| Message ID | 1562317176-13317-1-git-send-email-wen.yang99@zte.com.cn (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | powerpc: fix use-after-free on fixup_port_irq() | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/apply_patch | success | Successfully applied on branch next (f531d5e8f55b3767217b5d1be0ce1f1acd10167c) |
| snowpatch_ozlabs/build-ppc64le | success | Build succeeded |
| snowpatch_ozlabs/build-ppc64be | success | Build succeeded |
| snowpatch_ozlabs/build-ppc64e | success | Build succeeded |
| snowpatch_ozlabs/build-pmac32 | success | Build succeeded |
| snowpatch_ozlabs/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 22 lines checked |
diff --git a/arch/powerpc/kernel/legacy_serial.c b/arch/powerpc/kernel/legacy_serial.c index 7cea597..0105f3e 100644 --- a/arch/powerpc/kernel/legacy_serial.c +++ b/arch/powerpc/kernel/legacy_serial.c @@ -461,17 +461,18 @@ static void __init fixup_port_irq(int index, struct device_node *np, struct plat_serial8250_port *port) { + struct device_node *parent_np; unsigned int virq; DBG("fixup_port_irq(%d)\n", index); virq = irq_of_parse_and_map(np, 0); if (!virq && legacy_serial_infos[index].irq_check_parent) { - np = of_get_parent(np); - if (np == NULL) + parent_np = of_get_parent(np); + if (parent_np == NULL) return; - virq = irq_of_parse_and_map(np, 0); - of_node_put(np); + virq = irq_of_parse_and_map(parent_np, 0); + of_node_put(parent_np); } if (!virq) return;
There is a possible use-after-free issue in the fixup_port_irq(): 460 static void __init fixup_port_irq(int index, 461 struct device_node *np, 462 struct plat_serial8250_port *port) 463 { ... 469 if (!virq && legacy_serial_infos[index].irq_check_parent) { 470 np = of_get_parent(np); --> modified here. ... 474 of_node_put(np); ---> released here 475 } ... 481 #ifdef CONFIG_SERIAL_8250_FSL 482 if (of_device_is_compatible(np, "fsl,ns16550")) --> dereferenced here ... 484 #endif 485 } We solve this problem by introducing a new parent_np variable. Fixes: 9deaa53ac7fa ("serial: add irq handler for Freescale 16550 errata.") Signed-off-by: Wen Yang <wen.yang99@zte.com.cn> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Rob Herring <robh@kernel.org> Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-kernel@vger.kernel.org --- arch/powerpc/kernel/legacy_serial.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)