From: "Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>
To: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 6/7] state: add fixup to copy state from barebox to kernel device tree
Date: Fri, 15 May 2015 11:28:58 +0200 [thread overview]
Message-ID: <20150515092858.GR28888@pengutronix.de> (raw)
In-Reply-To: <1431511952-32124-6-git-send-email-mkl@pengutronix.de>
On Wed, May 13, 2015 at 12:12:31PM +0200, Marc Kleine-Budde wrote:
> This patch registers a DT fixup, that copies the state nodes from the active
> to the kernel DT. The backend reference will be a phandles.
>
> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> ---
> common/state.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 92 insertions(+)
>
> diff --git a/common/state.c b/common/state.c
> index d6060bb7dff4..ca691d2827fa 100644
> --- a/common/state.c
> +++ b/common/state.c
> @@ -676,6 +676,93 @@ static int state_from_node(struct state *state, struct device_node *node,
> return ret;
> }
>
> +static int of_state_fixup(struct device_node *root, void *ctx)
> +{
> + struct state *state = ctx;
> + const char *compatible = "barebox,state";
> + struct device_node *new_node, *node, *parent, *backend_node;
> + struct property *p;
> + int ret;
> + phandle phandle;
> +
> + node = of_find_node_by_path_from(root, state->root->full_name);
> + if (node) {
> + /* replace existing node - it will be deleted later */
> + parent = node->parent;
> + } else {
> + char *of_path, *c;
> +
> + /* look for parent, remove last '/' from path */
> + of_path = xstrdup(state->root->full_name);
> + c = strrchr(of_path, '/');
> + if (!c)
> + return -ENODEV;
> + *c = '0';
> + parent = of_find_node_by_path(of_path);
> + if (!parent)
> + parent = root;
> +
> + free(of_path);
> + }
> +
> + /* serialize variable definitions */
> + new_node = state_to_node(state, parent, STATE_CONVERT_FIXUP);
> + if (IS_ERR(new_node))
> + return PTR_ERR(new_node);
> +
> + /* compatible */
> + p = of_new_property(new_node, "compatible", compatible,
> + strlen(compatible) + 1);
> + if (!p) {
> + ret = -ENOMEM;
> + goto out;
> + }
> +
> + /* backend-type */
> + if (!state->backend) {
> + ret = -ENODEV;
> + goto out;
> + }
> +
> + p = of_new_property(new_node, "backend-type", state->backend->name,
> + strlen(state->backend->name) + 1);
> + if (!p) {
> + ret = -ENOMEM;
> + goto out;
> + }
> +
> + /* backend phandle */
> + backend_node = of_find_node_by_path_from(root, state->backend->of_path);
> + if (!backend_node) {
> + ret = -ENODEV;
> + goto out;
> + }
> +
> + phandle = of_node_create_phandle(backend_node);
> + ret = of_property_write_u32(new_node, "backend", phandle);
> + if (ret)
> + goto out;
> +
> + /* address-cells + size-cells */
> + ret = of_property_write_u32(root, "#address-cells", 1);
> + if (ret)
> + goto out;
> +
> + ret = of_property_write_u32(root, "#size-cells", 1);
> + if (ret)
> + goto out;
> +
> + /* delete existing node */
> + if (node)
> + of_delete_node(node);
> +
> + return 0;
> +
> + out:
> + of_delete_node(new_node);
> + return ret;
> +}
> +
> /*
> * state_new_from_node - create a new state instance from a device_node
> *
> @@ -697,6 +784,11 @@ struct state *state_new_from_node(const char *name, struct device_node *node)
> return ERR_PTR(ret);
> }
>
> + ret = of_register_fixup(of_state_fixup, state);
> + if (ret) {
> + state_release(state);
> + return ERR_PTR(ret);
> + }
This is broken. state_new_from_node is called in state_probe:
static int state_probe(struct device_d *dev)
{
...
state = state_new_from_node(alias, np);
...
ret = of_find_path(np, "backend", &path, 0);
if (ret)
return ret;
...
So if there is an error with the backend (or something else later that
makes the state invalid) the fixup is still registered. So when the
fixup is actually called state might be invalid resulting in
of_state_fixup using possibly overwritten memory.
Best regards
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | http://www.pengutronix.de/ |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2015-05-15 9:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-13 10:12 [PATCH 1/7] state: print name of property of size mismatch is detected Marc Kleine-Budde
2015-05-13 10:12 ` [PATCH 2/7] state: print proper error message, if reg property is not found Marc Kleine-Budde
2015-05-13 10:12 ` [PATCH 3/7] state: make state_release() non static Marc Kleine-Budde
2015-05-13 10:12 ` [PATCH 4/7] state: add functionality to export state description Marc Kleine-Budde
2015-05-13 10:12 ` [PATCH 5/7] state: backend: support phandle and of_path references Marc Kleine-Budde
2015-05-15 5:05 ` Sascha Hauer
2015-05-15 6:12 ` Marc Kleine-Budde
2015-05-13 10:12 ` [PATCH 6/7] state: add fixup to copy state from barebox to kernel device tree Marc Kleine-Budde
2015-05-15 9:28 ` Uwe Kleine-König [this message]
2015-05-16 10:15 ` [PATCH] fixup! " Uwe Kleine-König
2015-05-18 6:07 ` Sascha Hauer
2015-05-13 10:12 ` [PATCH 7/7] state: return -EPROBE_DEFER if the backend isn't available Marc Kleine-Budde
2015-05-13 12:06 ` Uwe Kleine-König
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150515092858.GR28888@pengutronix.de \
--to=u.kleine-koenig@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=mkl@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox