OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers
History
Stephen Boyd 2bf0e785c5 clk: Fix slab corruption in clk_unregister() 
commit 874f224cc5 upstream.

When a clock is unregsitered, we iterate over the list of
children and reparent them to NULL (i.e. orphan list). While
iterating the list, we should use the safe iterators because the
children list for this clock is changing when we reparent the
children to NULL. Failure to iterate safely can lead to slab
corruption like this:

=============================================================================
BUG kmalloc-128 (Not tainted): Poison overwritten
-----------------------------------------------------------------------------

Disabling lock debugging due to kernel taint
INFO: 0xed0c4900-0xed0c4903. First byte 0x0 instead of 0x6b
INFO: Allocated in clk_register+0x20/0x1bc age=297 cpu=2 pid=70
 __slab_alloc.isra.39.constprop.42+0x410/0x454
 kmem_cache_alloc_trace+0x200/0x24c
 clk_register+0x20/0x1bc
 devm_clk_register+0x34/0x68
 0xbf0000f0
 platform_drv_probe+0x18/0x48
 driver_probe_device+0x94/0x360
 __driver_attach+0x94/0x98
 bus_for_each_dev+0x54/0x88
 bus_add_driver+0xe8/0x204
 driver_register+0x78/0xf4
 do_one_initcall+0xc4/0x17c
 load_module+0x19ac/0x2294
 SyS_init_module+0xa4/0x110
 ret_fast_syscall+0x0/0x48
INFO: Freed in clk_unregister+0xd4/0x140 age=23 cpu=2 pid=73
 __slab_free+0x38/0x41c
 clk_unregister+0xd4/0x140
 release_nodes+0x164/0x1d8
 __device_release_driver+0x60/0xb0
 driver_detach+0xb4/0xb8
 bus_remove_driver+0x5c/0xc4
 SyS_delete_module+0x148/0x1d8
 ret_fast_syscall+0x0/0x48
INFO: Slab 0xeec50b90 objects=25 used=0 fp=0xed0c5400 flags=0x4080
INFO: Object 0xed0c48c0 @offset=2240 fp=0xed0c4a00

Bytes b4 ed0c48b0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
Object ed0c48c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c48d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c48e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c48f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c4900: 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  ....kkkkkkkkkkkk
Object ed0c4910: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c4920: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ed0c4930: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  kkkkkkkkkkkkkkk.
Redzone ed0c4940: bb bb bb bb                                      ....
Padding ed0c49e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
Padding ed0c49f8: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
CPU: 3 PID: 75 Comm: mdev Tainted: G    B         3.14.0-11033-g2054ba5ca781 #35
[<c0014be0>] (unwind_backtrace) from [<c0012240>] (show_stack+0x10/0x14)
[<c0012240>] (show_stack) from [<c04b74a0>] (dump_stack+0x70/0xbc)
[<c04b74a0>] (dump_stack) from [<c00f7a78>] (check_bytes_and_report+0xbc/0x100)
[<c00f7a78>] (check_bytes_and_report) from [<c00f7c48>] (check_object+0x18c/0x218)
[<c00f7c48>] (check_object) from [<c00f7efc>] (__free_slab+0x104/0x144)
[<c00f7efc>] (__free_slab) from [<c04b6668>] (__slab_free+0x3dc/0x41c)
[<c04b6668>] (__slab_free) from [<c014c008>] (load_elf_binary+0x88/0x12b4)
[<c014c008>] (load_elf_binary) from [<c0105a44>] (search_binary_handler+0x78/0x18c)
[<c0105a44>] (search_binary_handler) from [<c0106fc0>] (do_execve+0x490/0x5dc)
[<c0106fc0>] (do_execve) from [<c0036b8c>] (____call_usermodehelper+0x134/0x168)
[<c0036b8c>] (____call_usermodehelper) from [<c000f048>] (ret_from_fork+0x14/0x2c)
FIX kmalloc-128: Restoring 0xed0c4900-0xed0c4903=0x6b

