| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Sep 2019 08:01:05 +0000
From: Peter Rosin <peda@...ntia.se>
To: Uwe Kleine-König
<u.kleine-koenig@...gutronix.de>, Rob Herring <robh+dt@...nel.org>,
Frank Rowand <frowand.list@...il.com>
CC: "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mediatek@...ts.infradead.org"
<linux-mediatek@...ts.infradead.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"kernel@...gutronix.de" <kernel@...gutronix.de>,
Will Deacon <will@...nel.org>,
Robin Murphy <robin.murphy@....com>,
Joerg Roedel <joro@...tes.org>,
Matthias Brugger <matthias.bgg@...il.com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Marek Szyprowski <m.szyprowski@...sung.com>,
Uwe Kleine-König <uwe@...ine-koenig.org>,
Geert Uytterhoeven <geert+renesas@...der.be>
Subject: Re: [PATCH] of: restore old handling of cells_name=NULL in
of_*_phandle_with_args()
On 2019-09-18 08:38, Uwe Kleine-König wrote:
> From: Uwe Kleine-König <uwe@...ine-koenig.org>
>
> Before commit e42ee61017f5 ("of: Let of_for_each_phandle fallback to
> non-negative cell_count") the iterator functions calling
> of_for_each_phandle assumed a cell count of 0 if cells_name was NULL.
> This corner case was missed when implementing the fallback logic in
> e42ee61017f5 and resulted in an endless loop.
>
> Restore the old behaviour of of_count_phandle_with_args() and
> of_parse_phandle_with_args() and add a check to
> of_phandle_iterator_init() to prevent a similar failure as a safety
> precaution. of_parse_phandle_with_args_map() doesn't need a similar fix
> as cells_name isn't NULL there.
>
> Affected drivers are:
> - drivers/base/power/domain.c
> - drivers/base/power/domain.c
> - drivers/clk/ti/clk-dra7-atl.c
> - drivers/hwmon/ibmpowernv.c
> - drivers/i2c/muxes/i2c-demux-pinctrl.c
> - drivers/iommu/mtk_iommu.c
> - drivers/net/ethernet/freescale/fman/mac.c
> - drivers/opp/of.c
> - drivers/perf/arm_dsu_pmu.c
> - drivers/regulator/of_regulator.c
> - drivers/remoteproc/imx_rproc.c
> - drivers/soc/rockchip/pm_domains.c
> - sound/soc/fsl/imx-audmix.c
> - sound/soc/fsl/imx-audmix.c
> - sound/soc/meson/axg-card.c
> - sound/soc/samsung/tm2_wm5110.c
> - sound/soc/samsung/tm2_wm5110.c
>
> Thanks to Geert Uytterhoeven for reporting the issue, Peter Rosin for
> helping pinpoint the actual problem and the testers for confirming this
> fix.
>
> Fixes: e42ee61017f5 ("of: Let of_for_each_phandle fallback to non-negative cell_count")
> Tested-by: Marek Szyprowski <m.szyprowski@...sung.com>
> Tested-by: Geert Uytterhoeven <geert+renesas@...der.be>
> Signed-off-by: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
> ---
> Hello,
>
> compared to the untested patch I sent yesterday I also fixed
> of_parse_phandle_with_args which has three users that pass
> cells_name=NULL. (i.e. drivers/clk/ti/clk-dra7-atl.c,
> sound/soc/fsl/imx-audmix.c, sound/soc/samsung/tm2_wm5110.c) I didn't
> look closely, but maybe these could be converted to use of_parse_phandle
> as there are no arguments to be processed with no cells_name?!
>
> Best regards
> Uwe
>
> drivers/of/base.c | 30 ++++++++++++++++++++++++++++--
> 1 file changed, 28 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/of/base.c b/drivers/of/base.c
> index 2f25d2dfecfa..25ee07c0a3cd 100644
> --- a/drivers/of/base.c
> +++ b/drivers/of/base.c
> @@ -1286,6 +1286,13 @@ int of_phandle_iterator_init(struct of_phandle_iterator *it,
>
> memset(it, 0, sizeof(*it));
>
> + /*
> + * one of cell_count or cells_name must be provided to determine the
> + * argument length.
> + */
> + if (cell_count < 0 && !cells_name)
> + return -EINVAL;
> +
> list = of_get_property(np, list_name, &size);
> if (!list)
> return -ENOENT;
> @@ -1512,10 +1519,17 @@ int of_parse_phandle_with_args(const struct device_node *np, const char *list_na
> const char *cells_name, int index,
> struct of_phandle_args *out_args)
> {
> + int cell_count = -1;
> +
> if (index < 0)
> return -EINVAL;
> - return __of_parse_phandle_with_args(np, list_name, cells_name, -1,
> - index, out_args);
> +
> + /* If cells_name if NULL we assume a cell count of 0 */
> + if (!cells_name)
> + cell_count = 0;
> +
> + return __of_parse_phandle_with_args(np, list_name, cells_name,
> + cell_count, index, out_args);
> }
> EXPORT_SYMBOL(of_parse_phandle_with_args);
>
> @@ -1765,6 +1779,18 @@ int of_count_phandle_with_args(const struct device_node *np, const char *list_na
> struct of_phandle_iterator it;
> int rc, cur_index = 0;
>
> + /* If cells_name is NULL we assume a cell count of 0 */
> + if (cells_name == NULL) {
A couple of nits.
I don't know if there are other considerations, but in the previous two
hunks you use !cells_name instead of comparing explicitly with NULL.
Personally, I find the shorter form more readable, and in the name of
consistency bla bla...
Also, the comment explaining this NULL-check didn't really make sense
to me until I realized that knowing the cell count to be zero makes
counting trivial. Something along those lines should perhaps be in the
comment?
But as I said, these are nits. Feel free to ignore.
Cheers,
Peter
> + const __be32 *list;
> + int size;
> +
> + list = of_get_property(np, list_name, &size);
> + if (!list)
> + return -ENOENT;
> +
> + return size / sizeof(*list);
> + }
> +
> rc = of_phandle_iterator_init(&it, np, list_name, cells_name, -1);
> if (rc)
> return rc;
>
Powered by blists - more mailing lists