Re: [PATCH 1/2] clk: Fix __clk_get access to already freed owner field.

From: Alban Browaeys
Date: Thu Feb 05 2015 - 15:43:19 EST

Next message: Steven Rostedt: "Re: [RFC][PATCH 1/7] trace: fix the glob match in __unregister_ftrace_function_probe()"
Previous message: Don Zickus: "[PATCH 1/9] watchdog: new definitions and variables, initialization"
In reply to: Stephen Boyd: "Re: [PATCH 1/2] clk: Fix __clk_get access to already freed owner field."
Next in thread: Stephen Boyd: "Re: [PATCH 1/2] clk: Fix __clk_get access to already freed owner field."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le jeudi 05 fÃvrier 2015 Ã 11:30 -0800, Stephen Boyd a Ãcrit :

> > Signed-off-by: Alban Browaeys <prahal@xxxxxxxxx>
> > ---
> > drivers/clk/clk.c | 17 +++++++++--------
> > 1 file changed, 9 insertions(+), 8 deletions(-)
> >
> > diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c
> > index df94668..8f33722 100644
> > --- a/drivers/clk/clk.c
> > +++ b/drivers/clk/clk.c
> > @@ -2485,15 +2485,18 @@ EXPORT_SYMBOL_GPL(clk_register);
> > */
> > static void __clk_release(struct kref *ref)
> > {
> > - struct clk_core *clk = container_of(ref, struct clk_core, ref);
> > - int i = clk->num_parents;
> > + struct clk_core *core = container_of(ref, struct clk_core, ref);
> > + struct clk *clk = container_of(&core, struct clk, core);
>
> How does this work? struct clk_core doesn't have a struct clk inside it.
>

Seems I am confused. The aim is to get the clk struct from its core
field. If I cannot do that from within __clk_release , this fix is
doomed.

> > + int i = core->num_parents;
> >
> > - kfree(clk->parents);
> > + kfree(core->parents);
> > while (--i >= 0)
> > - kfree_const(clk->parent_names[i]);
> > + kfree_const(core->parent_names[i]);
>
> We don't have kfree_const() in the clk-next tree so please resend based
> on clk-next, not linux-next.
>

I will do after we confirmed there is a way to get to clk from clk_core.
Otherwise the fix makes no sense.

> I'm still confused. Care to send the actual backtrace and describe which
> hardware you're running on (perhaps some dts file to look at)?
>

This is the initial oops before any change (based on linux-next
20150204).

[ 7.264186] Unable to handle kernel paging request at virtual address 6b6b6b77
[ 7.270206] pgd = eb0b4000
[ 7.272809] [6b6b6b77] *pgd=00000000
[ 7.276466] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 7.281667] Modules linked in: exynosdrm(+) drm_kms_helper phy_exynos_usb2 fuse
[ 7.288950] CPU: 1 PID: 98 Comm: systemd-modules Not tainted 3.19.0-rc7-next-20150204-00052-g1059e6a #91
[ 7.298424] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[ 7.304488] task: ebae3c00 ti: eb0bc000 task.ti: eb0bc000
[ 7.309888] PC is at __clk_get+0x30/0xa0
[ 7.313781] LR is at of_clk_get_by_clkspec+0x38/0x54
[ 7.318722] pc : [<c0556098>] lr : [<c055231c>] psr: 200d0053
[ 7.318722] sp : eb0bdbb0 ip : eb0bdbc8 fp : eb0bdbc4
[ 7.330187] r10: 00000006 r9 : 00000001 r8 : 00000000
[ 7.335398] r7 : eb0bdbf8 r6 : 00000000 r5 : ee5c7d80 r4 : 6b6b6b6b
[ 7.341913] r3 : 00000001 r2 : 00000011 r1 : ee0b7004 r0 : ee0ff600
[ 7.341923] Flags: nzCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment user
[ 7.341927] Control: 10c5387d Table: 6b0b404a DAC: 00000015
[ 7.341931] Process systemd-modules (pid: 98, stack limit = 0xeb0bc218)
[ 7.341934] Stack: (0xeb0bdbb0 to 0xeb0be000)
[ 7.341939] dba0: 00000001 ee0ff600 eb0bdbdc eb0bdbc8
[ 7.341945] dbc0: c055231c c0556074 00000001 ed834850 eb0bdc6c eb0bdbe0 c0558528 c05522f0
[ 7.341950] dbe0: eb0bdbf8 c01cc560 eb3e4710 ee2b4200 eb0bdc14 c01ced00 ee5e0d3c 00000001
[ 7.341956] dc00: 00000011 ee2b4200 eb0bdc34 eb3e4900 00000000 c08c5790 ee2b4200 eb3e4700
[ 7.341962] dc20: 00000001 00000006 eb0bdc5c eb0bdc38 c01ced00 c01cb2d0 ed834850 00000000
[ 7.341968] dc40: ed834858 ed834850 ed834850 bf06c0b4 c0aa82b8 00000000 bf06c0b4 00000006
[ 7.341974] dc60: eb0bdc8c eb0bdc70 c044213c c0558474 ed834850 c0b61248 c0b61254 c0aa82b8
[ 7.341979] dc80: eb0bdcc4 eb0bdc90 c043ff34 c0442120 00000000 bf0631f0 e9c3b700 ed834850
[ 7.341985] dca0: bf06c0b4 ed834884 00000000 bf0631f0 e9c3b700 c0a4f40c eb0bdce4 eb0bdcc8
[ 7.341991] dcc0: c044020c c043fdc8 00000000 00000000 bf06c0b4 c0440194 eb0bdd0c eb0bdce8
[ 7.341997] dce0: c043ded8 c04401a0 ee284e38 ed830900 c06f5728 bf06c0b4 eb1477c0 c0a87448
[ 7.342003] dd00: eb0bdd1c eb0bdd10 c043fa14 c043de88 eb0bdd44 eb0bdd20 c043f460 c043f9f4
[ 7.342009] dd20: bf069280 eb0bdd30 bf06c0b4 00000000 bf0631e8 bf06c388 eb0bdd5c eb0bdd48
[ 7.342014] dd40: c0440bfc c043f370 00000001 00000000 eb0bdd6c eb0bdd60 c0442094 c0440b50
[ 7.342020] dd60: eb0bddbc eb0bdd70 bf04ca08 c044203c 00000000 bf065090 ffffffff 00000000
[ 7.342026] dd80: 00000000 00000000 00000000 00000000 00000000 00000000 c0a53b20 bf06c208
[ 7.342031] dda0: c0a53b20 bf04c950 00000000 c0a53b20 eb0bde4c eb0bddc0 c0008b28 bf04c95c
[ 7.342037] ddc0: 0010000f 00000000 eb0bddec eb0bddd8 c00504f4 c006dde0 eb0bc000 00000000
[ 7.342043] dde0: ee002140 000000d0 c06ed170 0000000c c0a50600 00000000 eb0bde4c eb0bde08
[ 7.342049] de00: c01541d8 c0153934 eb0bc008 eb0bde08 00000000 eb0bc008 ee002140 dc8cb100
[ 7.342055] de20: 00000001 bf06c208 00000001 e9c3b600 e9c3bb00 00000001 163c451c e9c3bb08
[ 7.342060] de40: eb0bde74 eb0bde50 c06ed1ac c00089ec eb0bde74 eb0bde60 c014496c eb0bdf48
[ 7.342066] de60: 00000001 bf06c208 eb0bdf3c eb0bde78 c00af61c c06ed148 bf06c214 00007fff
[ 7.342072] de80: c00ac6a8 eb0bdf48 eb0bdeb4 f0473db8 00000780 00000777 f0473e84 bf06c214
[ 7.342078] dea0: bf06c378 b6e609f8 bf06c250 c0a4f40c c00ad024 c0169924 00000000 00000000
[ 7.342084] dec0: bf063194 00000009 00000000 00000000 6e72656b 00006c65 00000000 00000000
[ 7.342089] dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 7.342095] df00: 00000000 00000000 00000000 dc8cb100 eb0bdf2c 00000000 00000006 b6e609f8
[ 7.342100] df20: 0000017b c000fb64 eb0bc000 00000000 eb0bdfa4 eb0bdf40 c00afdec c00ada4c
[ 7.342106] df40: c0180738 00000000 f0454000 002bb414 f070ec6c f066643f f066dd80 00020390
[ 7.342112] df60: 00026450 bf06c1f0 00000001 00000000 0000002f 00000030 0000001a 00000000
[ 7.342118] df80: 00000008 00000000 00000000 b6e617d4 00028948 39980800 00000000 eb0bdfa8
[ 7.342124] dfa0: c000f9c0 c00afd54 b6e617d4 00028948 00000006 b6e609f8 00000000 b6e6131c
[ 7.342129] dfc0: b6e617d4 00028948 39980800 0000017b 00020000 00015964 00015f34 0002e640
[ 7.342135] dfe0: beb38268 beb38258 b6e5ac4b b6f03d42 600d0070 00000006 5a5a5a5a 5a5a5a5a
[ 7.342150] [<c0556098>] (__clk_get) from [<c055231c>] (of_clk_get_by_clkspec+0x38/0x54)
[ 7.342162] [<c055231c>] (of_clk_get_by_clkspec) from [<c0558528>] (of_clk_set_defaults+0xc0/0x2ec)
[ 7.342171] [<c0558528>] (of_clk_set_defaults) from [<c044213c>] (platform_drv_probe+0x28/0xb0)
[ 7.342185] [<c044213c>] (platform_drv_probe) from [<c043ff34>] (driver_probe_device+0x178/0x384)
[ 7.342193] [<c043ff34>] (driver_probe_device) from [<c044020c>] (__driver_attach+0x78/0x9c)
[ 7.342201] [<c044020c>] (__driver_attach) from [<c043ded8>] (bus_for_each_dev+0x5c/0xb4)
[ 7.342208] [<c043ded8>] (bus_for_each_dev) from [<c043fa14>] (driver_attach+0x2c/0x30)
[ 7.342215] [<c043fa14>] (driver_attach) from [<c043f460>] (bus_add_driver+0xfc/0x228)
[ 7.342222] [<c043f460>] (bus_add_driver) from [<c0440bfc>] (driver_register+0xb8/0xf8)
[ 7.342231] [<c0440bfc>] (driver_register) from [<c0442094>] (__platform_driver_register+0x64/0x6c)
[ 7.342326] [<c0442094>] (__platform_driver_register) from [<bf04ca08>] (exynos_drm_init+0xb8/0x1d0 [exynosdrm])
[ 7.342363] [<bf04ca08>] (exynos_drm_init [exynosdrm]) from [<c0008b28>] (do_one_initcall+0x148/0x224)
[ 7.342376] [<c0008b28>] (do_one_initcall) from [<c06ed1ac>] (do_init_module+0x70/0x1bc)
[ 7.342390] [<c06ed1ac>] (do_init_module) from [<c00af61c>] (load_module+0x1bdc/0x21f0)
[ 7.342399] [<c00af61c>] (load_module) from [<c00afdec>] (SyS_finit_module+0xa4/0xb4)
[ 7.342409] [<c00afdec>] (SyS_finit_module) from [<c000f9c0>] (ret_fast_syscall+0x0/0x34)
[ 7.342415] Code: e89da818 e5904000 e3540000 0afffffa (e594000c)
[ 7.342464] ---[ end trace d90d42eb4fbac408 ]---

