Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp848736rwi; Wed, 19 Oct 2022 03:51:35 -0700 (PDT) X-Google-Smtp-Source: AMsMyM63HqoBfMdk0SznHPJZuP1yRMrJaWlooaGzkS7dVKP3GbxfEvAE3szuJkng3RMW8JjeiIma X-Received: by 2002:a17:907:94c7:b0:78e:1c4f:51f9 with SMTP id dn7-20020a17090794c700b0078e1c4f51f9mr6424525ejc.200.1666176694845; Wed, 19 Oct 2022 03:51:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666176694; cv=none; d=google.com; s=arc-20160816; b=DFtq79CFpOL/qnoSuv26thGywudfOQqJacyyo49aDSGTkSJqyo2ECimxo2TKWSzeKI jPs8omHcRL3TeJL3loS+/zKFHNXB1XGtsWMuZ7Tfmac46dqOX/m2SH5465hli6MDO6HN 7Gi/NFJJRQs/6bDy+NYM5xEvsSQld33wS0sEnfwYWLeO/DX5M/Ed0o9uy59ZYffNomM/ py4w7YYGTYIEcxgPbJ0rbavP0Nw+r5ANjxrXg6KmwMJofWujUaM6ln+w3Al4lHgh5/BB xXbFsAXe1f9t8vz5ojW2v1fpFdk/DV7r8omK54zO160g830baiH+h0g9NU6zEDrssWtp SKNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+oE0JZb+KeUDsBGWPQnlpL7ruZ/m6k8pTnDTqBWtrX4=; b=yOuCfMSKjSxVdpGu3RaZwMcMF/H44vx1u5koZsUMqx8jufkQt2lhAdynl645iGd/DH WoY0o015SQdkFgLO9vlByO2iQeC0/xi4NCaifMAIGd8ltBmpyWje/jKVoEJMS55swo5K ejvyDjsn4achQEZMyoHucXOGo1hEyyYhelcJt2ZY45I3Hgeqer3HvCrnDUy4GoDGh6r9 LUoohR3VG2BaYCJ/oU4uplfVUylRmxmeZJOBwMMRMC/zrrQJqVjNznPSAKsrJQg08tbH b5GOKR8tm4Xk1K/eNdAJAJa5ZB3pFyynfYyHZOTQf1VvL8BLf7qRfTk4uvMyQrQSSgXZ iQuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="Xy/xkDbQ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q18-20020a056402519200b004597671e0ddsi13413675edd.338.2022.10.19.03.51.09; Wed, 19 Oct 2022 03:51:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="Xy/xkDbQ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234446AbiJSKtH (ORCPT + 99 others); Wed, 19 Oct 2022 06:49:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232505AbiJSKrC (ORCPT ); Wed, 19 Oct 2022 06:47:02 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 240FB56B8C; Wed, 19 Oct 2022 03:21:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3C3BBB8243D; Wed, 19 Oct 2022 08:58:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9824FC433D7; Wed, 19 Oct 2022 08:58:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666169925; bh=c/IdW/mBpyQMgYTrCHuboL6q7PPhJdh3DFEoIvN0a1c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Xy/xkDbQhApQTknTYeA29fYf8X5Wj+QnGRvGW79+Pp/kF3JMKAx1UIqCDvCXpe9I7 p+yeShW2ZJeYifDi9Ve9GIZtFWrkq+ZbBh0IZVun+vK9YfnpzqrB7Zu2eJyjZ9YLaM pqEtEiczSXsKJfQHCX40ECITd1VzbIIPG7Xg1pDg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Nuno=20S=C3=A1?= , Jonathan Cameron , Sasha Levin Subject: [PATCH 6.0 461/862] iio: inkern: only release the device node when done with it Date: Wed, 19 Oct 2022 10:29:08 +0200 Message-Id: <20221019083310.368297100@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221019083249.951566199@linuxfoundation.org> References: <20221019083249.951566199@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nuno Sá [ Upstream commit 79c3e84874c7d14f04ad58313b64955a0d2e9437 ] 'of_node_put()' can potentially release the memory pointed to by 'iiospec.np' which would leave us with an invalid pointer (and we would still pass it in 'of_xlate()'). Note that it is not guaranteed for the of_node lifespan to be attached to the device (to which is attached) lifespan so that there is (even though very unlikely) the possibility for the node to be freed while the device is still around. Thus, as there are indeed some of_xlate users which do access the node, a race is indeed possible. As such, we can only release the node after we are done with it. Fixes: 17d82b47a215d ("iio: Add OF support") Signed-off-by: Nuno Sá Link: https://lore.kernel.org/r/20220715122903.332535-2-nuno.sa@analog.com Signed-off-by: Jonathan Cameron Signed-off-by: Sasha Levin --- drivers/iio/inkern.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/iio/inkern.c b/drivers/iio/inkern.c index df74765d33dc..9d87057794fc 100644 --- a/drivers/iio/inkern.c +++ b/drivers/iio/inkern.c @@ -165,9 +165,10 @@ static int __of_iio_channel_get(struct iio_channel *channel, idev = bus_find_device(&iio_bus_type, NULL, iiospec.np, iio_dev_node_match); - of_node_put(iiospec.np); - if (idev == NULL) + if (idev == NULL) { + of_node_put(iiospec.np); return -EPROBE_DEFER; + } indio_dev = dev_to_iio_dev(idev); channel->indio_dev = indio_dev; @@ -175,6 +176,7 @@ static int __of_iio_channel_get(struct iio_channel *channel, index = indio_dev->info->of_xlate(indio_dev, &iiospec); else index = __of_iio_simple_xlate(indio_dev, &iiospec); + of_node_put(iiospec.np); if (index < 0) goto err_put; channel->channel = &indio_dev->channels[index]; -- 2.35.1