Fixes: fcb0ee6a3d (clk: Implement clk_unregister)
Cc: Jiada Wang <jiada_wang@mentor.com>
Cc: Sylwester Nawrocki <s.nawrocki@samsung.com>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Mike Turquette <mturquette@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2014-06-07 10:28:27 -07:00
..
accessibility
acpi ACPI / video: Revert native brightness quirk for ThinkPad T530 2014-06-07 10:28:27 -07:00
amba
ata libata: clean up ZPODD when a port is detached 2014-06-07 10:28:26 -07:00
atm
auxdisplay
base drivercore: deferral race condition fix 2014-06-07 10:28:11 -07:00
bcma Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2014-01-30 17:20:32 -08:00
block rbd: fix error paths in rbd_img_request_fill() 2014-05-31 13:20:28 -07:00
bluetooth Revert "Bluetooth: Enable autosuspend for Intel Bluetooth device" 2014-06-07 10:28:16 -07:00
bus bus: mvebu-mbus: allow several windows with the same target/attribute 2014-06-07 10:28:22 -07:00
cdrom Merge branch 'for-3.14/drivers' of git://git.kernel.dk/linux-block 2014-01-30 11:40:10 -08:00
char ACPI / TPM: Fix resume regression on Chromebooks 2014-06-07 10:28:27 -07:00
clk clk: Fix slab corruption in clk_unregister() 2014-06-07 10:28:27 -07:00
clocksource clocksource: Exynos_mct: Register clock event after request_irq() 2014-06-07 10:28:08 -07:00
connector
cpufreq intel_pstate: remove setting P state to MAX on init 2014-06-07 10:28:27 -07:00
cpuidle powerpc/powernv/cpuidle: Back-end cpuidle driver for powernv platform. 2014-01-29 17:02:24 +11:00
crypto crypto: caam - add allocation failure handling in SPRINTFCAT macro 2014-06-07 10:28:27 -07:00
dca
devfreq Merge branches 'pm-cpufreq' and 'pm-devfreq' 2014-01-29 11:48:23 +01:00
dio
dma dmaengine: dw: went back to plain {request,free}_irq() calls 2014-06-07 10:28:26 -07:00
edac i7300_edac: Fix device reference count 2014-02-25 09:43:13 +01:00
eisa Revert "EISA: Initialize device before its resources" 2014-01-17 14:57:29 -07:00
extcon ASoC: dapm: Add locking to snd_soc_dapm_xxxx_pin functions 2014-02-20 18:40:07 +09:00
firewire Merge branch 'for-3.14-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2014-03-08 11:51:13 -08:00
firmware efi: Pass correct file handle to efi_file_{read,close} 2014-05-06 07:59:29 -07:00
fmc drivers/fmc/fmc-write-eeprom.c: fix decimal permissions 2014-02-25 15:25:43 -08:00
gpio gpio: mxs: Allow for recursive enable_irq_wake() call 2014-05-13 13:32:54 +02:00
gpu drm/i915: quirk invert brightness for Acer Aspire 5336 2014-06-07 10:28:25 -07:00
hid HID: add NO_INIT_REPORTS quirk for Synaptics Touch Pad V 103S 2014-05-31 13:20:29 -07:00
hsi
hv Drivers: hv: vmbus: Negotiate version 3.0 when running on ws2012r2 hosts 2014-05-06 07:59:29 -07:00
hwmon hwmon: (emc1403) Support full range of known chip revision numbers 2014-06-07 10:28:11 -07:00
hwspinlock
i2c i2c: s3c2410: resume race fix 2014-06-07 10:28:27 -07:00
ide drivers: ide: Include appropriate header file in ide-pio-blacklist.c 2014-01-28 23:35:09 -08:00
idle ACPI and power management updates for 3.14-rc1 2014-01-24 15:51:02 -08:00
iio iio:imu:mpu6050: Fixed segfault in Invensens MPU driver due to null dereference 2014-06-07 10:28:15 -07:00
infiniband Target/iser: Fix iscsit_accept_np and rdma_cm racy flow 2014-06-07 10:28:24 -07:00
input Input: synaptics - change min/max quirk table to pnp-id matching 2014-06-07 10:28:21 -07:00
iommu drivers/iommu/omap-iommu-debug.c: fix decimal permissions 2014-02-25 15:25:42 -08:00
ipack
irqchip irqchip: armada-370-xp: Fix releasing of MSIs 2014-06-07 10:28:13 -07:00
isdn isdnloop: several buffer overflows 2014-04-14 06:50:04 -07:00
leds leds: leds-pwm: properly clean up after probe failure 2014-06-07 10:28:18 -07:00
lguest
macintosh Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2014-01-27 21:11:26 -08:00
