[1/2] powerpc/pseries: fix of_node_put() underflow during dlpar remove
Michael Ellerman
patch-notifications at ellerman.id.au
Tue Apr 25 08:47:24 AEST 2017
On Tue, 2017-04-18 at 00:21:40 UTC, Tyrel Datwyler wrote:
> Historically device_node references were tracked using a kref embedded
> as a struct field. Commit 75b57ecf9 refactored device_nodes to be
> kobjects such that the device tree could by more simply exposed to
> userspace using sysfs. Commit 0829f6d1f6 followed up these changes to
> better control the kobject lifecycle and in particular the referecne
> counting via of_node_get(), of_node_put(), and of_node_init(). A side
> effect of this second commit was that it introduced an of_node_put()
> call when a dynamic node is detached that removes the initial kobj
> reference created by of_node_init() . Traditionally as the original
> dynamic device node user the pseries code had assumed responsibilty for
> releasing this final reference in its platform specific DLPAR detach code.
>
> This patch fixes a refcount underflow introduced by commit 0829f6d1f6,
> and recently exposed by the upstreaming of the recount API.
>
> Messages like the following are no longer seen in the kernel log with this
> patch following DLPAR remove operations of cpus and pci devices.
>
> [ 269.589441] rpadlpar_io: slot PHB 72 removed
> [ 270.589997] refcount_t: underflow; use-after-free.
> [ 270.590019] ------------[ cut here ]------------
> [ 270.590025] WARNING: CPU: 5 PID: 3335 at
> lib/refcount.c:128 refcount_sub_and_test+0xf4/0x110
>
> Cc: stable at vger.kernel.org
> Fixes: 0829f6d1f69e ("of: device_node kobject lifecycle fixes")
> Signed-off-by: Tyrel Datwyler <tyreld at linux.vnet.ibm.com>
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/68baf692c435339e6295cb470ea554
cheers
More information about the Linuxppc-dev
mailing list