Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4473483imu;
        Tue, 18 Dec 2018 15:52:05 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UJheh9bXEGQp+5AelOWRaDH2lXPhcm9DVTXt99pEV1f7JLmhHUAOUKczr1FOaSWjkE/p4M
X-Received: by 2002:a63:ec4b:: with SMTP id r11mr16998428pgj.44.1545177124958;
        Tue, 18 Dec 2018 15:52:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1545177124; cv=none;
        d=google.com; s=arc-20160816;
        b=PdCV7AET1i21PQrzXtUqGzxrWNW0T0swZeTPyS36oajbwm8Xfgd6d/C6oxD8cav7o3
         J4+0TCuZ0IBarXvg4V7X3bjJlFky31rM49g1xKjBq6jKIElFujo6VFlmdxkLpYczB7uv
         a3MB60wL/prxmFAD1HDmbMn4N5iBbBPSaTv6U6mDZUM55PuUvx4vs7+vOVevsn3VI6HQ
         29YVIkLH4Z+jXr2PxljwAQz6TJkXCMLKSDK2m/WIFbHf8rqD2pK3cQtX+s5uIADz4KZy
         DdzZCCSqfwIOwmDhPY/C17exY4yc6ubtqYLdc5Td/7o6tgeq4KXK1YJcg36DxHpXICsq
         cWLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:from;
        bh=rxWTOhIKyyb+afcJ7n52MDTniM9dbDfpkEXHVOmABpE=;
        b=nwUm59/2bLBYI0J/8KKI2SPTNs232yIYJnXnrTzjNMPK8PN+35HKl+FTcI8qAM4JZ8
         NWVlkqAKBEMymHD82/hnOqgZKfhUywcJCW2SyHSdmNWfICfA+EpMB0tN0bYo6bmZ6i+x
         Pnvu9XHvSWWZ60egPSyMx/+06Q+DhRYdGZw5dpIkH9jX6I1TitCe4IE61P00e383ppHg
         WU3B74mquGnJvkTF28IjgybOHlQqC26uckKhkibBgRrs0vaFg5DioTxXo3t5ZvI695Gn
         wzZxaHjE2bpgyKshB7BVHE4y+urVNmKqBRScP6Xosxe291P8PAxOoo65Ul4t5uCIruHy
         dLaw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f10si14351489pgh.195.2018.12.18.15.51.49;
        Tue, 18 Dec 2018 15:52:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727411AbeLRXqu (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Tue, 18 Dec 2018 18:46:50 -0500
Received: from ozlabs.org ([203.11.71.1]:40893 "EHLO ozlabs.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726859AbeLRXqu (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Dec 2018 18:46:50 -0500
Received: from authenticated.ozlabs.org (localhost [127.0.0.1])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ozlabs.org (Postfix) with ESMTPSA id 43KF6c21sbz9s2P;
        Wed, 19 Dec 2018 10:46:48 +1100 (AEDT)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ellerman.id.au
From:   Michael Ellerman <mpe@ellerman.id.au>
To:     Rob Herring <robh+dt@kernel.org>,
        Frank Rowand <frowand.list@gmail.com>
Cc:     mwb@linux.vnet.ibm.com,
        linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
        Tyrel Datwyler <tyreld@linux.vnet.ibm.com>,
        tlfalcon@linux.vnet.ibm.com, minkim@us.ibm.com,
        devicetree@vger.kernel.org,
        "linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 0/2] of: phandle_cache, fix refcounts, remove stale entry
In-Reply-To: <CAL_JsqKZ=g16jZ_SZX2qi-ecE-hvQ+-UfUw40=+ztiM-Zpsq9A@mail.gmail.com>
References: <1545033396-24485-1-git-send-email-frowand.list@gmail.com> <CAL_JsqKZ=g16jZ_SZX2qi-ecE-hvQ+-UfUw40=+ztiM-Zpsq9A@mail.gmail.com>
Date:   Wed, 19 Dec 2018 10:46:48 +1100
Message-ID: <87mup2s8if.fsf@concordia.ellerman.id.au>
MIME-Version: 1.0
Content-Type: text/plain
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Rob Herring <robh+dt@kernel.org> writes:
> On Mon, Dec 17, 2018 at 1:56 AM <frowand.list@gmail.com> wrote:
>>
>> From: Frank Rowand <frank.rowand@sony.com>
>>
>> Non-overlay dynamic devicetree node removal may leave the node in
>> the phandle cache.  Subsequent calls to of_find_node_by_phandle()
>> will incorrectly find the stale entry.  This bug exposed the foloowing
>> phandle cache refcount bug.
>>
>> The refcount of phandle_cache entries is not incremented while in
>> the cache, allowing use after free error after kfree() of the
>> cached entry.
>>
>> Changes since v1:
>>   - make __of_free_phandle_cache() static
>>   - add WARN_ON(1) for unexpected condition in of_find_node_by_phandle()
>>
>> Frank Rowand (2):
>>   of: of_node_get()/of_node_put() nodes held in phandle cache
>>   of: __of_detach_node() - remove node from phandle cache
>
> I'll send this to Linus this week if I get a tested by. Otherwise, it
> will go in for 4.21.

I think it can wait to go into 4.21, it's not super critical and it's
not a regression since 4.19.

cheers