diff mbox series

arm/mach-omap2: Fix refcount leak bug in omap_hwmod.c

Message ID 20220618014747.4055279-1-windhl@126.com (mailing list archive)
State New, archived
Headers show
Series arm/mach-omap2: Fix refcount leak bug in omap_hwmod.c | expand

Commit Message

Liang He June 18, 2022, 1:47 a.m. UTC
In _init(), of_find_node_by_name() will return a node pointer with
refcount incremented. We should use of_node_put() in fail path or
when it is not used anymore.

NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(),
in normal exit path, we should call of_node_put() at the end use of 'np',
not the end use of 'bus'.

Signed-off-by: Liang He <windhl@126.com>
---
 arch/arm/mach-omap2/omap_hwmod.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Krzysztof Kozlowski June 22, 2022, 9 a.m. UTC | #1
On 18/06/2022 03:47, Liang He wrote:
> In _init(), of_find_node_by_name() will return a node pointer with
> refcount incremented. We should use of_node_put() in fail path or
> when it is not used anymore.
> 
> NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(),
> in normal exit path, we should call of_node_put() at the end use of 'np',
> not the end use of 'bus'.
> 
> Signed-off-by: Liang He <windhl@126.com>
> ---
>  arch/arm/mach-omap2/omap_hwmod.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 

Before applying the patch please check it carefully. Previous evidence
[1][2] suggests that not it was not even compiled.



[1] https://lore.kernel.org/all/202206221602.odN70SHs-lkp@intel.com/

[2]
https://lore.kernel.org/all/16f9a971.44e5.1817068ee3c.Coremail.windhl@126.com/


Best regards,
Krzysztof
Tony Lindgren June 28, 2022, 4:57 a.m. UTC | #2
Hi,

* Liang He <windhl@126.com> [220618 04:43]:
> In _init(), of_find_node_by_name() will return a node pointer with
> refcount incremented. We should use of_node_put() in fail path or
> when it is not used anymore.
> 
> NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(),
> in normal exit path, we should call of_node_put() at the end use of 'np',
> not the end use of 'bus'.

Looks correct to me. What about missing of_node_put() for
of_get_next_child() also in the _init() function?

Regards,

Tony
Liang He June 28, 2022, 5:51 a.m. UTC | #3
At 2022-06-28 12:57:12, "Tony Lindgren" <tony@atomide.com> wrote:
>Hi,
>
>* Liang He <windhl@126.com> [220618 04:43]:
>> In _init(), of_find_node_by_name() will return a node pointer with
>> refcount incremented. We should use of_node_put() in fail path or
>> when it is not used anymore.
>> 
>> NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(),
>> in normal exit path, we should call of_node_put() at the end use of 'np',
>> not the end use of 'bus'.
>
>Looks correct to me. What about missing of_node_put() for
>of_get_next_child() also in the _init() function?
>
>Regards,
>
>Tony

Thanks, Tony.

I have found this bug but not send the patch for of_get_next_child()
as I am collecting other OF function related bugs and I have been told that it is better 
to collect all similar bugs in same directory, then finally report them.

So I will send a new patch for both of the two missing 'put' bugs caused by
of_find_xxx() and of_get_xxx() in omap_hwmod.c

Thanks gain.

Liang
Tony Lindgren June 28, 2022, 6:04 a.m. UTC | #4
* Liang He <windhl@126.com> [220628 05:47]:
> 
> 
> At 2022-06-28 12:57:12, "Tony Lindgren" <tony@atomide.com> wrote:
> >Hi,
> >
> >* Liang He <windhl@126.com> [220618 04:43]:
> >> In _init(), of_find_node_by_name() will return a node pointer with
> >> refcount incremented. We should use of_node_put() in fail path or
> >> when it is not used anymore.
> >> 
> >> NOTE: As the ref will be passed from 'bus' to 'np' by the xx_lookup(),
> >> in normal exit path, we should call of_node_put() at the end use of 'np',
> >> not the end use of 'bus'.
> >
> >Looks correct to me. What about missing of_node_put() for
> >of_get_next_child() also in the _init() function?
> >
> >Regards,
> >
> >Tony
> 
> Thanks, Tony.
> 
> I have found this bug but not send the patch for of_get_next_child()
> as I am collecting other OF function related bugs and I have been told that it is better 
> to collect all similar bugs in same directory, then finally report them.

Well in this case while you review a single function, it's usually better
to fix similar issues to avoid having to review the same function multiple
times. Of course if the patch becomes hard to read, then it makes sense
to split it into several patches.

> So I will send a new patch for both of the two missing 'put' bugs caused by
> of_find_xxx() and of_get_xxx() in omap_hwmod.c

Please just update this patch so we have _init() completely reviewed for
similar issues and is not left only partially patched.

Regards,

Tony
diff mbox series

Patch

diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
index 31d1a21f6041..007e73cc0471 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -2365,6 +2365,7 @@  static int __init _init(struct omap_hwmod *oh, void *data)
 
 	r = _init_mpu_rt_base(oh, NULL, index, np);
 	if (r < 0) {
+		of_node_put(bus);
 		WARN(1, "omap_hwmod: %s: doesn't have mpu register target base\n",
 		     oh->name);
 		return 0;
@@ -2372,6 +2373,7 @@  static int __init _init(struct omap_hwmod *oh, void *data)
 
 	r = _init_clocks(oh, np);
 	if (r < 0) {
+		of_node_put(bus);
 		WARN(1, "omap_hwmod: %s: couldn't init clocks\n", oh->name);
 		return -EINVAL;
 	}
@@ -2385,6 +2387,8 @@  static int __init _init(struct omap_hwmod *oh, void *data)
 			parse_module_flags(oh, child);
 	}
 
+	of_node_put(bus);
+
 	oh->_state = _HWMOD_STATE_INITIALIZED;
 
 	return 0;