9QET0rahwA ZTwQ== X-Gm-Message-State: AA+aEWZEjZv9atLF7XYZR59yUEGMbJiM+AesA4aWprYaL5mBUBgv83g/ LrO87n4dK2cjNFh3CMzmSGE= X-Received: by 2002:a17:902:9a4c:: with SMTP id x12mr1762839plv.94.1544769787653; Thu, 13 Dec 2018 22:43:07 -0800 (PST) Received: from localhost.localdomain (c-24-6-192-50.hsd1.ca.comcast.net. [24.6.192.50]) by smtp.gmail.com with ESMTPSA id e16sm5132645pfn.46.2018.12.13.22.43.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 13 Dec 2018 22:43:06 -0800 (PST) From: frowand.list@gmail.com To: robh+dt@kernel.org, Michael Bringmann , linuxppc-dev@lists.ozlabs.org Cc: Michael Ellerman , Tyrel Datwyler , Thomas Falcon , Juliet Kim , devicetree@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 0/2] of: phandle_cache, fix refcounts, remove stale entry Date: Thu, 13 Dec 2018 22:42:49 -0800 Message-Id: <1544769771-5468-1-git-send-email-frowand.list@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Frank Rowand Non-overlay dynamic devicetree node removal may leave the node in the phandle cache. Subsequent calls to of_find_node_by_phandle() will incorrectly find the stale entry. This bug exposed the foloowing phandle cache refcount bug. The refcount of phandle_cache entries is not incremented while in the cache, allowing use after free error after kfree() of the cached entry. Frank Rowand (2): of: of_node_get()/of_node_put() nodes held in phandle cache of: __of_detach_node() - remove node from phandle cache drivers/of/base.c | 99 ++++++++++++++++++++++++++++++++++++------------- drivers/of/dynamic.c | 3 ++ drivers/of/of_private.h | 4 ++ 3 files changed, 81 insertions(+), 25 deletions(-) -- Frank Rowand