From: Bjorn Helgaas <helgaas@kernel.org> To: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> Cc: Johan Hovold <johan@kernel.org>, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, stable <stable@vger.kernel.org>, Murali Karicheri <m-karicheri2@ti.com>, Bjorn Helgaas <bhelgaas@google.com>, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH v2] PCI: keystone: fix interrupt-controller-node lookup Date: Tue, 12 Dec 2017 11:25:37 -0600 [thread overview] Message-ID: <20171212172537.GB53955@bhelgaas-glaptop.roam.corp.google.com> (raw) In-Reply-To: <20171211104233.GB3225@red-moon> On Mon, Dec 11, 2017 at 10:42:33AM +0000, Lorenzo Pieralisi wrote: > On Mon, Dec 11, 2017 at 11:29:55AM +0100, Johan Hovold wrote: > > On Fri, Nov 17, 2017 at 02:38:31PM +0100, Johan Hovold wrote: > > > Fix child-node lookup during initialisation which was using the wrong > > > OF-helper and ended up searching the whole device tree depth-first > > > starting at the parent rather than just matching on its children. > > > > > > To make things worse, the parent pci node could end up being prematurely > > > freed as of_find_node_by_name() drops a reference to its first argument. > > > Any matching child interrupt-controller node was also leaked. > > > > > > Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver") > > > Cc: stable <stable@vger.kernel.org> # 3.18 > > > Acked-by: Murali Karicheri <m-karicheri2@ti.com> > > > Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> > > > Signed-off-by: Johan Hovold <johan@kernel.org> > > > --- > > > > > > v2 > > > - amend commit message and mention explicitly that of_find_node_by_name() > > > drops a reference to the start node > > > - add Murali's and Lorenzo's acks > > > > This one hasn't shown up in linux-next, so sending a reminder to make > > sure it doesn't fall between the cracks. > > Hi Johan, > > yes it is in the list of fixes to be sent upstream - I was about to > ask Bjorn to apply it. Is this something that needs to be merged for v4.15? If so, I need to be able to defend it to Linus as being a critical fix. If the issue been around for 3 years (v3.18 was tagged Dec 7 2014), that requires pretty "clear and present danger." >From the commit log, I see a sub-optimal search (not critical), a possible use-after-free (could conceivably be critical if people are tripping over this, but would need more specifics about that), and a leak (not critical). Given what I can see now, my inclination would be for Lorenzo to queue it for v4.16, which would still get in linux-next soonish. Bjorn
WARNING: multiple messages have this Message-ID (diff)
From: helgaas@kernel.org (Bjorn Helgaas) To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v2] PCI: keystone: fix interrupt-controller-node lookup Date: Tue, 12 Dec 2017 11:25:37 -0600 [thread overview] Message-ID: <20171212172537.GB53955@bhelgaas-glaptop.roam.corp.google.com> (raw) In-Reply-To: <20171211104233.GB3225@red-moon> On Mon, Dec 11, 2017 at 10:42:33AM +0000, Lorenzo Pieralisi wrote: > On Mon, Dec 11, 2017 at 11:29:55AM +0100, Johan Hovold wrote: > > On Fri, Nov 17, 2017 at 02:38:31PM +0100, Johan Hovold wrote: > > > Fix child-node lookup during initialisation which was using the wrong > > > OF-helper and ended up searching the whole device tree depth-first > > > starting at the parent rather than just matching on its children. > > > > > > To make things worse, the parent pci node could end up being prematurely > > > freed as of_find_node_by_name() drops a reference to its first argument. > > > Any matching child interrupt-controller node was also leaked. > > > > > > Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver") > > > Cc: stable <stable@vger.kernel.org> # 3.18 > > > Acked-by: Murali Karicheri <m-karicheri2@ti.com> > > > Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> > > > Signed-off-by: Johan Hovold <johan@kernel.org> > > > --- > > > > > > v2 > > > - amend commit message and mention explicitly that of_find_node_by_name() > > > drops a reference to the start node > > > - add Murali's and Lorenzo's acks > > > > This one hasn't shown up in linux-next, so sending a reminder to make > > sure it doesn't fall between the cracks. > > Hi Johan, > > yes it is in the list of fixes to be sent upstream - I was about to > ask Bjorn to apply it. Is this something that needs to be merged for v4.15? If so, I need to be able to defend it to Linus as being a critical fix. If the issue been around for 3 years (v3.18 was tagged Dec 7 2014), that requires pretty "clear and present danger." >From the commit log, I see a sub-optimal search (not critical), a possible use-after-free (could conceivably be critical if people are tripping over this, but would need more specifics about that), and a leak (not critical). Given what I can see now, my inclination would be for Lorenzo to queue it for v4.16, which would still get in linux-next soonish. Bjorn
next prev parent reply other threads:[~2017-12-12 17:25 UTC|newest] Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-11-17 13:38 [PATCH v2] PCI: keystone: fix interrupt-controller-node lookup Johan Hovold 2017-11-17 13:38 ` Johan Hovold 2017-11-17 13:38 ` Johan Hovold 2017-12-11 10:29 ` Johan Hovold 2017-12-11 10:29 ` Johan Hovold 2017-12-11 10:29 ` Johan Hovold 2017-12-11 10:42 ` Lorenzo Pieralisi 2017-12-11 10:42 ` Lorenzo Pieralisi 2017-12-11 10:42 ` Lorenzo Pieralisi 2017-12-12 17:25 ` Bjorn Helgaas [this message] 2017-12-12 17:25 ` Bjorn Helgaas 2017-12-12 18:07 ` Lorenzo Pieralisi 2017-12-12 18:07 ` Lorenzo Pieralisi 2017-12-12 19:29 ` Johan Hovold 2017-12-12 19:29 ` Johan Hovold 2017-12-15 13:22 ` Lorenzo Pieralisi 2017-12-15 13:22 ` Lorenzo Pieralisi
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20171212172537.GB53955@bhelgaas-glaptop.roam.corp.google.com \ --to=helgaas@kernel.org \ --cc=bhelgaas@google.com \ --cc=johan@kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-pci@vger.kernel.org \ --cc=lorenzo.pieralisi@arm.com \ --cc=m-karicheri2@ti.com \ --cc=stable@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.