[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220623070620.ndhnxeiw4wtjgpjm@pengutronix.de>
Date: Thu, 23 Jun 2022 09:06:20 +0200
From: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
To: Kunihiko Hayashi <hayashi.kunihiko@...ionext.com>
Cc: Michael Turquette <mturquette@...libre.com>,
Stephen Boyd <sboyd@...nel.org>, linux-clk@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] clk: Fix referring to wrong pointer in devm_clk_release()
Hello,
On Thu, Jun 23, 2022 at 10:02:22AM +0900, Kunihiko Hayashi wrote:
> At bind phase, __devm_clk_get() calls devres_alloc() to allocate devres,
> and dr->data is treated as a variable "state".
>
> At unbind phase, release_nodes() calls devm_clk_release() specified by
> devres_alloc().
>
> The argument "res" of devm_clk_release() is dr->data, and this entity is
> "state", however in devm_clk_release(), "*res" is treated as "state",
> resulting in pointer inconsistency.
>
> Unbinding a driver caused a panic.
>
> Unable to handle kernel execute from non-executable memory
> at virtual address ffff000100236810
> ...
> pc : 0xffff000100236810
> lr : devm_clk_release+0x6c/0x9c
> ...
> Call trace:
> 0xffff000100236810
> release_nodes+0xb0/0x150
> devres_release_all+0x94/0xf8
> device_unbind_cleanup+0x20/0x70
> device_release_driver_internal+0x114/0x1a0
> device_driver_detach+0x20/0x30
>
> Cc: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
> Fixes: abae8e57e49a ("clk: generalize devm_clk_get() a bit")
> Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@...ionext.com>
This is already fixed in clk-next:
https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git/commit/?h=clk-next&id=8b3d743fc9e2542822826890b482afabf0e7522a
Thanks anyhow,
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | https://www.pengutronix.de/ |
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists