leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
874f224cc5
linux/drivers/clk
History
Stephen Boyd 874f224cc5 clk: Fix slab corruption in clk_unregister() 
When a clock is unregsitered, we iterate over the list of
children and reparent them to NULL (i.e. orphan list). While
iterating the list, we should use the safe iterators because the
children list for this clock is changing when we reparent the
children to NULL. Failure to iterate safely can lead to slab
corruption like this:

=============================================================================
BUG kmalloc-128 (Not tainted): Poison overwritten
-----------------------------------------------------------------------------

Disabling lock debugging due to kernel taint
INFO: 0xed0c4900-0xed0c4903. First byte 0x0 instead of 0x6b
INFO: Allocated in clk_register+0x20/0x1bc age=297 cpu=2 pid=70
 __slab_alloc.isra.39.constprop.42+0x410/0x454
 kmem_cache_alloc_trace+0x200/0x24c
 clk_register+0x20/0x1bc
 devm_clk_register+0x34/0x68
 0xbf0000f0
 platform_drv_probe+0x18/0x48
 driver_probe_device+0x94/0x360
 __driver_attach+0x94/0x98
 bus_for_each_dev+0x54/0x88
 bus_add_driver+0xe8/0x204
 driver_register+0x78/0xf4
 do_one_initcall+0xc4/0x17c
 load_module+0x19ac/0x2294
 SyS_init_module+0xa4/0x110
 ret_fast_syscall+0x0/0x48
INFO: Freed in clk_unregister+0xd4/0x140 age=23 cpu=2 pid=73
 __slab_free+0x38/0x41c
 clk_unregister+0xd4/0x140
 release_nodes+0x164/0x1d8
 __device_release_driver+0x60/0xb0
 driver_detach+0xb4/0xb8
 bus_remove_driver+0x5c/0xc4
 SyS_delete_module+0x148/0x1d8
 ret_fast_syscall+0x0/0x48
INFO: Slab 0xeec50b90 objects=25 used=0 fp=0xed0c5400 flags=0x4080
INFO: Object 0xed0c48c0 @offset=2240 fp=0xed0c4a00

Bytes b4 ed0c48b0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
Object ed0c48c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c48d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c48e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c48f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c4900: 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  ....kkkkkkkkkkkk
Object ed0c4910: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c4920: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c4930: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  kkkkkkkkkkkkkkk.
Redzone ed0c4940: bb bb bb bb                                      ....
Padding ed0c49e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
Padding ed0c49f8: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
CPU: 3 PID: 75 Comm: mdev Tainted: G    B         3.14.0-11033-g2054ba5ca781 #35
[<c0014be0>] (unwind_backtrace) from [<c0012240>] (show_stack+0x10/0x14)
[<c0012240>] (show_stack) from [<c04b74a0>] (dump_stack+0x70/0xbc)
[<c04b74a0>] (dump_stack) from [<c00f7a78>] (check_bytes_and_report+0xbc/0x100)
[<c00f7a78>] (check_bytes_and_report) from [<c00f7c48>] (check_object+0x18c/0x218)
[<c00f7c48>] (check_object) from [<c00f7efc>] (__free_slab+0x104/0x144)
[<c00f7efc>] (__free_slab) from [<c04b6668>] (__slab_free+0x3dc/0x41c)
[<c04b6668>] (__slab_free) from [<c014c008>] (load_elf_binary+0x88/0x12b4)
[<c014c008>] (load_elf_binary) from [<c0105a44>] (search_binary_handler+0x78/0x18c)
[<c0105a44>] (search_binary_handler) from [<c0106fc0>] (do_execve+0x490/0x5dc)
[<c0106fc0>] (do_execve) from [<c0036b8c>] (____call_usermodehelper+0x134/0x168)
[<c0036b8c>] (____call_usermodehelper) from [<c000f048>] (ret_from_fork+0x14/0x2c)
FIX kmalloc-128: Restoring 0xed0c4900-0xed0c4903=0x6b

Fixes: fcb0ee6a3d (clk: Implement clk_unregister)
Cc: Jiada Wang <jiada_wang@mentor.com>
Cc: Sylwester Nawrocki <s.nawrocki@samsung.com>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Mike Turquette <mturquette@linaro.org>
Cc: stable@vger.kernel.org
2014-04-30 11:44:05 -07:00
..
at91 clk: at91: optimization of the set_rate callback 2014-03-19 15:22:02 -07:00
bcm clk: bcm281xx: don't use unnamed structs or unions 2014-04-30 11:43:58 -07:00
hisilicon clk: hisilicon: fix warning from smatch 2014-03-20 19:05:39 -07:00
keystone clk: keystone: gate: fix clk_init_data initialization 2014-02-10 15:17:43 -05:00
mmp clk: mmp: try to use closer one when do round rate 2014-03-26 20:59:27 -07:00
mvebu clock: mvebu new SoC changes for v3.15 (incremental pull #2) 2014-03-18 21:34:45 -07:00
mxs ARM: mxs: remove custom .init_time hook 2013-09-29 21:09:34 +02:00
qcom clk: qcom: Fix modular build 2014-01-17 13:39:42 -08:00
rockchip clk: add support for Rockchip gate clocks 2013-06-20 15:58:27 -07:00
samsung Exynos cleanup for v3.15 2014-03-29 02:03:39 +01:00
shmobile The clock framework changes for 3.15 look similar to past pull requests. 2014-04-05 18:39:18 -07:00
sirf clk: sirf: update copyright years to 2014 2014-03-26 21:47:35 -07:00
socfpga clk: socfpga: fix clock driver for 3.15 2014-04-30 11:44:01 -07:00
spear clk: SPEAr: Staticize clk_frac_ops 2013-12-19 11:45:17 -08:00
st clk: st: Support for A9 MUX clocks 2014-03-25 15:59:23 -07:00
sunxi clk: sunxi: fix thinko in comment 2014-03-19 12:35:07 -07:00
tegra clk: tegra: remove non-existent clocks 2014-04-24 15:36:50 +02:00
ti == Changes to existing drivers == 2014-04-07 10:24:18 -07:00
ux500 clk: ux500: Staticize ux500_twocell_get 2014-02-23 15:04:40 -08:00
versatile clk: vexpress: NULL dereference on error path 2014-04-24 11:39:06 +01:00
x86 ACPI / LPSS: add support for Intel BayTrail 2013-06-19 01:08:47 +02:00
zynq The clock framework changes for 3.15 look similar to past pull requests. 2014-04-05 18:39:18 -07:00
clk-axi-clkgen.c clk: axi-clkgen: Add support for v2 2014-02-26 17:02:29 -08:00
clk-bcm2835.c ARM: bcm2835: remove custom .init_time hook 2013-09-29 21:09:24 +02:00
clk-composite.c clk: composite: pass mux_hw into determine_rate 2014-01-15 07:48:03 -08:00
clk-devres.c ARM: 7537/1: clk: Fix release in devm_clk_put() 2012-09-19 21:51:27 +01:00
clk-divider.c clk: divider: Fix best div calculation for power-of-two and table dividers 2014-04-30 11:44:00 -07:00
clk-efm32gg.c clk: new driver for efm32 SoC 2013-11-04 12:23:18 -08:00
clk-fixed-factor.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
clk-fixed-rate.c clk: add accuracy support for fixed clock 2013-12-22 23:14:28 -08:00
clk-gate.c clk: wrap I/O access for improved portability 2013-08-27 17:50:38 -07:00
clk-highbank.c ARM: highbank: remove custom .init_time hook 2013-09-29 21:09:29 +02:00
clk-ls1x.c clk: add Loongson1B clock support 2012-08-31 11:05:18 -07:00
clk-max77686.c clk: max77686: Register OF clock provider 2014-01-08 09:57:07 -08:00
clk-moxart.c clk: add MOXA ART SoCs clock driver 2014-03-18 17:13:14 -07:00
clk-mux.c clk: wrap I/O access for improved portability 2013-08-27 17:50:38 -07:00
clk-nomadik.c clk: nomadik: fix multiplatform problem 2014-02-26 11:14:44 -08:00
clk-nspire.c clk: Add TI-Nspire clock drivers 2013-05-31 12:07:45 -07:00
clk-ppc-corenet.c clk: mpc85xx: Update the driver to align to new clock bindings 2014-03-19 17:04:14 -07:00
clk-s2mps11.c clk: s2mps11: Use of_get_child_by_name 2014-03-24 15:11:27 -07:00
clk-si570.c clk: si570: Remove redundant of_match_ptr helper 2013-12-22 22:46:52 -08:00
clk-si5351.c The second half of the clock framework pull requeust for 3.14 is 2014-01-28 18:44:53 -08:00
clk-si5351.h clk: si5351: remove variant from platform_data 2014-01-27 11:20:22 -08:00
clk-twl6040.c clk: use platform_{get,set}_drvdata() 2013-05-30 18:19:34 -07:00
clk-u300.c clk: u300: Fix incorrect placement of __initconst 2013-08-27 18:34:09 -07:00
clk-vt8500.c clk: vt8500: Staticize vtwm_pll_ops 2013-12-19 17:47:32 -08:00
clk-wm831x.c clk: wm831x: get rid of the implementation of remove function 2013-10-02 01:23:34 -07:00
clk-xgene.c clk: Add APM X-Gene SoC clock driver 2013-10-07 11:22:15 -07:00
clk.c clk: Fix slab corruption in clk_unregister() 2014-04-30 11:44:05 -07:00
clk.h clk: Provide not locked variant of of_clk_get_from_provider() 2013-12-04 17:19:30 +01:00
clkdev.c clk: return probe defer when DT clock not yet ready 2014-02-24 17:14:56 -08:00
Kconfig The clock framework changes for 3.15 look similar to past pull requests. 2014-04-05 18:39:18 -07:00
Makefile The clock framework changes for 3.15 look similar to past pull requests. 2014-04-05 18:39:18 -07:00