| Message ID | 20241010-input_automate_of_node_put-v1-6-ebc62138fbf8@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | input: automate of_node_put() calls for device_node | expand |
On Thu, Oct 10, 2024 at 11:25:56PM +0200, Javier Carrasco wrote: > > diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c > index 20020cbc0752..bb1c732c8f95 100644 > --- a/drivers/input/misc/sparcspkr.c > +++ b/drivers/input/misc/sparcspkr.c > @@ -188,7 +188,6 @@ static int bbc_beep_probe(struct platform_device *op) > { > struct sparcspkr_state *state; > struct bbc_beep_info *info; > - struct device_node *dp; > int err = -ENOMEM; > > state = kzalloc(sizeof(*state), GFP_KERNEL); > @@ -199,14 +198,13 @@ static int bbc_beep_probe(struct platform_device *op) > state->event = bbc_spkr_event; > spin_lock_init(&state->lock); > > - dp = of_find_node_by_path("/"); > err = -ENODEV; > + struct device_node *dp __free(device_node) = of_find_node_by_path("/"); > if (!dp) > goto out_free; Sigh... See that state = kzalloc(sizeof(*state), GFP_KERNEL); if (!state) goto out_err; above? IOW, this will quietly generate broken code if built with gcc (and refuse to compile with clang). Yeah, this one is trivially fixed (return -ENOMEM instead of a goto), but... __cleanup() can be useful, but it's really *not* safe for blind use; you need to watch out for changed scopes (harmless in case of device_node) and for gotos (broken here).
On 10/10/2024 23:43, Al Viro wrote: > On Thu, Oct 10, 2024 at 11:25:56PM +0200, Javier Carrasco wrote: >> >> diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c >> index 20020cbc0752..bb1c732c8f95 100644 >> --- a/drivers/input/misc/sparcspkr.c >> +++ b/drivers/input/misc/sparcspkr.c >> @@ -188,7 +188,6 @@ static int bbc_beep_probe(struct platform_device *op) >> { >> struct sparcspkr_state *state; >> struct bbc_beep_info *info; >> - struct device_node *dp; >> int err = -ENOMEM; >> >> state = kzalloc(sizeof(*state), GFP_KERNEL); >> @@ -199,14 +198,13 @@ static int bbc_beep_probe(struct platform_device *op) >> state->event = bbc_spkr_event; >> spin_lock_init(&state->lock); >> >> - dp = of_find_node_by_path("/"); >> err = -ENODEV; >> + struct device_node *dp __free(device_node) = of_find_node_by_path("/"); >> if (!dp) >> goto out_free; > > Sigh... See that > state = kzalloc(sizeof(*state), GFP_KERNEL); > if (!state) > goto out_err; > above? > > IOW, this will quietly generate broken code if built with gcc (and refuse to > compile with clang). Yeah, this one is trivially fixed (return -ENOMEM instead > of a goto), but... > > __cleanup() can be useful, but it's really *not* safe for blind use; you > need to watch out for changed scopes (harmless in case of device_node) > and for gotos (broken here). Hi Al Viro, sorry, but I think I don't get you. First, I don't see sparc64 as a supported architecture for clang in the Linux documentation. Maybe the documentation is not up-to-date, but I tried to compile with clang and it seems to be true that it is not supported. Anyway, that is not the issue here. Second, I might be missing something about the scopes you are mentioning. 'state' gets allocated before the device_node is declared, and when the device_node is declared and its initialization fails, it should jump to 'out_free' to free 'state', shouldn't it? Sorry if I have overlooked something here. Thank your for your feedback and best regards, Javier Carrasco
On 11/10/2024 00:01, Javier Carrasco wrote: > On 10/10/2024 23:43, Al Viro wrote: >> On Thu, Oct 10, 2024 at 11:25:56PM +0200, Javier Carrasco wrote: >>> >>> diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c >>> index 20020cbc0752..bb1c732c8f95 100644 >>> --- a/drivers/input/misc/sparcspkr.c >>> +++ b/drivers/input/misc/sparcspkr.c >>> @@ -188,7 +188,6 @@ static int bbc_beep_probe(struct platform_device *op) >>> { >>> struct sparcspkr_state *state; >>> struct bbc_beep_info *info; >>> - struct device_node *dp; >>> int err = -ENOMEM; >>> >>> state = kzalloc(sizeof(*state), GFP_KERNEL); >>> @@ -199,14 +198,13 @@ static int bbc_beep_probe(struct platform_device *op) >>> state->event = bbc_spkr_event; >>> spin_lock_init(&state->lock); >>> >>> - dp = of_find_node_by_path("/"); >>> err = -ENODEV; >>> + struct device_node *dp __free(device_node) = of_find_node_by_path("/"); >>> if (!dp) >>> goto out_free; >> >> Sigh... See that >> state = kzalloc(sizeof(*state), GFP_KERNEL); >> if (!state) >> goto out_err; >> above? >> >> IOW, this will quietly generate broken code if built with gcc (and refuse to >> compile with clang). Yeah, this one is trivially fixed (return -ENOMEM instead >> of a goto), but... >> >> __cleanup() can be useful, but it's really *not* safe for blind use; you >> need to watch out for changed scopes (harmless in case of device_node) >> and for gotos (broken here). > > Hi Al Viro, > > sorry, but I think I don't get you. First, I don't see sparc64 as a > supported architecture for clang in the Linux documentation. Maybe the > documentation is not up-to-date, but I tried to compile with clang and > it seems to be true that it is not supported. Anyway, that is not the > issue here. > > Second, I might be missing something about the scopes you are > mentioning. 