From 6b6cf2b5debd42de39afd8ac84b60faeca62cfaf Mon Sep 17 00:00:00 2001 From: Dmitry Osipenko Date: Tue, 18 Aug 2020 02:50:48 +0300 Subject: [PATCH 1/2] mfd: core: Fix double-free in mfd_remove_devices_fn() The pdev.mfd_cell is released by platform_device_release(), which is invoked by platform_device_unregister(). Hence mfd_remove_devices_fn() shouldn't release the cell variable. The double-free bug is reported KASAN during of MFD driver module removal. Fixes: 466a62d7642f ("mfd: core: Make a best effort attempt to match devices with the correct of_nodes") Reported-by: Marek Szyprowski Signed-off-by: Dmitry Osipenko Signed-off-by: Lee Jones --- drivers/mfd/mfd-core.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c index c3651f06684f..c50718e3db58 100644 --- a/drivers/mfd/mfd-core.c +++ b/drivers/mfd/mfd-core.c @@ -370,8 +370,6 @@ static int mfd_remove_devices_fn(struct device *dev, void *data) regulator_bulk_unregister_supply_alias(dev, cell->parent_supplies, cell->num_parent_supplies); - kfree(cell); - platform_device_unregister(pdev); return 0; } From 22380b65dc70f5b132c5afdf6b4011e2a84ec34a Mon Sep 17 00:00:00 2001 From: Lee Jones Date: Wed, 19 Aug 2020 09:16:50 +0100 Subject: [PATCH 2/2] mfd: mfd-core: Ensure disabled devices are ignored without error Commit e49aa9a9bd22 ("mfd: core: Make a best effort attempt to match devices with the correct of_nodes") changed the semantics for disabled devices in mfd_add_device(). Instead of silently ignoring a disabled child device, an error was returned. On receipt of the error mfd_add_devices() the precedes to remove *all* child devices and returns an all-failed error to the caller, which will inevitably fail the parent device as well. This patch reverts back to the old semantics and ignores child devices which are disabled in Device Tree. Fixes: e49aa9a9bd22 ("mfd: core: Make a best effort attempt to match devices with the correct of_nodes") Reported-by: Icenowy Zheng Tested-by: Icenowy Zheng Signed-off-by: Lee Jones --- drivers/mfd/mfd-core.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c index c50718e3db58..fc00aaccb5f7 100644 --- a/drivers/mfd/mfd-core.c +++ b/drivers/mfd/mfd-core.c @@ -126,10 +126,6 @@ static int mfd_match_of_node_to_dev(struct platform_device *pdev, const __be32 *reg; u64 of_node_addr; - /* Skip devices 'disabled' by Device Tree */ - if (!of_device_is_available(np)) - return -ENODEV; - /* Skip if OF node has previously been allocated to a device */ list_for_each_entry(of_entry, &mfd_of_node_list, list) if (of_entry->np == np) @@ -212,6 +208,12 @@ static int mfd_add_device(struct device *parent, int id, if (IS_ENABLED(CONFIG_OF) && parent->of_node && cell->of_compatible) { for_each_child_of_node(parent->of_node, np) { if (of_device_is_compatible(np, cell->of_compatible)) { + /* Ignore 'disabled' devices error free */ + if (!of_device_is_available(np)) { + ret = 0; + goto fail_alias; + } + ret = mfd_match_of_node_to_dev(pdev, np, cell); if (ret == -EAGAIN) continue;