From: Bjorn Helgaas <helgaas@kernel.org>
To: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Johan Hovold <johan@kernel.org>,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
stable <stable@vger.kernel.org>,
Murali Karicheri <m-karicheri2@ti.com>,
Bjorn Helgaas <bhelgaas@google.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2] PCI: keystone: fix interrupt-controller-node lookup
Date: Tue, 12 Dec 2017 11:25:37 -0600 [thread overview]
Message-ID: <20171212172537.GB53955@bhelgaas-glaptop.roam.corp.google.com> (raw)
In-Reply-To: <20171211104233.GB3225@red-moon>
On Mon, Dec 11, 2017 at 10:42:33AM +0000, Lorenzo Pieralisi wrote:
> On Mon, Dec 11, 2017 at 11:29:55AM +0100, Johan Hovold wrote:
> > On Fri, Nov 17, 2017 at 02:38:31PM +0100, Johan Hovold wrote:
> > > Fix child-node lookup during initialisation which was using the wrong
> > > OF-helper and ended up searching the whole device tree depth-first
> > > starting at the parent rather than just matching on its children.
> > >
> > > To make things worse, the parent pci node could end up being prematurely
> > > freed as of_find_node_by_name() drops a reference to its first argument.
> > > Any matching child interrupt-controller node was also leaked.
> > >
> > > Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver")
> > > Cc: stable <stable@vger.kernel.org> # 3.18
> > > Acked-by: Murali Karicheri <m-karicheri2@ti.com>
> > > Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
> > > Signed-off-by: Johan Hovold <johan@kernel.org>
> > > ---
> > >
> > > v2
> > > - amend commit message and mention explicitly that of_find_node_by_name()
> > > drops a reference to the start node
> > > - add Murali's and Lorenzo's acks
> >
> > This one hasn't shown up in linux-next, so sending a reminder to make
> > sure it doesn't fall between the cracks.
>
> Hi Johan,
>
> yes it is in the list of fixes to be sent upstream - I was about to
> ask Bjorn to apply it.
Is this something that needs to be merged for v4.15? If so, I need to
be able to defend it to Linus as being a critical fix. If the issue
been around for 3 years (v3.18 was tagged Dec 7 2014), that requires
pretty "clear and present danger."
>From the commit log, I see a sub-optimal search (not critical), a
possible use-after-free (could conceivably be critical if people are
tripping over this, but would need more specifics about that), and a
leak (not critical).
Given what I can see now, my inclination would be for Lorenzo to queue
it for v4.16, which would still get in linux-next soonish.
Bjorn
WARNING: multiple messages have this Message-ID (diff)
From: helgaas@kernel.org (Bjorn Helgaas)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2] PCI: keystone: fix interrupt-controller-node lookup
Date: Tue, 12 Dec 2017 11:25:37 -0600 [thread overview]
Message-ID: <20171212172537.GB53955@bhelgaas-glaptop.roam.corp.google.com> (raw)
In-Reply-To: <20171211104233.GB3225@red-moon>
On Mon, Dec 11, 2017 at 10:42:33AM +0000, Lorenzo Pieralisi wrote:
> On Mon, Dec 11, 2017 at 11:29:55AM +0100, Johan Hovold wrote:
> > On Fri, Nov 17, 2017 at 02:38:31PM +0100, Johan Hovold wrote:
> > > Fix child-node lookup during initialisation which was using the wrong
> > > OF-helper and ended up searching the whole device tree depth-first
> > > starting at the parent rather than just matching on its children.
> > >
> > > To make things worse, the parent pci node could end up being prematurely
> > > freed as of_find_node_by_name() drops a reference to its first argument.
> > > Any matching child interrupt-controller node was also leaked.
> > >
> > > Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver")
> > > Cc: stable <stable@vger.kernel.org> # 3.18
> > > Acked-by: Murali Karicheri <m-karicheri2@ti.com>
> > > Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
> > > Signed-off-by: Johan Hovold <johan@kernel.org>
> > > ---
> > >
> > > v2
> > > - amend commit message and mention explicitly that of_find_node_by_name()
> > > drops a reference to the start node
> > > - add Murali's and Lorenzo's acks
> >
> > This one hasn't shown up in linux-next, so sending a reminder to make
> > sure it doesn't fall between the cracks.
>
> Hi Johan,
>
> yes it is in the list of fixes to be sent upstream - I was about to
> ask Bjorn to apply it.
Is this something that needs to be merged for v4.15? If so, I need to
be able to defend it to Linus as being a critical fix. If the issue
been around for 3 years (v3.18 was tagged Dec 7 2014), that requires
pretty "clear and present danger."
>From the commit log, I see a sub-optimal search (not critical), a
possible use-after-free (could conceivably be critical if people are
tripping over this, but would need more specifics about that), and a
leak (not critical).
Given what I can see now, my inclination would be for Lorenzo to queue
it for v4.16, which would still get in linux-next soonish.
Bjorn
next prev parent reply other threads:[~2017-12-12 17:25 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-17 13:38 [PATCH v2] PCI: keystone: fix interrupt-controller-node lookup Johan Hovold
2017-11-17 13:38 ` Johan Hovold
2017-11-17 13:38 ` Johan Hovold
2017-12-11 10:29 ` Johan Hovold
2017-12-11 10:29 ` Johan Hovold
2017-12-11 10:29 ` Johan Hovold
2017-12-11 10:42 ` Lorenzo Pieralisi
2017-12-11 10:42 ` Lorenzo Pieralisi
2017-12-11 10:42 ` Lorenzo Pieralisi
2017-12-12 17:25 ` Bjorn Helgaas [this message]
2017-12-12 17:25 ` Bjorn Helgaas
2017-12-12 18:07 ` Lorenzo Pieralisi
2017-12-12 18:07 ` Lorenzo Pieralisi
2017-12-12 19:29 ` Johan Hovold
2017-12-12 19:29 ` Johan Hovold
2017-12-15 13:22 ` Lorenzo Pieralisi
2017-12-15 13:22 ` Lorenzo Pieralisi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171212172537.GB53955@bhelgaas-glaptop.roam.corp.google.com \
--to=helgaas@kernel.org \
--cc=bhelgaas@google.com \
--cc=johan@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lorenzo.pieralisi@arm.com \
--cc=m-karicheri2@ti.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.