'state' gets allocated before the device_node is declared, > and when the device_node is declared and its initialization fails, it > should jump to 'out_free' to free 'state', shouldn't it? Sorry if I have > overlooked something here. > > Thank your for your feedback and best regards, > Javier Carrasco > I think that the issue you are talking about is that the goto will trigger the cleanup function of the device_node, which will not be initialized at that point. Yes, the goto before the device_node declaration hurts, and a return as you said would be better. Thanks and best regards, Javier Carrasco
On Fri, Oct 11, 2024 at 12:09:01AM +0200, Javier Carrasco wrote: > I think that the issue you are talking about is that the goto will > trigger the cleanup function of the device_node, which will not be > initialized at that point. ... and gcc will compile that without an error. Clang will not, but you need to watch out for build coverage in arch-specific code - clang doesn't cover every architecture (and won't cover some of them, no matter what - alpha, for example). As for the scope changes... note that you've delayed the moment of of_node_put() in some of those. It's harmless for device_node, but try something of that sort with e.g. mutex_lock(&lock); something(); mutex_unlock(&lock); foo(); return 0; where foo() itself grabs the same lock and it's not harmless at all - guard(mutex)(&lock); something(); foo(); return 0; is equivalent to moving mutex_unlock() to the end of scope, i.e. past the call of foo(), resulting in mutex_lock(&lock); something(); foo(); // deadlock mutex_unlock(&lock); return 0; __cleanup *is* a useful tool, when used carefully, but you really have to watch out for crap of that sort.
On 11/10/2024 00:22, Al Viro wrote: > On Fri, Oct 11, 2024 at 12:09:01AM +0200, Javier Carrasco wrote: > >> I think that the issue you are talking about is that the goto will >> trigger the cleanup function of the device_node, which will not be >> initialized at that point. > > ... and gcc will compile that without an error. Clang will not, but > you need to watch out for build coverage in arch-specific code - > clang doesn't cover every architecture (and won't cover some of them, > no matter what - alpha, for example). > > As for the scope changes... note that you've delayed the moment of > of_node_put() in some of those. It's harmless for device_node, but > try something of that sort with e.g. > > mutex_lock(&lock); > something(); > mutex_unlock(&lock); > foo(); > return 0; > > where foo() itself grabs the same lock and it's not harmless at all - > > guard(mutex)(&lock); > something(); > foo(); > return 0; > > is equivalent to moving mutex_unlock() to the end of scope, i.e. past > the call of foo(), resulting in > > mutex_lock(&lock); > something(); > foo(); // deadlock > mutex_unlock(&lock); > return 0; > > __cleanup *is* a useful tool, when used carefully, but you really > have to watch out for crap of that sort. For cases like the one you are mentioning, scoped_guard() is the real one to be used, but I get your point. I just overlooked the goto as it just goes to a return, and I processed in my mind as a direct return, which is not! I have even reviewed such issues in the past... karma. The goto in that case is meaningless anyway, and a direct return would be more readable anyway. Thanks again.
diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c index 20020cbc0752..bb1c732c8f95 100644 --- a/drivers/input/misc/sparcspkr.c +++ b/drivers/input/misc/sparcspkr.c @@ -188,7 +188,6 @@ static int bbc_beep_probe(struct platform_device *op) { struct sparcspkr_state *state; struct bbc_beep_info *info; - struct device_node *dp; int err = -ENOMEM; state = kzalloc(sizeof(*state), GFP_KERNEL); @@ -199,14 +198,13 @@ static int bbc_beep_probe(struct platform_device *op) state->event = bbc_spkr_event; spin_lock_init(&state->lock); - dp = of_find_node_by_path("/"); err = -ENODEV; + struct device_node *dp __free(device_node) = of_find_node_by_path("/"); if (!dp) goto out_free; info = &state->u.bbc; info->clock_freq = of_getintprop_default(dp, "clock-frequency", 0); - of_node_put(dp); if (!info->clock_freq) goto out_free;
Use the 'free(device_node)' macro to simplify the code by automatically freeing the device node, which removes the need for explicit calls to 'of_node_put()'. Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com> --- drivers/input/misc/sparcspkr.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)