dts with the offending fimc nodes arch/arm/boot/dts/exynos4412-odroid-common.dtsi in linus master and linux-next.

another version of the oops with added pr_warn before calls to of_clk_get_by_clkspec :
- __set_clk_parents: Assigned clk parents clk: try to get parent clock
this before the assigned-clock-parents is sent to of_clk_get_by_clkspec in __set_clk_parents
- __set_clk_parents: Assigned clocks clk: try to get parent clock
this before the assigned-clocks is sent to of_clk_get_by_clkspec in __set_clk_parents

- __set_clk_rates Assigned clocks clk: couldn't clock
this before the assigned-clocks is sent to of_clk_get_by_clkspec in __set_clk_rates

[ 7.212207] s5p-g2d 10800000.g2d: The exynos g2d(ver 4.1) successfully probed
[ 7.215130] __set_clk_parents: Assigned clk parents clk: try to get parent clock 0 for /camera/fimc@11800000
[ 7.224297] __set_clk_parents: Assigned clocks clk: try to get parent clock 0 for /camera/fimc@11800000
[ 7.233505] __set_clk_rates Assigned clocks clk: couldn't get clock 1 for /camera/fimc@11800000
[ 7.241902] cam-power-domain: Power-on latency exceeded, new value 369958 ns
[ 7.249084] __set_clk_parents: Assigned clk parents clk: try to get parent clock 0 for /camera/fimc@11810000
[ 7.258246] Unable to handle kernel paging request at virtual address 6b6b6b77
[ 7.265425] pgd = eb114000
[ 7.268067] [6b6b6b77] *pgd=00000000
[ 7.271625] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 7.276922] Modules linked in: exynosdrm(+) drm_kms_helper phy_exynos_usb2 fuse
[ 7.284209] CPU: 1 PID: 100 Comm: systemd-modules Not tainted 3.19.0-rc7-next-20150204-00056-g37e6c6e-dirty #106
[ 7.294382] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[ 7.300447] task: ebad4b00 ti: eb094000 task.ti: eb094000
[ 7.300462] PC is at __clk_get+0x30/0xa0
[ 7.300467] LR is at of_clk_get_by_clkspec+0x38/0x54
[ 7.300471] pc : [<c0556088>] lr : [<c055230c>] psr: 200e0053
[ 7.300471] sp : eb095bb0 ip : eb095bc8 fp : eb095bc4
[ 7.300474] r10: 00000007 r9 : bf06c0a8 r8 : 00000000
[ 7.300477] r7 : 00000001 r6 : 00000000 r5 : ed850850 r4 : 6b6b6b6b
[ 7.300480] r3 : 00000000 r2 : 00000011 r1 : ee0b7004 r0 : ee0ff600
[ 7.300484] Flags: nzCv IRQs on FIQs off Mode SVC_32 ISA ARM Segment user
[ 7.300487] Control: 10c5387d Table: 6b11404a DAC: 00000015
[ 7.300491] Process systemd-modules (pid: 100, stack limit = 0xeb094218)
[ 7.300494] Stack: (0xeb095bb0 to 0xeb096000)
[ 7.300499] 5ba0: 00000000 ee0ff600 eb095bdc eb095bc8
[ 7.300505] 5bc0: c055230c c0556064 00000000 ee5c7d80 eb095c6c eb095be0 c055852c c05522e0
[ 7.300511] 5be0: eb095bf8 c01cc560 eb2a4310 ed847200 eb095c14 c01ced00 ee5e0d3c 00000001
[ 7.300516] 5c00: 00000011 ed847200 eb095c34 eb2a4100 00000000 c08c6798 ed847200 eb2a4300
[ 7.300522] 5c20: 00000001 00000007 eb095c5c eb095c38 c01ced00 c01cb2d0 ed850850 00000000
[ 7.300527] 5c40: ed850858 ed850850 ed850850 bf06c0a8 c0aa82b8 00000000 bf06c0a8 00000007
[ 7.300533] 5c60: eb095c8c eb095c70 c044212c c0558464 ed850850 c0b61248 c0b61254 c0aa82b8
[ 7.300539] 5c80: eb095cc4 eb095c90 c043ff24 c0442110 00000000 bf0631e4 eb389700 ed850850
[ 7.300545] 5ca0: bf06c0a8 ed850884 00000000 bf0631e4 eb389700 c0a4f40c eb095ce4 eb095cc8
[ 7.300550] 5cc0: c04401fc c043fdb8 00000000 00000000 bf06c0a8 c0440184 eb095d0c eb095ce8
[ 7.300556] 5ce0: c043dec8 c0440190 ee284e38 ed84e900 c06f5750 bf06c0a8 eb08dcc0 c0a87448
[ 7.300562] 5d00: eb095d1c eb095d10 c043fa04 c043de78 eb095d44 eb095d20 c043f450 c043f9e4
[ 7.300568] 5d20: bf069274 eb095d30 bf06c0a8 00000000 bf0631dc bf06c378 eb095d5c eb095d48
[ 7.300574] 5d40: c0440bec c043f360 00000001 00000000 eb095d6c eb095d60 c0442084 c0440b40
[ 7.300580] 5d60: eb095dbc eb095d70 bf04ca08 c044202c 00000000 bf065084 ffffffff 00000000
[ 7.300585] 5d80: 00000000 00000000 00000000 00000000 00000000 00000000 c0a53b20 bf06c1f8
[ 7.300591] 5da0: c0a53b20 bf04c950 00000000 c0a53b20 eb095e4c eb095dc0 c0008b28 bf04c95c
[ 7.300597] 5dc0: 0010000f 00000000 eb095dec eb095dd8 c00504f4 c006dde0 eb094000 00000000
[ 7.300602] 5de0: ee002140 000000d0 c06ed198 0000000c c0a50600 00000002 eb095e4c eb095e08
[ 7.300608] 5e00: c01541d8 c0153934 eb094008 eb095e08 00000002 eb094008 ee002140 dc8cb100
[ 7.300614] 5e20: 00000001 bf06c1f8 00000001 ebb3cf00 eb389300 00000001 14c76d1c eb389308
[ 7.300620] 5e40: eb095e74 eb095e50 c06ed1d4 c00089ec eb095e74 eb095e60 c014496c eb095f48
[ 7.300626] 5e60: 00000001 bf06c1f8 eb095f3c eb095e78 c00af61c c06ed170 bf06c204 00007fff
[ 7.300632] 5e80: c00ac6a8 eb095f48 eb095eb4 f0473db8 00000780 00000777 f0473e84 bf06c204
[ 7.300637] 5ea0: bf06c368 b6df59f8 bf06c240 c0a4f40c c00ad024 c0169924 00000000 00000000
[ 7.300643] 5ec0: bf063188 00000009 00000000 00000000 6e72656b 00006c65 00000000 00000000
[ 7.300648] 5ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 7.300654] 5f00: 00000000 00000000 00000000 dc8cb100 eb095f2c 00000000 00000006 b6df59f8
[ 7.300660] 5f20: 0000017b c000fb64 eb094000 00000000 eb095fa4 eb095f40 c00afdec c00ada4c
[ 7.300666] 5f40: c0180738 00000000 f0454000 002bb374 f070ebcc f06663c5 f066dd08 00020380
[ 7.300672] 5f60: 00026440 bf06c1e0 00000001 00000000 0000002f 00000030 0000001a 00000000
[ 7.300677] 5f80: 00000008 00000000 00000000 b6df67d4 00028948 1747b100 00000000 eb095fa8
[ 7.300683] 5fa0: c000f9c0 c00afd54 b6df67d4 00028948 00000006 b6df59f8 00000000 b6df631c
[ 7.300689] 5fc0: b6df67d4 00028948 1747b100 0000017b 00020000 00015964 00015f34 0002e640
[ 7.300695] 5fe0: bebf0268 bebf0258 b6defc4b b6e98d42 600d0070 00000006 5a5a5a5a 5a5a5a5a
[ 7.300706] [<c0556088>] (__clk_get) from [<c055230c>] (of_clk_get_by_clkspec+0x38/0x54)
[ 7.300717] [<c055230c>] (of_clk_get_by_clkspec) from [<c055852c>] (of_clk_set_defaults+0xd4/0x324)
[ 7.300726] [<c055852c>] (of_clk_set_defaults) from [<c044212c>] (platform_drv_probe+0x28/0xb0)
[ 7.300739] [<c044212c>] (platform_drv_probe) from [<c043ff24>] (driver_probe_device+0x178/0x384)
[ 7.300747] [<c043ff24>] (driver_probe_device) from [<c04401fc>] (__driver_attach+0x78/0x9c)
[ 7.300755] [<c04401fc>] (__driver_attach) from [<c043dec8>] (bus_for_each_dev+0x5c/0xb4)
[ 7.300762] [<c043dec8>] (bus_for_each_dev) from [<c043fa04>] (driver_attach+0x2c/0x30)
[ 7.300769] [<c043fa04>] (driver_attach) from [<c043f450>] (bus_add_driver+0xfc/0x228)
[ 7.300776] [<c043f450>] (bus_add_driver) from [<c0440bec>] (driver_register+0xb8/0xf8)
[ 7.300785] [<c0440bec>] (driver_register) from [<c0442084>] (__platform_driver_register+0x64/0x6c)
[ 7.300872] [<c0442084>] (__platform_driver_register) from [<bf04ca08>] (exynos_drm_init+0xb8/0x1d0 [exynosdrm])
[ 7.300905] [<bf04ca08>] (exynos_drm_init [exynosdrm]) from [<c0008b28>] (do_one_initcall+0x148/0x224)
[ 7.300918] [<c0008b28>] (do_one_initcall) from [<c06ed1d4>] (do_init_module+0x70/0x1bc)
[ 7.300931] [<c06ed1d4>] (do_init_module) from [<c00af61c>] (load_module+0x1bdc/0x21f0)
[ 7.300939] [<c00af61c>] (load_module) from [<c00afdec>] (SyS_finit_module+0xa4/0xb4)
[ 7.300950] [<c00afdec>] (SyS_finit_module) from [<c000f9c0>] (ret_fast_syscall+0x0/0x34)
[ 7.300956] Code: e89da818 e5904000 e3540000 0afffffa (e594000ï

Best regards,
Alban

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Rostedt: "Re: [RFC][PATCH 1/7] trace: fix the glob match in __unregister_ftrace_function_probe()"
Previous message: Don Zickus: "[PATCH 1/9] watchdog: new definitions and variables, initialization"
In reply to: Stephen Boyd: "Re: [PATCH 1/2] clk: Fix __clk_get access to already freed owner field."
Next in thread: Stephen Boyd: "Re: [PATCH 1/2] clk: Fix __clk_get access to already freed owner field."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]