Hi! On 08/11/13 15:54, ext Guenter Roeck wrote: >>> +struct property *__of_copy_property(const struct property *prop, gfp_t flags) >>> +{ >>> + struct property *propn; >>> + >>> + propn = kzalloc(sizeof(*prop), flags); >>> + if (propn == NULL) >>> + return NULL; >>> + >>> + propn->name = kstrdup(prop->name, flags); >>> + if (propn->name == NULL) >>> + goto err_fail_name; >>> + >>> + if (prop->length > 0) { >> ^^^^^^^^^^^^^^^^^^^^^^^ >> As Ioan already mentioned, this is really a problem. >> There is a bunch of places, where properties without values are used. >> Like gpio-controller; ranges; interrupt-controller; >> Refer, for example, to of_irq_map_raw() which checks >> of_get_property(ipar, "interrupt-controller", NULL) != NULL >> and some other occurrences of exactly same construct. >> This will simply be broken for merged device-tree parts. >> > > Folks, > > it might help if you explain what exactly is broken, and how to fix it. > It is not as if the property is not copied, only its value > is not copied. And the value does not exist. Existing kernel code relies on the fact, that when the value doesn't exist, the pointer is still not NULL. >From the db-unflattening code there will be a pointer from kmalloc(0, ...). > What do you think the code needs to do differently ? Obviously it can > not copy a non-existing value. So what would have to be in the else case ? Actually, it can copy non-existing value. memcpy(..., ..., 0) works perfectly fine and kmalloc(0, flags) does exactly what is required here. So we fixed this just by removing the if() statement, executing the block unconditionally. There can be other solutions, but all of them are larger from the code foot-print. > Thanks, > Guenter > >>> + propn->value = kmalloc(prop->length, flags); >>> + if (propn->value == NULL) >>> + goto err_fail_value; >>> + memcpy(propn->value, prop->value, prop->length); >>> + propn->length = prop->length; >>> + } >>> + >>> + /* mark the property as dynamic */ >>> + of_property_set_flag(propn, OF_DYNAMIC); >>> + >>> + return propn; >>> + >>> +err_fail_value: >>> + kfree(propn->name); >>> +err_fail_name: >>> + kfree(propn); >>> + return NULL; >>> +} >>> + >> >> ... >> > > -- > To unsubscribe from this list: send the line "unsubscribe devicetree" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- Best regards, Alexander Sverdlin. -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html