From patchwork Thu Jun 23 12:18:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Nuno Sa X-Patchwork-Id: 12892311 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89EC6C43334 for ; Thu, 23 Jun 2022 12:19:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229967AbiFWMTY (ORCPT ); Thu, 23 Jun 2022 08:19:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229761AbiFWMTX (ORCPT ); Thu, 23 Jun 2022 08:19:23 -0400 Received: from mx0a-00128a01.pphosted.com (mx0a-00128a01.pphosted.com [148.163.135.77]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B73CDA470 for ; Thu, 23 Jun 2022 05:19:22 -0700 (PDT) Received: from pps.filterd (m0167089.ppops.net [127.0.0.1]) by mx0a-00128a01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 25N8rlFD024136; Thu, 23 Jun 2022 08:19:14 -0400 Received: from nwd2mta4.analog.com ([137.71.173.58]) by mx0a-00128a01.pphosted.com (PPS) with ESMTPS id 3gvemnb4tm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 23 Jun 2022 08:19:14 -0400 Received: from ASHBMBX9.ad.analog.com (ASHBMBX9.ad.analog.com [10.64.17.10]) by nwd2mta4.analog.com (8.14.7/8.14.7) with ESMTP id 25NCJCGZ054796 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 23 Jun 2022 08:19:12 -0400 Received: from ASHBMBX8.ad.analog.com (10.64.17.5) by ASHBMBX9.ad.analog.com (10.64.17.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Thu, 23 Jun 2022 08:19:11 -0400 Received: from zeus.spd.analog.com (10.66.68.11) by ashbmbx8.ad.analog.com (10.64.17.5) with Microsoft SMTP Server id 15.2.986.14 via Frontend Transport; Thu, 23 Jun 2022 08:19:11 -0400 Received: from NSA-L01.ad.analog.com ([10.32.224.71]) by zeus.spd.analog.com (8.15.1/8.15.1) with ESMTP id 25NCJ2aq026429; Thu, 23 Jun 2022 08:19:09 -0400 From: =?utf-8?q?Nuno_S=C3=A1?= To: CC: Michael Turquette , Stephen Boyd Subject: [RESEND RFC PATCH v2 2/4] clk: fix clk not being unlinked from consumers list Date: Thu, 23 Jun 2022 14:18:55 +0200 Message-ID: <20220623121857.886-3-nuno.sa@analog.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220623121857.886-1-nuno.sa@analog.com> References: <20220623121857.886-1-nuno.sa@analog.com> MIME-Version: 1.0 X-ADIRuleOP-NewSCL: Rule Triggered X-Proofpoint-ORIG-GUID: DGXJjbTIcHhNcHU-R672KqxPcSfnLrMN X-Proofpoint-GUID: DGXJjbTIcHhNcHU-R672KqxPcSfnLrMN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-06-23_05,2022-06-23_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxlogscore=916 malwarescore=0 impostorscore=0 lowpriorityscore=0 bulkscore=0 phishscore=0 adultscore=0 suspectscore=0 mlxscore=0 spamscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2206230050 Precedence: bulk List-ID: X-Mailing-List: linux-clk@vger.kernel.org When a clk_hw is registered we add a struct clk handle to it's consumers list. This handle is created in '__clk_register()' per the 'alloc_clk()' call. As such, we need to remove this handle when unregistering the clk_hw. This can actually lead to a use after free if a provider gets removed before a consumer. When removing the consumer, '__clk_put()' is called and that will do 'hlist_del(&clk->clks_node)' which will touch in already freed memory. Fixes: 1df4046a93e08 ("clk: Combine __clk_get() and __clk_create_clk()") Signed-off-by: Nuno Sá --- drivers/clk/clk.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index 7fc191c15507..fdc711e53fb7 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -4191,6 +4191,7 @@ void clk_unregister(struct clk *clk) pr_warn("%s: unregistering protected clock: %s\n", __func__, clk->core->name); + clk_core_unlink_consumer(clk); kref_put(&clk->core->ref, __clk_release); free_clk(clk); unlock: