After calling of_irq_parse_one(), the node provided in the of_phandle_args
has a refcount increment by one. Add missing of_node_put in of_irq_get()
to decrement the refcount once used.
Signed-off-by: Clément Léger <[email protected]>
---
While debugging a refcount problem with OF_DYNAMIC enabled (which is
actually the only case were node refcount are really used), I noticed that
platform_get_irq() was actually incrementing the refcount of an interrupt
controller node. Digging into that function shows that it calls
of_irq_get() which calls of_irq_parse_one() and finally of_irq_parse_raw().
Since it seems sane that the node returned in the of_phandle_args has a
refcount incremented, I thought it is better to put the of_node_put() in
the user even though it was hard to find any user doing so.
drivers/of/irq.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/of/irq.c b/drivers/of/irq.c
index e9bf5236ed89..174900072c18 100644
--- a/drivers/of/irq.c
+++ b/drivers/of/irq.c
@@ -438,10 +438,16 @@ int of_irq_get(struct device_node *dev, int index)
return rc;
domain = irq_find_host(oirq.np);
- if (!domain)
- return -EPROBE_DEFER;
+ if (!domain) {
+ rc = -EPROBE_DEFER;
+ goto out;
+ }
- return irq_create_of_mapping(&oirq);
+ rc = irq_create_of_mapping(&oirq);
+out:
+ of_node_put(oirq.np);
+
+ return rc;
}
EXPORT_SYMBOL_GPL(of_irq_get);
--
2.39.0
On Tue, 17 Jan 2023 15:49:29 +0100, Cl?ment L?ger wrote:
> After calling of_irq_parse_one(), the node provided in the of_phandle_args
> has a refcount increment by one. Add missing of_node_put in of_irq_get()
> to decrement the refcount once used.
>
> Signed-off-by: Cl?ment L?ger <[email protected]>
> ---
>
> While debugging a refcount problem with OF_DYNAMIC enabled (which is
> actually the only case were node refcount are really used), I noticed that
> platform_get_irq() was actually incrementing the refcount of an interrupt
> controller node. Digging into that function shows that it calls
> of_irq_get() which calls of_irq_parse_one() and finally of_irq_parse_raw().
> Since it seems sane that the node returned in the of_phandle_args has a
> refcount incremented, I thought it is better to put the of_node_put() in
> the user even though it was hard to find any user doing so.
>
> drivers/of/irq.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
Applied, thanks!
+Saravana, Jean
On Tue, Jan 17, 2023 at 8:47 AM Clément Léger <[email protected]> wrote:
>
> After calling of_irq_parse_one(), the node provided in the of_phandle_args
> has a refcount increment by one. Add missing of_node_put in of_irq_get()
> to decrement the refcount once used.
>
> Signed-off-by: Clément Léger <[email protected]>
> ---
>
> While debugging a refcount problem with OF_DYNAMIC enabled (which is
> actually the only case were node refcount are really used), I noticed that
> platform_get_irq() was actually incrementing the refcount of an interrupt
> controller node. Digging into that function shows that it calls
> of_irq_get() which calls of_irq_parse_one() and finally of_irq_parse_raw().
> Since it seems sane that the node returned in the of_phandle_args has a
> refcount incremented, I thought it is better to put the of_node_put() in
> the user even though it was hard to find any user doing so.
While investigating [1], I stumbled back on this. Was the failing case
you had using interrupts-extended? It looks to me like that path has a
get, but the 'interrupts' path does not. If so, this change is wrong.
Rob
[1] https://lore.kernel.org/all/[email protected]/
>
> drivers/of/irq.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/of/irq.c b/drivers/of/irq.c
> index e9bf5236ed89..174900072c18 100644
> --- a/drivers/of/irq.c
> +++ b/drivers/of/irq.c
> @@ -438,10 +438,16 @@ int of_irq_get(struct device_node *dev, int index)
> return rc;
>
> domain = irq_find_host(oirq.np);
> - if (!domain)
> - return -EPROBE_DEFER;
> + if (!domain) {
> + rc = -EPROBE_DEFER;
> + goto out;
> + }
>
> - return irq_create_of_mapping(&oirq);
> + rc = irq_create_of_mapping(&oirq);
> +out:
> + of_node_put(oirq.np);
> +
> + return rc;
> }
> EXPORT_SYMBOL_GPL(of_irq_get);
>
> --
> 2.39.0
>
Le Tue, 28 Feb 2023 17:14:18 -0600,
Rob Herring <[email protected]> a écrit :
> +Saravana, Jean
>
> On Tue, Jan 17, 2023 at 8:47 AM Clément Léger <[email protected]> wrote:
> >
> > After calling of_irq_parse_one(), the node provided in the of_phandle_args
> > has a refcount increment by one. Add missing of_node_put in of_irq_get()
> > to decrement the refcount once used.
> >
> > Signed-off-by: Clément Léger <[email protected]>
> > ---
> >
> > While debugging a refcount problem with OF_DYNAMIC enabled (which is
> > actually the only case were node refcount are really used), I noticed that
> > platform_get_irq() was actually incrementing the refcount of an interrupt
> > controller node. Digging into that function shows that it calls
> > of_irq_get() which calls of_irq_parse_one() and finally of_irq_parse_raw().
> > Since it seems sane that the node returned in the of_phandle_args has a
> > refcount incremented, I thought it is better to put the of_node_put() in
> > the user even though it was hard to find any user doing so.
>
> While investigating [1], I stumbled back on this. Was the failing case
> you had using interrupts-extended? It looks to me like that path has a
> get, but the 'interrupts' path does not. If so, this change is wrong.
In my case, it was with a classic "interrupts" property. I can take
another look at the internal code to be sure this fix is correct.
Clément
>
> Rob
>
> [1] https://lore.kernel.org/all/[email protected]/
>
>
> >
> > drivers/of/irq.c | 12 +++++++++---
> > 1 file changed, 9 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/of/irq.c b/drivers/of/irq.c
> > index e9bf5236ed89..174900072c18 100644
> > --- a/drivers/of/irq.c
> > +++ b/drivers/of/irq.c
> > @@ -438,10 +438,16 @@ int of_irq_get(struct device_node *dev, int index)
> > return rc;
> >
> > domain = irq_find_host(oirq.np);
> > - if (!domain)
> > - return -EPROBE_DEFER;
> > + if (!domain) {
> > + rc = -EPROBE_DEFER;
> > + goto out;
> > + }
> >
> > - return irq_create_of_mapping(&oirq);
> > + rc = irq_create_of_mapping(&oirq);
> > +out:
> > + of_node_put(oirq.np);
> > +
> > + return rc;
> > }
> > EXPORT_SYMBOL_GPL(of_irq_get);
> >
> > --
> > 2.39.0
> >
--
Clément Léger,
Embedded Linux and Kernel engineer at Bootlin
https://bootlin.com