From patchwork Wed Jan 17 16:36:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Garry X-Patchwork-Id: 124815 Delivered-To: patch@linaro.org Received: by 10.46.62.1 with SMTP id l1csp87381lja; Wed, 17 Jan 2018 07:44:47 -0800 (PST) X-Google-Smtp-Source: ACJfBosB0GMwu4sKERZpNkERQKqVPakk/n8SVzLi0HfZyrx8RtJerN1Oumc3HE502KJFRwFt1bLK X-Received: by 10.159.214.134 with SMTP id n6mr10588622plp.333.1516203887748; Wed, 17 Jan 2018 07:44:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516203887; cv=none; d=google.com; s=arc-20160816; b=G3xsUmemqSJDG52UAGJr/pt8jNEXuAJCVbXK5sjhaHSd2lT1dfXx32/1WqRlRYt9fU qnwv17b2tRMfKPRmxXv/POoi7DqH8CM0uu1zfL7YFW2LNuLJ3QWxnd/eJrc/v/EAcgK+ viu4z4SY51JD0wdeyewFR3Q54RRN0icwDeS9OQOiisFNn6VNjkIPPdXoeumlqiRi70Of PcgDMLkq711PB/4ZUKqVWsZ5n4girFngKliqPXyPCgebBI7yMJ5XhcJRJUDRfBmDxvFa 64pMl9BiWp3I4Y5D7T7vhAu8Uzo+1tEAr4ZE60RQ7a5axSXLQFhPwzK/ipLBkCoGo87y 0bXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=zWbGVtgDTFRp47XkwSc3Gqt6Znp1Vgp854Gi/u6M0Ss=; b=G8Ev1rnICuGmQdgXwwfqMkHHBY/Nklp5d/aPI8y7j4IiIPqzvTndKaJ4ST+Dny5oKF KQzyg9oigPniaty6fD6YM2zKF5yCTscnhzoCpzf+h9GgqDjNKGX42TD0qzBj514cGIrE 8Kowk65tBjyIjUgLVy+BSwQ52WYpCeZTgwz4Rmx3fUeoI07XZJOuZjt3umofEAuDi/Em LUl5UTNXXvfCxdynx3VPO+d5ut7sdV1W6ojjUA1bEzBvVlRES1DCNDzlHZ3rQG2bz/l4 5KRMAVu+puq3tkGyyWOAN8Yw6AKrRTFjDQcW9s59fleEWpWhodS3eOYUH7THR/FyflX9 YE+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h26si3984765pgv.636.2018.01.17.07.44.47; Wed, 17 Jan 2018 07:44:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753639AbeAQPop (ORCPT + 28 others); Wed, 17 Jan 2018 10:44:45 -0500 Received: from szxga06-in.huawei.com ([45.249.212.32]:35775 "EHLO huawei.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1753384AbeAQPon (ORCPT ); Wed, 17 Jan 2018 10:44:43 -0500 Received: from DGGEMS406-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 4C52B4E7476D7; Wed, 17 Jan 2018 23:44:27 +0800 (CST) Received: from localhost.localdomain (10.67.212.75) by DGGEMS406-HUB.china.huawei.com (10.3.19.206) with Microsoft SMTP Server id 14.3.361.1; Wed, 17 Jan 2018 23:44:20 +0800 From: John Garry To: , CC: , , John Garry Subject: [PATCH] ipmi: use dynamic memory for DMI driver override Date: Thu, 18 Jan 2018 00:36:57 +0800 Message-ID: <1516207017-158659-1-git-send-email-john.garry@huawei.com> X-Mailer: git-send-email 1.9.1 MIME-Version: 1.0 X-Originating-IP: [10.67.212.75] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently a crash can be seen if we reach the "err" label in dmi_add_platform_ipmi(), calling platform_device_put(), like here: [ 7.270584] (null): ipmi:dmi: Unable to add resources: -16 [ 7.330229] ------------[ cut here ]------------ [ 7.334889] kernel BUG at mm/slub.c:3894! [ 7.338936] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [ 7.344475] Modules linked in: [ 7.347556] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2-00004-gbe9cb7b-dirty #114 [ 7.355907] Hardware name: Huawei Taishan 2280 /D05, BIOS Hisilicon D05 IT17 Nemo 2.0 RC0 11/29/2017 [ 7.365137] task: 00000000c211f6d3 task.stack: 00000000f276e9af [ 7.371116] pstate: 60000005 (nZCv daif -PAN -UAO) [ 7.375957] pc : kfree+0x194/0x1b4 [ 7.379389] lr : platform_device_release+0xcc/0xd8 [ 7.384225] sp : ffff0000092dba90 [ 7.387567] x29: ffff0000092dba90 x28: ffff000008a83000 [ 7.392933] x27: ffff0000092dbc10 x26: 00000000000000e6 [ 7.398297] x25: 0000000000000003 x24: ffff0000085b51e8 [ 7.403662] x23: 0000000000000100 x22: ffff7e0000234cc0 [ 7.409027] x21: ffff000008af3660 x20: ffff8017d21acc10 [ 7.414392] x19: ffff8017d21acc00 x18: 0000000000000002 [ 7.419757] x17: 0000000000000001 x16: 0000000000000008 [ 7.425121] x15: 0000000000000001 x14: 6666666678303d65 [ 7.430486] x13: 6469727265766f5f x12: 7265766972642e76 [ 7.435850] x11: 6564703e2d617020 x10: 6530326435373638 [ 7.441215] x9 : 3030303030303030 x8 : 3d76656420657361 [ 7.446580] x7 : ffff000008f59df8 x6 : ffff8017fbe0ea50 [ 7.451945] x5 : 0000000000000000 x4 : 0000000000000000 [ 7.457309] x3 : ffffffffffffffff x2 : 0000000000000000 [ 7.462674] x1 : 0fffc00000000800 x0 : ffff7e0000234ce0 [ 7.468039] Process swapper/0 (pid: 1, stack limit = 0x00000000f276e9af) [ 7.474809] Call trace: [ 7.477272] kfree+0x194/0x1b4 [ 7.480351] platform_device_release+0xcc/0xd8 [ 7.484837] device_release+0x34/0x90 [ 7.488531] kobject_put+0x70/0xcc [ 7.491961] put_device+0x14/0x1c [ 7.495304] platform_device_put+0x14/0x1c [ 7.499439] dmi_add_platform_ipmi+0x348/0x3ac [ 7.503923] scan_for_dmi_ipmi+0xfc/0x10c [ 7.507970] do_one_initcall+0x38/0x124 [ 7.511840] kernel_init_freeable+0x188/0x228 [ 7.516238] kernel_init+0x10/0x100 [ 7.519756] ret_from_fork+0x10/0x18 [ 7.523362] Code: f94002c0 37780080 f94012c0 37000040 (d4210000) [ 7.529552] ---[ end trace 11750e4787deef9e ]--- [ 7.534228] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 7.534228] This is because when the device is released in platform_device_release(), we try to free pdev.driver_override. This is a const string, hence the crash. Fix by using dynamic memory for pdev->driver_override. Signed-off-by: John Garry -- 1.9.1 diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c index ab78b3b..c5112b1 100644 --- a/drivers/char/ipmi/ipmi_dmi.c +++ b/drivers/char/ipmi/ipmi_dmi.c @@ -106,7 +106,10 @@ static void __init dmi_add_platform_ipmi(unsigned long base_addr, pr_err("ipmi:dmi: Error allocation IPMI platform device\n"); return; } - pdev->driver_override = override; + pdev->driver_override = kasprintf(GFP_KERNEL, "%s", + override); + if (!pdev->driver_override) + goto err; if (type == IPMI_DMI_TYPE_SSIF) { set_prop_entry(p[pidx++], "i2c-addr", u16, base_addr); diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c index 779869e..2a19aa8 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -2426,6 +2426,7 @@ int ipmi_si_remove_by_dev(struct device *dev) { struct smi_info *e; int rv = -ENOENT; + struct platform_device *pdev = to_platform_device(dev); mutex_lock(&smi_infos_lock); list_for_each_entry(e, &smi_infos, link) { @@ -2436,6 +2437,7 @@ int ipmi_si_remove_by_dev(struct device *dev) } } mutex_unlock(&smi_infos_lock); + kfree(pdev->driver_override); return rv; }