git.baikalelectronics.ru Git - kernel.git/commit

author	Christophe Jaillet <christophe.jaillet@wanadoo.fr>
	Fri, 16 Oct 2015 21:38:45 +0000 (23:38 +0200)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Wed, 21 Oct 2015 04:31:25 +0000 (15:31 +1100)
commit	4ac755536f2c69c1a17162429b2d6181472d792b
tree	3fbe657a84011f1ae98bf9f8dda8a61162ff7ffb	tree \| snapshot
parent	d493f446d8f8dbff7bce3fe97cb252a1bc8fdd06	commit \| diff

powerpc/prom: Avoid reference to potentially freed memory

of_get_property() is used inside the loop, but then the reference to the
node is dropped before dereferencing the prop pointer, which could by then
point to junk if the node has been freed.

Instead use of_property_read_u32() to actually read the property
value before dropping the reference.

of_property_read_u32() requires at least one cell (u32) to be present,
which is stricter than the old logic which would happily dereference a
property of any size. However we believe all device trees in the wild
have at least one cell.

Skiboot may produce memory nodes with more than one cell, but that is
OK, of_property_read_u32() will return the first one.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[mpe: Expand change log with device tree details]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>