From patchwork Wed Oct 21 04:36:47 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe JAILLET X-Patchwork-Id: 533597 X-Patchwork-Delegate: michael@ellerman.id.au Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id A7BFF14076E for ; Wed, 21 Oct 2015 15:38:03 +1100 (AEDT) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 80E241A0415 for ; Wed, 21 Oct 2015 15:38:03 +1100 (AEDT) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Received: from smtp.smtpout.orange.fr (smtp02.smtpout.orange.fr [80.12.242.124]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 2D4A51A03C0 for ; Wed, 21 Oct 2015 15:37:05 +1100 (AEDT) Received: from localhost.localdomain ([92.140.173.126]) by mwinf5d49 with ME id Xgcu1r0022jzMuc03gcuUx; Wed, 21 Oct 2015 06:37:01 +0200 X-ME-Helo: localhost.localdomain X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI= X-ME-Date: Wed, 21 Oct 2015 06:37:01 +0200 X-ME-IP: 92.140.173.126 From: Christophe JAILLET To: benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au Subject: [PATCH v3] powerpc/prom: Avoid reference to potentially freed memory Date: Wed, 21 Oct 2015 06:36:47 +0200 Message-Id: <1445402207-326-1-git-send-email-christophe.jaillet@wanadoo.fr> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1445246877.30407.1.camel@ellerman.id.au> References: <1445246877.30407.1.camel@ellerman.id.au> X-Antivirus: avast! (VPS 151020-2, 20/10/2015), Outbound message X-Antivirus-Status: Clean X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kernel-janitors@vger.kernel.org, Christophe JAILLET , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" of_get_property() is used inside the loop, but then the reference to the node is dropped before dereferencing the prop pointer, which could by then point to junk if the node has been freed. Instead use of_property_read_u32() to actually read the property value before dropping the reference. Use of_get_next_parent to simplify code. Signed-off-by: Christophe JAILLET --- v2: Fix missing '{' v3: Use of_get_next_parent to simply code *** COMPILE-TESTED ONLY *** --- arch/powerpc/kernel/prom.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c index bef76c5..ba29c0d 100644 --- a/arch/powerpc/kernel/prom.c +++ b/arch/powerpc/kernel/prom.c @@ -783,17 +783,14 @@ void __init early_get_first_memblock_info(void *params, phys_addr_t *size) int of_get_ibm_chip_id(struct device_node *np) { of_node_get(np); - while(np) { - struct device_node *old = np; - const __be32 *prop; + while (np) { + u32 chip_id; - prop = of_get_property(np, "ibm,chip-id", NULL); - if (prop) { + if (!of_property_read_u32(np, "ibm,chip-id", &chip_id)) { of_node_put(np); - return be32_to_cpup(prop); + return chip_id; } - np = of_get_parent(np); - of_node_put(old); + np = of_get_next_parent(np); } return -1; }