From: Rhyland Klein <rklein-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
To: Gavin Shan <gwshan-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Cc: Rob Herring <robh-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Jon Hunter <jonathanh-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>,
linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Rhyland Klein <rklein-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>,
stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [PATCH] drivers/of: Fix depth when unflattening devicetree
Date: Wed, 11 May 2016 13:36:57 -0400 [thread overview]
Message-ID: <1462988217-29314-1-git-send-email-rklein@nvidia.com> (raw)
When the implementation for unflatten_dt_node() changed from being
recursive to being non-recursive, it had a side effect of increasing the
depth passed to fdt_next_node() by 1. This is fine most of the time, but
it seems that when the end of the dtb is being parsed, it will cause the
FDT_END condition in fdt_next_node() to return a different value
(returning nextoffset instead of -FDT_ERR_NOTFOUND). This ends up passing
an FDT_ERR_TRUNCATED error back to the unflatten_dt_node() which then
sees that and complains "Error -8 processing FDT" causing boot to fail.
This patch simply avoids incrementing depth and uses modified accesses
for local array indices so that the depth is the same as it was before
the change as far as fdt_next_node() is concerned.
This problem was discovered trying to boot Tegra210-Smaug platforms.
Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Fixes: 9ffa9eb41763 ("drivers/of: Avoid recursively calling unflatten_dt_node()")
Signed-off-by: Rhyland Klein <rklein-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
---
drivers/of/fdt.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index df9f4e8dfa00..becb025702d7 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -407,24 +407,24 @@ static int unflatten_dt_nodes(const void *blob,
root = dad;
fpsizes[depth] = dad ? strlen(of_node_full_name(dad)) : 0;
- nps[depth++] = dad;
+ nps[depth+1] = dad;
for (offset = 0;
offset >= 0;
offset = fdt_next_node(blob, offset, &depth)) {
if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH))
continue;
- fpsizes[depth] = populate_node(blob, offset, &mem,
- nps[depth - 1],
- fpsizes[depth - 1],
- &nps[depth], dryrun);
- if (!fpsizes[depth])
+ fpsizes[depth+1] = populate_node(blob, offset, &mem,
+ nps[depth],
+ fpsizes[depth],
+ &nps[depth+1], dryrun);
+ if (!fpsizes[depth+1])
return mem - base;
if (!dryrun && nodepp && !*nodepp)
- *nodepp = nps[depth];
+ *nodepp = nps[depth+1];
if (!dryrun && !root)
- root = nps[depth];
+ root = nps[depth+1];
}
if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
--
1.9.1
WARNING: multiple messages have this Message-ID (diff)
From: Rhyland Klein <rklein@nvidia.com>
To: Gavin Shan <gwshan@linux.vnet.ibm.com>
Cc: Rob Herring <robh@kernel.org>, Jon Hunter <jonathanh@nvidia.com>,
<linux-tegra@vger.kernel.org>, <devicetree@vger.kernel.org>,
Rhyland Klein <rklein@nvidia.com>, <stable@vger.kernel.org>
Subject: [PATCH] drivers/of: Fix depth when unflattening devicetree
Date: Wed, 11 May 2016 13:36:57 -0400 [thread overview]
Message-ID: <1462988217-29314-1-git-send-email-rklein@nvidia.com> (raw)
When the implementation for unflatten_dt_node() changed from being
recursive to being non-recursive, it had a side effect of increasing the
depth passed to fdt_next_node() by 1. This is fine most of the time, but
it seems that when the end of the dtb is being parsed, it will cause the
FDT_END condition in fdt_next_node() to return a different value
(returning nextoffset instead of -FDT_ERR_NOTFOUND). This ends up passing
an FDT_ERR_TRUNCATED error back to the unflatten_dt_node() which then
sees that and complains "Error -8 processing FDT" causing boot to fail.
This patch simply avoids incrementing depth and uses modified accesses
for local array indices so that the depth is the same as it was before
the change as far as fdt_next_node() is concerned.
This problem was discovered trying to boot Tegra210-Smaug platforms.
Cc: stable@vger.kernel.org
Fixes: 9ffa9eb41763 ("drivers/of: Avoid recursively calling unflatten_dt_node()")
Signed-off-by: Rhyland Klein <rklein@nvidia.com>
---
drivers/of/fdt.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index df9f4e8dfa00..becb025702d7 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -407,24 +407,24 @@ static int unflatten_dt_nodes(const void *blob,
root = dad;
fpsizes[depth] = dad ? strlen(of_node_full_name(dad)) : 0;
- nps[depth++] = dad;
+ nps[depth+1] = dad;
for (offset = 0;
offset >= 0;
offset = fdt_next_node(blob, offset, &depth)) {
if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH))
continue;
- fpsizes[depth] = populate_node(blob, offset, &mem,
- nps[depth - 1],
- fpsizes[depth - 1],
- &nps[depth], dryrun);
- if (!fpsizes[depth])
+ fpsizes[depth+1] = populate_node(blob, offset, &mem,
+ nps[depth],
+ fpsizes[depth],
+ &nps[depth+1], dryrun);
+ if (!fpsizes[depth+1])
return mem - base;
if (!dryrun && nodepp && !*nodepp)
- *nodepp = nps[depth];
+ *nodepp = nps[depth+1];
if (!dryrun && !root)
- root = nps[depth];
+ root = nps[depth+1];
}
if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
--
1.9.1
next reply other threads:[~2016-05-11 17:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-11 17:36 Rhyland Klein [this message]
2016-05-11 17:36 ` [PATCH] drivers/of: Fix depth when unflattening devicetree Rhyland Klein
2016-05-16 14:10 ` Rob Herring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1462988217-29314-1-git-send-email-rklein@nvidia.com \
--to=rklein-ddmlm1+adcrqt0dzr+alfa@public.gmane.org \
--cc=devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=gwshan-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=jonathanh-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org \
--cc=linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=robh-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.