| Message ID | 20220618014747.4055279-1-windhl@126.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm/mach-omap2: Fix refcount leak bug in omap_hwmod.c | expand |
On 18/06/2022 03:47, Liang He wrote: > In _init(), of_find_node_by_name() will return a node pointer with > refcount incremented. We should use of_node_put() in fail path or > when it is not used anymore. > > NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(), > in normal exit path, we should call of_node_put() at the end use of 'np', > not the end use of 'bus'. > > Signed-off-by: Liang He <windhl@126.com> > --- > arch/arm/mach-omap2/omap_hwmod.c | 4 ++++ > 1 file changed, 4 insertions(+) > Before applying the patch please check it carefully. Previous evidence [1][2] suggests that not it was not even compiled. [1] https://lore.kernel.org/all/202206221602.odN70SHs-lkp@intel.com/ [2] https://lore.kernel.org/all/16f9a971.44e5.1817068ee3c.Coremail.windhl@126.com/ Best regards, Krzysztof
Hi, * Liang He <windhl@126.com> [220618 04:43]: > In _init(), of_find_node_by_name() will return a node pointer with > refcount incremented. We should use of_node_put() in fail path or > when it is not used anymore. > > NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(), > in normal exit path, we should call of_node_put() at the end use of 'np', > not the end use of 'bus'. Looks correct to me. What about missing of_node_put() for of_get_next_child() also in the _init() function? Regards, Tony
At 2022-06-28 12:57:12, "Tony Lindgren" <tony@atomide.com> wrote: >Hi, > >* Liang He <windhl@126.com> [220618 04:43]: >> In _init(), of_find_node_by_name() will return a node pointer with >> refcount incremented. We should use of_node_put() in fail path or >> when it is not used anymore. >> >> NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(), >> in normal exit path, we should call of_node_put() at the end use of 'np', >> not the end use of 'bus'. > >Looks correct to me. What about missing of_node_put() for >of_get_next_child() also in the _init() function? > >Regards, > >Tony Thanks, Tony. I have found this bug but not send the patch for of_get_next_child() as I am collecting other OF function related bugs and I have been told that it is better to collect all similar bugs in same directory, then finally report them. So I will send a new patch for both of the two missing 'put' bugs caused by of_find_xxx() and of_get_xxx() in omap_hwmod.c Thanks gain. Liang
* Liang He <windhl@126.com> [220628 05:47]: > > > At 2022-06-28 12:57:12, "Tony Lindgren" <tony@atomide.com> wrote: > >Hi, > > > >* Liang He <windhl@126.com> [220618 04:43]: > >> In _init(), of_find_node_by_name() will return a node pointer with > >> refcount incremented. We should use of_node_put() in fail path or > >> when it is not used anymore. > >> > >> NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(), > >> in normal exit path, we should call of_node_put() at the end use of 'np', > >> not the end use of 'bus'. > > > >Looks correct to me. What about missing of_node_put() for > >of_get_next_child() also in the _init() function? > > > >Regards, > > > >Tony > > Thanks, Tony. > > I have found this bug but not send the patch for of_get_next_child() > as I am collecting other OF function related bugs and I have been told that it is better > to collect all similar bugs in same directory, then finally report them. Well in this case while you review a single function, it's usually better to fix similar issues to avoid having to review the same function multiple times. Of course if the patch becomes hard to read, then it makes sense to split it into several patches. > So I will send a new patch for both of the two missing 'put' bugs caused by > of_find_xxx() and of_get_xxx() in omap_hwmod.c Please just update this patch so we have _init() completely reviewed for similar issues and is not left only partially patched. Regards, Tony
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c index 31d1a21f6041..007e73cc0471 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -2365,6 +2365,7 @@ static int __init _init(struct omap_hwmod *oh, void *data) r = _init_mpu_rt_base(oh, NULL, index, np); if (r < 0) { + of_node_put(bus); WARN(1, "omap_hwmod: %s: doesn't have mpu register target base\n", oh->name); return 0; @@ -2372,6 +2373,7 @@ static int __init _init(struct omap_hwmod *oh, void *data) r = _init_clocks(oh, np); if (r < 0) { + of_node_put(bus); WARN(1, "omap_hwmod: %s: couldn't init clocks\n", oh->name); return -EINVAL; } @@ -2385,6 +2387,8 @@ static int __init _init(struct omap_hwmod *oh, void *data) parse_module_flags(oh, child); } + of_node_put(bus); + oh->_state = _HWMOD_STATE_INITIALIZED; return 0;
In _init(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() in fail path or when it is not used anymore. NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(), in normal exit path, we should call of_node_put() at the end use of 'np', not the end use of 'bus'. Signed-off-by: Liang He <windhl@126.com> --- arch/arm/mach-omap2/omap_hwmod.c | 4 ++++ 1 file changed, 4 insertions(+)