All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stepan Moskovchenko <stepanm@codeaurora.org>
To: grant.likely@linaro.org, robh+dt@kernel.org, devicetree@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org,
	stepanm@codeaurora.org
Subject: [PATCH] of: Deep-copy names of platform devices
Date: Tue, 12 Aug 2014 17:57:24 -0700	[thread overview]
Message-ID: <1407891444-7311-1-git-send-email-stepanm@codeaurora.org> (raw)

When we parse the device tree and allocate platform
devices, the 'name' of the newly-created platform_device
is set to point to the 'name' field of the 'struct device'
embedded within the platform_device. This is dangerous,
because the name of the 'struct device' is dynamically
allocated. Drivers may call dev_set_name() on the device,
which will free and reallocate the name of the device,
leaving the 'name' of the platform_device pointing to the
now-freed memory.

Furthermore, if the dev_set_name() call is made from a
driver's probe() function and a subsequent request results
in probe deferral, the dangling 'name' reference may lead
to the device being re-probed using the wrong driver.

To mitigate these scenarios, we use kstrdup to perform a
deep copy of the device name when assigning the name of the
platform_device, so that the platform_device name is
unaffected by any calls to dev_set_name() that might made
by drivers to rename the embedded 'struct device'.

Signed-off-by: Stepan Moskovchenko <stepanm@codeaurora.org>
---
This is technically a 'v2' patch, but it looks like I used
an old version of MAINTAINERS, so I'll just re-send this
as a new patch to avoid confusion for people who missed the
original.

I suppose creating a 'pdev_set_name' API may seem like
another possibility, but I feel that dev.name and pdev.name
have two different meanings. One is used for device/driver
binding purposes, whereas the other serves a more general
identification purpose, and is used for things like sysfs.
Drivers might want to change dev.name while leaving the
pdev.name alone. I guess yet another possibility would be
to prohibit calling dev_set_name() on devices created from
device tree, but a driver does not necessarily know how a
given platform_device was allocated.

Steve

 drivers/of/device.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/of/device.c b/drivers/of/device.c
index f685e55..3e116f6 100644
--- a/drivers/of/device.c
+++ b/drivers/of/device.c
@@ -54,7 +54,7 @@ int of_device_add(struct platform_device *ofdev)

 	/* name and id have to be set so that the platform bus doesn't get
 	 * confused on matching */
-	ofdev->name = dev_name(&ofdev->dev);
+	ofdev->name = kstrdup(dev_name(&ofdev->dev), GFP_KERNEL);
 	ofdev->id = -1;

 	/* device_add will assume that this device is on the same node as
@@ -76,6 +76,7 @@ EXPORT_SYMBOL(of_device_register);
 void of_device_unregister(struct platform_device *ofdev)
 {
 	device_unregister(&ofdev->dev);
+	kfree(ofdev->name);
 }
 EXPORT_SYMBOL(of_device_unregister);

--
The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation

             reply	other threads:[~2014-08-13  0:57 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-13  0:57 Stepan Moskovchenko [this message]
2014-08-13  1:46 ` [PATCH] of: Deep-copy names of platform devices Stephen Boyd
2014-08-13  2:30   ` [PATCH v2] " Stepan Moskovchenko
2014-08-15 16:38     ` Rob Herring
2014-08-16  4:19       ` Greg Kroah-Hartman
2014-08-16 18:29       ` Grant Likely
2014-08-15 10:45   ` [PATCH] " Grant Likely
2014-08-15 10:52     ` Grant Likely
     [not found]       ` <CACxGe6tr_hX+XBD=C+y55OixrweVLZvNNFQHxSDHwuHbSYW-XQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 11:01         ` Grant Likely
2014-08-15 11:01           ` Grant Likely
  -- strict thread matches above, loose matches on Subject: below --
2014-08-12  2:42 Stepan Moskovchenko
2014-08-12 16:12 ` Kumar Gala
2014-08-13  0:27   ` Stepan Moskovchenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1407891444-7311-1-git-send-email-stepanm@codeaurora.org \
    --to=stepanm@codeaurora.org \
    --cc=devicetree@vger.kernel.org \
    --cc=grant.likely@linaro.org \
    --cc=linux-arm-msm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=robh+dt@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.