Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup

[PATCH v2 0/9] of: fix compatible-child-node lookups · Johan Hovold <johan@kernel.org> · 2018-08-27
[PATCH v2 7/9] net: stmmac: dwmac-sun8i: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
Re: [PATCH v2 7/9] net: stmmac: dwmac-sun8i: fix OF child-node lookup · Corentin Labbe <clabbe.montjoie@gmail.com> · 2018-08-28
Re: [PATCH v2 7/9] net: stmmac: dwmac-sun8i: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-29
Re: [PATCH v2 7/9] net: stmmac: dwmac-sun8i: fix OF child-node lookup · Corentin Labbe <clabbe.montjoie@gmail.com> · 2018-09-06
Re: [PATCH v2 7/9] net: stmmac: dwmac-sun8i: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-09-07
[PATCH v2 6/9] net: bcmgenet: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
Re: [PATCH v2 6/9] net: bcmgenet: fix OF child-node lookup · Florian Fainelli <f.fainelli@gmail.com> · 2018-08-31
Re: [PATCH v2 6/9] net: bcmgenet: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-09-04
[PATCH v2 1/9] of: add helper to lookup compatible child node · Johan Hovold <johan@kernel.org> · 2018-08-27
Re: [PATCH v2 1/9] of: add helper to lookup compatible child node · Rob Herring <robh+dt@kernel.org> · 2018-08-30
[PATCH v2 9/9] power: supply: twl4030-charger: fix OF sibling-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
[PATCH v2 4/9] mmc: meson-mx-sdio: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
Re: [PATCH v2 4/9] mmc: meson-mx-sdio: fix OF child-node lookup · Ulf Hansson <hidden> · 2018-08-27
Re: [PATCH v2 4/9] mmc: meson-mx-sdio: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-09-04
Re: [PATCH v2 4/9] mmc: meson-mx-sdio: fix OF child-node lookup · Ulf Hansson <hidden> · 2018-09-05
[PATCH v2 2/9] drm/mediatek: fix OF sibling-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
[PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Boris Brezillon <hidden> · 2018-08-27
Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Boris Brezillon <hidden> · 2018-08-27
Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Rob Herring <robh+dt@kernel.org> · 2018-10-23
Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Boris Brezillon <hidden> · 2018-10-23
Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-11-15
Re: [PATCH v2 5/9] mtd: nand: atmel: fix OF child-node lookup · Boris Brezillon <hidden> · 2018-11-18
[PATCH v2 3/9] drm/msm: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
[PATCH v2 8/9] NFC: nfcmrvl_uart: fix OF child-node lookup · Johan Hovold <johan@kernel.org> · 2018-08-27
Re: [PATCH v2 0/9] of: fix compatible-child-node lookups · Johan Hovold <johan@kernel.org> · 2018-09-04
Re: [PATCH v2 0/9] of: fix compatible-child-node lookups · Johan Hovold <johan@kernel.org> · 2018-10-23
Re: [PATCH v2 0/9] of: fix compatible-child-node lookups · Rob Herring <robh+dt@kernel.org> · 2018-10-23
Re: [PATCH v2 0/9] of: fix compatible-child-node lookups · Johan Hovold <johan@kernel.org> · 2018-10-24

From: Boris Brezillon <hidden>
Date: 2018-08-27 08:28:58
Also in: lkml, stable

Hi Johan

On Mon, 27 Aug 2018 10:21:49 +0200
Johan Hovold [off-list ref] wrote:

Use the new of_get_compatible_child() helper to lookup the nfc child
node instead of using of_find_compatible_node(), which searches the
entire tree from a given start node and thus can return an unrelated
(i.e. non-child) node.

This also addresses a potential use-after-free (e.g. after probe
deferral) as the tree-wide helper drops a reference to its first
argument (i.e. the node of the device being probed).

While at it, also fix a related nfc-node reference leak.

Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
Cc: stable <redacted>     # 4.11
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Josh Wu <redacted>
Cc: Boris Brezillon <redacted>
Signed-off-by: Johan Hovold <johan@kernel.org>

Acked-by: Boris Brezillon <redacted>

I'll let Miquel queue this patch to the nand/next branch, unless you
want it to be merged in 4.19, in which case I'll queue it to the
mtd/fixes branch.

Thanks,

Boris

quoted hunk ↗ jump to hunk

---
 drivers/mtd/nand/raw/atmel/nand-controller.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c
index a068b214ebaa..d3dfe63956ac 100644
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c

@@ -2061,8 +2061,7 @@ atmel_hsmc_nand_controller_legacy_init(struct atmel_hsmc_nand_controller *nc)
 	int ret;
 
 	nand_np = dev->of_node;
-	nfc_np = of_find_compatible_node(dev->of_node, NULL,
-					 "atmel,sama5d3-nfc");
+	nfc_np = of_get_compatible_child(dev->of_node, "atmel,sama5d3-nfc");
 
 	nc->clk = of_clk_get(nfc_np, 0);
 	if (IS_ERR(nc->clk)) {

@@ -2472,15 +2471,19 @@ static int atmel_nand_controller_probe(struct platform_device *pdev)
 	}
 
 	if (caps->legacy_of_bindings) {
+		struct device_node *nfc_node;
 		u32 ale_offs = 21;
 
 		/*
 		 * If we are parsing legacy DT props and the DT contains a
 		 * valid NFC node, forward the request to the sama5 logic.
 		 */
-		if (of_find_compatible_node(pdev->dev.of_node, NULL,
-					    "atmel,sama5d3-nfc"))
+		nfc_node = of_get_compatible_child(pdev->dev.of_node,
+						   "atmel,sama5d3-nfc");
+		if (nfc_node) {
 			caps = &atmel_sama5_nand_caps;
+			of_node_put(nfc_node);
+		}
 
 		/*
 		 * Even if the compatible says we are dealing with an

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help