- Linux-stable-mirror - lists.linaro.org

[PATCH] bcache: release dc->writeback_lock properly in bch_writeback_thread()

by Coly Li

From: Shan Hai <shan.hai(a)oracle.com> The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing the held lock before exiting the while-loop. Signed-off-by: Shan Hai <shan.hai(a)oracle.com> Signed-off-by: Coly Li <colyli(a)suse.de> Tested-by: Shenghui Wang <shhuiw(a)foxmail.com> Cc: stable(a)vger.kernel.org #4.17+ --- drivers/md/bcache/writeback.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 6be05bd7ca67..08c3a9f9676c 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -685,8 +685,10 @@ static int bch_writeback_thread(void *arg) * data on cache. BCACHE_DEV_DETACHING flag is set in * bch_cached_dev_detach(). */ - if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) + if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) { + up_write(&dc->writeback_lock); break; + } } up_write(&dc->writeback_lock); -- 2.18.0

7 years, 4 months

1
0
0 0

[PATCH 2/2] fs/quota: Fix spectre gadget in do_quotactl

by Jeremy Cline

'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers the following potential gadgets detected with the help of smatch: * fs/ext4/super.c:5741 ext4_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/ext4/super.c:5778 ext4_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1552 f2fs_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1608 f2fs_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/quota/dquot.c:412 mark_info_dirty() warn: potential spectre issue 'sb_dqopt(sb)->info' [w] * fs/quota/dquot.c:933 dqinit_needed() warn: potential spectre issue 'dquots' [r] * fs/quota/dquot.c:2112 dquot_commit_info() warn: potential spectre issue 'dqopt->ops' [r] * fs/quota/dquot.c:2362 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->files' [w] (local cap) * fs/quota/dquot.c:2369 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->ops' [w] (local cap) * fs/quota/dquot.c:2370 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->info' [w] (local cap) * fs/quota/quota.c:110 quota_getfmt() warn: potential spectre issue 'sb_dqopt(sb)->info' [r] * fs/quota/quota_v2.c:84 v2_check_quota_file() warn: potential spectre issue 'quota_magics' [w] * fs/quota/quota_v2.c:85 v2_check_quota_file() warn: potential spectre issue 'quota_versions' [w] * fs/quota/quota_v2.c:96 v2_read_file_info() warn: potential spectre issue 'dqopt->info' [r] * fs/quota/quota_v2.c:172 v2_write_file_info() warn: potential spectre issue 'dqopt->info' [r] Additionally, a quick inspection indicates there are array accesses with 'type' in quota_on() and quota_off() functions which are also addressed by this. Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- This patch isn't going to cleanly apply to stable without the "fs/quota: Replace XQM_MAXQUOTAS usage with MAXQUOTAS" patch, but I'm not sure that patch is really stable material and XQM_MAXQUOTAS has been 3 since pre-v4.4 so the end result will be the same even if that patch isn't backported. fs/quota/quota.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/quota/quota.c b/fs/quota/quota.c index d403392d8a0f..f0cbf58ad4da 100644 --- a/fs/quota/quota.c +++ b/fs/quota/quota.c @@ -18,6 +18,7 @@ #include <linux/quotaops.h> #include <linux/types.h> #include <linux/writeback.h> +#include <linux/nospec.h> static int check_quotactl_permission(struct super_block *sb, int type, int cmd, qid_t id) @@ -701,6 +702,7 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, if (type >= MAXQUOTAS) return -EINVAL; + type = array_index_nospec(type, MAXQUOTAS); /* * Quota not supported on this fs? Check this before s_quota_types * since they needn't be set if quota is not supported at all. -- 2.17.1

7 years, 4 months

2
1
0 0

[PATCH 3/9] drm/msm: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the legacy pwrlevels child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the probed device's node). While at it, also fix the related child-node reference leak. Fixes: e2af8b6b0ca1 ("drm/msm: gpu: Use OPP tables if we can") Cc: stable <stable(a)vger.kernel.org> # 4.12 Cc: Jordan Crouse <jcrouse(a)codeaurora.org> Cc: Rob Clark <robdclark(a)gmail.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index da1363a0c54d..93d70f4a2154 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -633,8 +633,7 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) struct device_node *child, *node; int ret; - node = of_find_compatible_node(dev->of_node, NULL, - "qcom,gpu-pwrlevels"); + node = of_get_compatible_child(dev->of_node, "qcom,gpu-pwrlevels"); if (!node) { dev_err(dev, "Could not find the GPU powerlevels\n"); return -ENXIO; @@ -655,6 +654,8 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) dev_pm_opp_add(dev, val, 0); } + of_node_put(node); + return 0; } -- 2.18.0

7 years, 4 months

2
1
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 4 months

3
2
0 0

request for 4.4-stable: 08474cc1e6ea7 ("bridge: Propagate vlan add failure to user")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch fixed the kernel oops issue when executing bridge tool, please see reproducible steps with kernel 4.4 in below. # brctl addbr br0 # brctl addif br0 eth0 [ 1073.390028] device eth0 entered promiscuous mode [ 1073.395022] cpsw 4a100000.ethernet eth0: failed to initialize vlan filtering on this port # brctl addif br0 eth1 [ 1092.205685] net eth1: promiscuity not disabled as the other interface is still in promiscuity mode [ 1092.217541] device eth1 entered promiscuous mode [ 1092.222460] cpsw 4a100000.ethernet eth1: failed to initialize vlan filtering on this port # ifconfig br0 192.168.127.253 netmask 255.255.254.0 [ 1112.412740] br0: port 1(eth0) entered forwarding state [ 1112.417975] br0: port 1(eth0) entered forwarding state # brctl delif br0 eth0 [ 1137.645792] device eth0 left promiscuous mode [ 1137.650429] net eth0: promiscuity not disabled as the other interface is still in promiscuity mode [ 1137.663592] br0: port 1(eth0) entered disabled state [ 1137.668815] Unable to handle kernel NULL pointer dereference at virtual address 0000007a [ 1137.677026] pgd = dc58c000 [ 1137.679745] [0000007a] *pgd=00000000 [ 1137.683377] Internal error: Oops: 805 [#1] SMP ARM [ 1137.688189] Modules linked in: cryptodev omap_sham omap_aes omap_wdt sunrpc ip_tables x_tables autofs4 [ 1137.697598] CPU: 0 PID: 851 Comm: brctl Not tainted 4.4.0-cip-uc8100+ #1 [ 1137.704325] Hardware name: Generic AM33XX (Flattened Device Tree) [ 1137.710442] task: de580dc0 ti: dc574000 task.ti: dc574000 [ 1137.715883] PC is at __vlan_flush+0x18/0x54 [ 1137.720084] LR is at nbp_vlan_flush+0x28/0x60 [ 1137.724457] pc : [<c051ab3c>] lr : [<c051c2f4>] psr: 20080013 [ 1137.724457] sp : dc575dc8 ip : dc575de0 fp : dc575ddc [ 1137.735981] r10: 00000000 r9 : 00000000 r8 : 00000000 [ 1137.741226] r7 : dc5236d4 r6 : de239800 r5 : 00000000 r4 : 00000000 [ 1137.747779] r3 : 00000000 r2 : dc49e4c4 r1 : 00000200 r0 : 00000000 [ 1137.754333] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 1137.761497] Control: 10c5387d Table: 9c58c019 DAC: 00000051 [ 1137.767264] Process brctl (pid: 851, stack limit = 0xdc574218) [ 1137.773119] Stack: (0xdc575dc8 to 0xdc576000) [ 1137.777496] 5dc0: 00000000 dc523600 dc575df4 dc575de0 c051c2f4 c051ab30 [ 1137.785711] 5de0: dc523600 dc49e4c0 dc575e14 dc575df8 c050e450 c051c2d8 dc49e4c0 dc49e4c0 [ 1137.793925] 5e00: 00000002 00000000 dc575e2c dc575e18 c050ebd8 c050e3d0 c0748380 dc49e4c0 [ 1137.802139] 5e20: dc575e4c dc575e30 c050f69c c050ebac dc575ea8 dc49e000 dc575ea8 c0596714 [ 1137.810353] 5e40: dc575e64 dc575e50 c05100f4 c050f650 000089a3 dc49e000 dc575e9c dc575e68 [ 1137.818567] 5e60: c04293d0 c05100a0 c0409b84 c0265738 dc575ea8 c0748380 000089a3 000089a3 [ 1137.826781] 5e80: c0748380 bee56bf4 dc575ea8 00000000 dc575ef4 dc575ea0 c0429828 c0429118 [ 1137.834995] 5ea0: 00000001 d543b3b8 00307262 00000000 00000000 00000000 00000002 00000003 [ 1137.843210] 5ec0: 7f5b0e34 bee56ebf c0147120 000089a3 fffffdfd bee56bf4 c0748380 bee56bf4 [ 1137.851424] 5ee0: 00000003 00000000 dc575f14 dc575ef8 c03f3230 c0429494 bee56bf4 ddb840a0 [ 1137.859638] 5f00: dc4ca340 00000003 dc575f7c dc575f18 c0142c08 c03f30b0 dc575f5c dc575f28 [ 1137.867852] 5f20: c0131f08 c01509ac 00000020 00000000 dc575f54 de581244 00000000 c0754108 [ 1137.876067] 5f40: de580dc0 c000fa64 dc574000 00000000 dc575f6c 00000000 dc4ca340 dc4ca340 [ 1137.884281] 5f60: 000089a3 bee56bf4 00000003 00000000 dc575fa4 dc575f80 c0142e98 c0142724 [ 1137.892495] 5f80: 7f5b10f0 b6f7ace8 00000002 00000036 c000fa64 dc574000 00000000 dc575fa8 [ 1137.900708] 5fa0: c000f8a0 c0142e30 7f5b10f0 b6f7ace8 00000003 000089a3 bee56bf4 000000cc [ 1137.908922] 5fc0: 7f5b10f0 b6f7ace8 00000002 00000036 bee56bf4 00000000 7f5b1000 00000000 [ 1137.917136] 5fe0: b6ef4711 bee56bdc 7f59f1ff b6ef4716 00080030 00000003 00000000 00000000 [ 1137.925343] Backtrace: [ 1137.927810] [<c051ab24>] (__vlan_flush) from [<c051c2f4>] (nbp_vlan_flush+0x28/0x60) [ 1137.935582] r5:dc523600 r4:00000000 [ 1137.939194] [<c051c2cc>] (nbp_vlan_flush) from [<c050e450>] (del_nbp+0x8c/0x110) [ 1137.946618] r5:dc49e4c0 r4:dc523600 [ 1137.950224] [<c050e3c4>] (del_nbp) from [<c050ebd8>] (br_del_if+0x38/0x9c) [ 1137.957125] r7:00000000 r6:00000002 r5:dc49e4c0 r4:dc49e4c0 [ 1137.962833] [<c050eba0>] (br_del_if) from [<c050f69c>] (add_del_if+0x58/0x74) [ 1137.969995] r5:dc49e4c0 r4:c0748380 [ 1137.973600] [<c050f644>] (add_del_if) from [<c05100f4>] (br_dev_ioctl+0x60/0x64) [ 1137.981023] r7:c0596714 r6:dc575ea8 r5:dc49e000 r4:dc575ea8 [ 1137.986731] [<c0510094>] (br_dev_ioctl) from [<c04293d0>] (dev_ifsioc+0x2c4/0x308) [ 1137.994330] r5:dc49e000 r4:000089a3 [ 1137.997930] [<c042910c>] (dev_ifsioc) from [<c0429828>] (dev_ioctl+0x3a0/0x8bc) [ 1138.005266] r8:00000000 r7:dc575ea8 r6:bee56bf4 r5:c0748380 r4:000089a3 [ 1138.012032] [<c0429488>] (dev_ioctl) from [<c03f3230>] (sock_ioctl+0x18c/0x2dc) [ 1138.019368] r10:00000000 r9:00000003 r8:bee56bf4 r7:c0748380 r6:bee56bf4 r5:fffffdfd [ 1138.027260] r4:000089a3 [ 1138.029817] [<c03f30a4>] (sock_ioctl) from [<c0142c08>] (do_vfs_ioctl+0x4f0/0x70c) [ 1138.037416] r7:00000003 r6:dc4ca340 r5:ddb840a0 r4:bee56bf4 [ 1138.043124] [<c0142718>] (do_vfs_ioctl) from [<c0142e98>] (SyS_ioctl+0x74/0x84) [ 1138.050460] r10:00000000 r9:00000003 r8:bee56bf4 r7:000089a3 r6:dc4ca340 r5:dc4ca340 [ 1138.058347] r4:00000000 [ 1138.060907] [<c0142e24>] (SyS_ioctl) from [<c000f8a0>] (ret_fast_syscall+0x0/0x44) [ 1138.068505] r9:dc574000 r8:c000fa64 r7:00000036 r6:00000002 r5:b6f7ace8 r4:7f5b10f0 [ 1138.076311] Code: e24cb004 f57ff05a e1a05000 e3a03000 (e1c037ba) [ 1138.082666] ---[ end trace d055796b6cd31311 ]--- Segmentation fault -- SZ Lin (林上智)

7 years, 4 months

2
1
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 4 months

1
0
0 0

[PATCH 8/9] NFC: nfcmrvl_uart: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent node). Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver") Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: Vincent Cuissard <cuissard(a)marvell.com> Cc: Samuel Ortiz <sameo(a)linux.intel.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/nfc/nfcmrvl/uart.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/nfc/nfcmrvl/uart.c b/drivers/nfc/nfcmrvl/uart.c index 91162f8e0366..9a22056e8d9e 100644 --- a/drivers/nfc/nfcmrvl/uart.c +++ b/drivers/nfc/nfcmrvl/uart.c @@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct device_node *node, struct device_node *matched_node; int ret; - matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart"); + matched_node = of_get_compatible_child(node, "marvell,nfc-uart"); if (!matched_node) { - matched_node = of_find_compatible_node(node, NULL, - "mrvl,nfc-uart"); + matched_node = of_get_compatible_child(node, "mrvl,nfc-uart"); if (!matched_node) return -ENODEV; } -- 2.18.0

7 years, 4 months

1
0
0 0

[PATCH 6/9] net: bcmgenet: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the mdio child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). Fixes: aa09677cba42 ("net: bcmgenet: add MDIO routines") Cc: stable <stable(a)vger.kernel.org> # 3.15 Cc: Florian Fainelli <f.fainelli(a)gmail.com> Cc: David S. Miller <davem(a)davemloft.net> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 5333274a283c..87fc65560ceb 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -333,7 +333,7 @@ static struct device_node *bcmgenet_mii_of_find_mdio(struct bcmgenet_priv *priv) if (!compat) return NULL; - priv->mdio_dn = of_find_compatible_node(dn, NULL, compat); + priv->mdio_dn = of_get_compatible_child(dn, compat); kfree(compat); if (!priv->mdio_dn) { dev_err(kdev, "unable to find MDIO bus node\n"); -- 2.18.0

7 years, 4 months

1
0
0 0

[PATCH 5/9] mtd: nand: atmel: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). While at it, also fix a related nfc-node reference leak. Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver") Cc: stable <stable(a)vger.kernel.org> # 4.11 Cc: Nicolas Ferre <nicolas.ferre(a)microchip.com> Cc: Josh Wu <rainyfeeling(a)outlook.com> Cc: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mtd/nand/raw/atmel/nand-controller.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c index a068b214ebaa..d3dfe63956ac 100644 --- a/drivers/mtd/nand/raw/atmel/nand-controller.c +++ b/drivers/mtd/nand/raw/atmel/nand-controller.c @@ -2061,8 +2061,7 @@ atmel_hsmc_nand_controller_legacy_init(struct atmel_hsmc_nand_controller *nc) int ret; nand_np = dev->of_node; - nfc_np = of_find_compatible_node(dev->of_node, NULL, - "atmel,sama5d3-nfc"); + nfc_np = of_get_compatible_child(dev->of_node, "atmel,sama5d3-nfc"); nc->clk = of_clk_get(nfc_np, 0); if (IS_ERR(nc->clk)) { @@ -2472,15 +2471,19 @@ static int atmel_nand_controller_probe(struct platform_device *pdev) } if (caps->legacy_of_bindings) { + struct device_node *nfc_node; u32 ale_offs = 21; /* * If we are parsing legacy DT props and the DT contains a * valid NFC node, forward the request to the sama5 logic. */ - if (of_find_compatible_node(pdev->dev.of_node, NULL, - "atmel,sama5d3-nfc")) + nfc_node = of_get_compatible_child(pdev->dev.of_node, + "atmel,sama5d3-nfc"); + if (nfc_node) { caps = &atmel_sama5_nand_caps; + of_node_put(nfc_node); + } /* * Even if the compatible says we are dealing with an -- 2.18.0

7 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror