Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4159152imu; Tue, 18 Dec 2018 09:58:58 -0800 (PST) X-Google-Smtp-Source: AFSGD/XL/Biw5HejamD9I61hvX78u51PexXA9rKYUp8neMsdxiMQgNq5oPoAhZLL6IYFha4auS21 X-Received: by 2002:a17:902:59c8:: with SMTP id d8mr17349031plj.116.1545155938270; Tue, 18 Dec 2018 09:58:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545155938; cv=none; d=google.com; s=arc-20160816; b=MEBsxcDpO3DU8PO7BRKiJEr2rQ0kIakfPOMtYdmZ6Apgobkx65flqzPuKAY4SiEZ6k qpk5CW69jFw/na4Hl+pCiFwuSAG1W4cPGM1cP8riNAP+G3nMrNBZv5fM46fmQMpcGDKp 3jRX3Hcj96Ezj0vxZj/Kz2vgUuAWbDFvZWELCUff3pqP4JkRWbryf9Qs8V67mXnlYajw vWaPKyAiG97QCgRFSsOoNewcx09I1EMKy/N2ysQxpCWVwtAJd3eUjuDN9ZAgCqWgMu62 GxU1tOrkngUQ1zcJC0FHd14d9I1SuH8ekRlE4YbVrfHI17pHdqNNrsmydO6CFbpYBNtz x3cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=S3aNSJ7cN0C72p6PGrTWqAe/YEgQif/LAuryeo3h+Jw=; b=zNhz8y2pFSDhsT4QSPTvjgq08mc1aMKi8mTjkGhsgyQ7Lpcmue4hvNVJtX732SjfUZ yTAVNbH8xH7T/yFZFn/3HZVf+NZ3yf9uqOum7nMe9fhMbpQtfiqahc72YGO6JCQr+zA4 Pd0i6pkM6D4UDAUwhkTcztwbp51NMuhLx00reTaMfLDCFCPlts7eRXmjEekBjaGW0MNg F5ha0Z7XGFUL3dAW4gx1OTi/rON+WVZOYcX+qJowybvAuQdvlAWjl+IzHalIAXzN1yce ZBRUscKdydA+b0nBd2KKVES7U4EILXQqNEBcrZO/KbOjgBrU2RMTWAOfeC0mABRzQzJn 7FUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yuKKblqC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m187si14575023pfm.51.2018.12.18.09.58.43; Tue, 18 Dec 2018 09:58:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yuKKblqC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727037AbeLRPnV (ORCPT + 99 others); Tue, 18 Dec 2018 10:43:21 -0500 Received: from mail.kernel.org ([198.145.29.99]:60202 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727012AbeLRPnU (ORCPT ); Tue, 18 Dec 2018 10:43:20 -0500 Received: from mail-qt1-f173.google.com (mail-qt1-f173.google.com [209.85.160.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EA0ED218A3; Tue, 18 Dec 2018 15:43:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1545147800; bh=m2DB6QqWu8SEUESKErQD/rr7f13p+Lqxt8lAYe2ja6Q=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=yuKKblqCgjQX95iSWznF6Mt5m86MeOqoVMzY+QICMc7Y9+4z22J83gW/ormQ7gdlY ocGCeHz6YipSoHAnQEHCv7jzBta7tlsEhXbz52KpyOvEmwxUQFzMhmBrh7yLMzwpiR BaMcen7mIv+Fn/3q0J4XU+1RgGvnturQl9n8/So4= Received: by mail-qt1-f173.google.com with SMTP id e5so18606156qtr.12; Tue, 18 Dec 2018 07:43:19 -0800 (PST) X-Gm-Message-State: AA+aEWZPsGO+kCRLjwWdkRKY5xmWmjK/bSxr1ZSEZYxzgImpEz7jE/kh KU32wVu39rW2Dlaszxpq6n9nrWrGNewy6K7R5g== X-Received: by 2002:ac8:6b18:: with SMTP id w24mr18229770qts.144.1545147799172; Tue, 18 Dec 2018 07:43:19 -0800 (PST) MIME-Version: 1.0 References: <1545033396-24485-1-git-send-email-frowand.list@gmail.com> In-Reply-To: <1545033396-24485-1-git-send-email-frowand.list@gmail.com> From: Rob Herring Date: Tue, 18 Dec 2018 09:43:07 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 0/2] of: phandle_cache, fix refcounts, remove stale entry To: Frank Rowand Cc: mwb@linux.vnet.ibm.com, linuxppc-dev , Michael Ellerman , Tyrel Datwyler , tlfalcon@linux.vnet.ibm.com, minkim@us.ibm.com, devicetree@vger.kernel.org, "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 17, 2018 at 1:56 AM wrote: > > From: Frank Rowand > > Non-overlay dynamic devicetree node removal may leave the node in > the phandle cache. Subsequent calls to of_find_node_by_phandle() > will incorrectly find the stale entry. This bug exposed the foloowing > phandle cache refcount bug. > > The refcount of phandle_cache entries is not incremented while in > the cache, allowing use after free error after kfree() of the > cached entry. > > Changes since v1: > - make __of_free_phandle_cache() static > - add WARN_ON(1) for unexpected condition in of_find_node_by_phandle() > > Frank Rowand (2): > of: of_node_get()/of_node_put() nodes held in phandle cache > of: __of_detach_node() - remove node from phandle cache I'll send this to Linus this week if I get a tested by. Otherwise, it will go in for 4.21. Rob