Patchwork Fix bug in kernel copy of libfdt's fdt_subnode_offset_namelen()

login
register
mail settings
Submitter David Gibson
Date Oct. 31, 2008, 2:37 a.m.
Message ID <20081031023705.GD16379@yookeroo.seuss>
Download mbox | patch
Permalink /patch/6655/
State Accepted, archived
Commit 2dccbf4ea05d2c3603b8c1359019bf7148a316a5
Headers show

Comments

David Gibson - Oct. 31, 2008, 2:37 a.m.
There's currently an off-by-one bug in fdt_subnode_offset_namelen()
which causes it to keep searching after it's finished the subnodes of
the given parent, and into the subnodes of siblings of the original
node which come after it in the tree.

A patch has already been submitted to dtc/libfdt mainline.  We don't
really want to pull in a new upstream version during the 2.6.28 cycle,
but we should still fix this bug, hence this standalone version of the
fix for the in-kernel libfdt.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

Patch

Index: working-2.6/arch/powerpc/boot/libfdt/fdt_ro.c
===================================================================
--- working-2.6.orig/arch/powerpc/boot/libfdt/fdt_ro.c	2008-10-31 12:49:24.000000000 +1100
+++ working-2.6/arch/powerpc/boot/libfdt/fdt_ro.c	2008-10-31 12:50:02.000000000 +1100
@@ -104,8 +104,8 @@  int fdt_subnode_offset_namelen(const voi
 
 	FDT_CHECK_HEADER(fdt);
 
-	for (depth = 0;
-	     offset >= 0;
+	for (depth = 0, offset = fdt_next_node(fdt, offset, &depth);
+	     (offset >= 0) && (depth > 0);
 	     offset = fdt_next_node(fdt, offset, &depth)) {
 		if (depth < 0)
 			return -FDT_ERR_NOTFOUND;
@@ -114,7 +114,10 @@  int fdt_subnode_offset_namelen(const voi
 			return offset;
 	}
 
-	return offset; /* error */
+	if (offset < 0)
+		return offset; /* error */
+	else
+		return -FDT_ERR_NOTFOUND;
 }
 
 int fdt_subnode_offset(const void *fdt, int parentoffset,