mailbox drivers/mailbox/omap: make mbox->irq signed for error handling 2014-01-23 16:36:53 -08:00
md dm thin: add timeout to stop out-of-data-space mode holding IO forever 2014-06-07 10:28:25 -07:00
media media: media-device: fix infoleak in ioctl media_enum_entities() 2014-06-07 10:28:19 -07:00
memory memory: mvebu-devbus: fix the conversion of the bus width 2014-06-07 10:28:22 -07:00
memstick drivers/memstick/host/rtsx_pci_ms.c: fix ms card data transfer bug 2014-01-23 16:37:04 -08:00
message drivers/message/i2o/i2o_config.c: fix deadlock in compat_ioctl(I2OGETIOPS) 2014-02-10 16:01:40 -08:00
mfd mfd: twl-core: Fix accessibility of some twl4030 audio registers 2014-05-06 07:59:26 -07:00
misc mei: ignore client writing state during cb completion 2014-05-06 07:59:25 -07:00
mmc mmc: sdhci-bcm-kona: fix build errors when built-in 2014-05-13 13:32:56 +02:00
mtd mtd: sm_ftl: heap corruption in sm_create_sysfs_attributes() 2014-05-13 13:32:55 +02:00
net iwlwifi: mvm: BT Coex - fix Look Up Table 2014-06-07 10:28:25 -07:00
nfc
ntb
nubus
of of/irq: do irq resolution in platform_get_irq 2014-06-07 10:28:07 -07:00
oprofile
parisc
parport TTY/Serial driver patches for 3.14-rc1 2014-01-20 16:05:23 -08:00
pci PCI: Wrong register used to check pending traffic 2014-06-07 10:28:25 -07:00
pcmcia PCI changes for the v3.14 merge window: 2014-01-22 16:39:28 -08:00
phy phy: let phy_provider_register be the last step in registering PHY 2014-02-18 12:13:16 -08:00
pinctrl pinctrl: as3722: fix handling of GPIO invert bit 2014-05-13 13:32:54 +02:00
platform thinkpad_acpi: Fix inconsistent mute LED after resume 2014-05-13 13:32:56 +02:00
pnp PNP / ACPI: Do not return errors if _DIS or _SRS are not present 2014-06-07 10:28:12 -07:00
power Few fixes: 2014-02-14 10:32:28 -08:00
powercap
pps
ps3
ptp ptp_pch: Add dependency on HAS_IOMEM 2014-01-15 14:51:22 -08:00
pwm pwm: lp3943: Fix potential memory leak during request 2014-02-26 15:45:12 +01:00
rapidio rapidio/tsi721: fix tasklet termination in dma channel release 2014-03-04 07:55:49 -08:00
regulator regulator: arizona-ldo1: Correct default regulator init_data 2014-05-06 07:59:26 -07:00
remoteproc
reset
rpmsg
rtc drivers/rtc/rtc-hym8563.c: set uie_unsupported 2014-06-07 10:28:10 -07:00
s390 s390/chsc: fix SEI usage on old FW levels 2014-05-13 13:32:49 +02:00
sbus Sparc: sparc_cpu_model isn't in asm/system.h any more [ver #2] 2014-02-20 13:34:11 -05:00
scsi SCSI: megaraid: missing bounds check in mimd_to_kioc() 2014-05-31 13:20:27 -07:00
sfi
sh
sn
spi spi: dw: Don't call kfree for memory allocated by devm_kzalloc 2014-05-06 07:59:24 -07:00
ssb Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2014-01-30 17:20:32 -08:00
staging staging: r8188eu: Calling rtw_get_stainfo() with a NULL sta_addr will return NULL 2014-05-06 07:59:26 -07:00
target tcm_fc: Fix free-after-use regression in ft_free_cmd 2014-06-07 10:28:26 -07:00
tc
thermal Thermal: thermal zone governor fix 2014-03-03 23:15:57 +08:00
tty 8250_core: Fix unwanted TX chars write 2014-06-07 10:28:08 -07:00
uio
usb USB: Nokia 5300 should be treated as unusual dev 2014-06-07 10:28:16 -07:00
uwb
vfio mm: close PageTail race 2014-03-04 07:55:47 -08:00
vhost vhost: validate vhost_get_vq_desc return value 2014-03-28 16:10:35 -04:00
video tgafb: fix data copying 2014-05-13 13:32:54 +02:00
virt
virtio virtio_balloon: don't softlockup on huge balloon changes. 2014-05-13 13:32:48 +02:00
vlynq drivers/vlynq/vlynq.c: fix another resource size off by 1 error 2014-01-23 16:36:55 -08:00
vme VME: Correct read/write alignment algorithm 2014-02-07 08:16:14 -08:00
w1 w1: fix w1_send_slave dropping a slave id 2014-05-06 07:59:26 -07:00
watchdog watchdog: w83697hf_wdt: return ENODEV if no device was found 2014-02-21 20:36:46 +01:00
xen xen/events/fifo: correctly align bitops 2014-05-31 13:20:29 -07:00
zorro
Kconfig
Makefile