[PATCH v3 0/4] Fix null pointer deference when calling of_platform_depopulate

From: Ricardo Ribalda Delgado
Date: Wed Apr 22 2015 - 12:14:34 EST


of_platform_depopulate can lead to a kernel error when calling release_resource()

of_platform_depopulate()
of_platform_device_destroy()
platform_device_unregister(platform_device *pdev)
platform_device_del(platform_device *pdev)
for (i = 0; i < pdev->num_resources; i++)
release_resource()

The reason is that it is trying to release a resource that was not allocated
via insert_resource

of_platform_populate()
...
of_device_alloc()
pdev = platform_device_alloc()
# set pdev->resource, similar to platform_device_add_resources()
of_device_add(platform_device *pdev)
# similar to platform_device_add(), but note there's no
# insert_resource() in this path
device_add(&pdev->dev)

This set of patches modifies release_resource to check for
resource->parent==NULL and throw a warning if there is an error.

base/platform has been fixed for an hypothetical condition where parent is
set but the platform is neither MEM or IO.

Then platform_device_alloc has been modified so it supports of and amba
devices.

Finally of_device_add has been modified to use platform_device_add().

v1: https://lkml.org/lkml/2015/4/20/435

v2: https://lkml.org/lkml/2015/4/21/99
https://lkml.org/lkml/2015/4/21/100

Ricardo Ribalda Delgado (4):
kernel/resource: Invalid memory access in __release_resource
base/platform: Only insert MEM and IO resources
base/platform: Continue on insert_resource() error
of/platform: Use platform_device interface

drivers/base/platform.c | 20 ++++++++++++--------
drivers/of/platform.c | 3 ++-
kernel/resource.c | 3 +++
3 files changed, 17 insertions(+), 9 deletions(-)

--
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/