Message ID | 1445031525-20086-1-git-send-email-christophe.jaillet@wanadoo.fr (mailing list archive) |
---|---|
State | Accepted |
Headers | show |
On Fri, 2015-10-16 at 23:38 +0200, Christophe JAILLET wrote: > of_get_property() is used inside the loop, but then the reference to the > node is dropped before dereferencing the prop pointer, which could by then > point to junk if the node has been freed. > > Instead use of_property_read_u32() to actually read the property > value before dropping the reference. > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > --- > v2: Fix missing '{' > *** COMPILE-TESTED ONLY *** Thanks, this looks good. I'll test it on real hardware. Can you send me a follow up which does the of_get_next_parent() conversion? cheers
On Fri, 2015-16-10 at 21:38:45 UTC, Christophe Jaillet wrote: > of_get_property() is used inside the loop, but then the reference to the > node is dropped before dereferencing the prop pointer, which could by then > point to junk if the node has been freed. > > Instead use of_property_read_u32() to actually read the property > value before dropping the reference. > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/1856f50c66dff0afb4a6a3e2 cheers
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c index bef76c5..dc4f6a4 100644 --- a/arch/powerpc/kernel/prom.c +++ b/arch/powerpc/kernel/prom.c @@ -783,14 +783,13 @@ void __init early_get_first_memblock_info(void *params, phys_addr_t *size) int of_get_ibm_chip_id(struct device_node *np) { of_node_get(np); - while(np) { + while (np) { struct device_node *old = np; - const __be32 *prop; + u32 chip_id; - prop = of_get_property(np, "ibm,chip-id", NULL); - if (prop) { + if (!of_property_read_u32(np, "ibm,chip-id", &chip_id)) { of_node_put(np); - return be32_to_cpup(prop); + return chip_id; } np = of_get_parent(np); of_node_put(old);
of_get_property() is used inside the loop, but then the reference to the node is dropped before dereferencing the prop pointer, which could by then point to junk if the node has been freed. Instead use of_property_read_u32() to actually read the property value before dropping the reference. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> --- v2: Fix missing '{' *** COMPILE-TESTED ONLY *** --- arch/powerpc/kernel/prom.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-)