'for_each_child_of_node' performs an of_node_get on each iteration, so a
return from the middle of the loop requires an of_node_put.
Fixes: e888d445ac33 ("nvmem: resolve cells from DT at registration time")
Signed-off-by: Christophe JAILLET <[email protected]>
---
drivers/nvmem/core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index bca671ff4e54..4375e52ba6c2 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -686,12 +686,15 @@ static int nvmem_add_cells_from_of(struct nvmem_device *nvmem)
continue;
if (len < 2 * sizeof(u32)) {
dev_err(dev, "nvmem: invalid reg on %pOF\n", child);
+ of_node_put(child);
return -EINVAL;
}
cell = kzalloc(sizeof(*cell), GFP_KERNEL);
- if (!cell)
+ if (!cell) {
+ of_node_put(child);
return -ENOMEM;
+ }
cell->nvmem = nvmem;
cell->np = of_node_get(child);
@@ -717,6 +720,7 @@ static int nvmem_add_cells_from_of(struct nvmem_device *nvmem)
kfree_const(cell->name);
of_node_put(cell->np);
kfree(cell);
+ of_node_put(child);
return -EINVAL;
}
--
2.27.0
On 20/04/2021 21:12, Christophe JAILLET wrote:
> 'for_each_child_of_node' performs an of_node_get on each iteration, so a
> return from the middle of the loop requires an of_node_put.
>
> Fixes: e888d445ac33 ("nvmem: resolve cells from DT at registration time")
> Signed-off-by: Christophe JAILLET <[email protected]>
> ---
> drivers/nvmem/core.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
> index bca671ff4e54..4375e52ba6c2 100644
> --- a/drivers/nvmem/core.c
> +++ b/drivers/nvmem/core.c
> @@ -686,12 +686,15 @@ static int nvmem_add_cells_from_of(struct nvmem_device *nvmem)
> continue;
> if (len < 2 * sizeof(u32)) {
> dev_err(dev, "nvmem: invalid reg on %pOF\n", child);
> + of_node_put(child);
> return -EINVAL;
> }
>
> cell = kzalloc(sizeof(*cell), GFP_KERNEL);
> - if (!cell)
> + if (!cell) {
> + of_node_put(child);
> return -ENOMEM;
> + }
>
> cell->nvmem = nvmem;
> cell->np = of_node_get(child);
> @@ -717,6 +720,7 @@ static int nvmem_add_cells_from_of(struct nvmem_device *nvmem)
> kfree_const(cell->name);
> of_node_put(cell->np);
> kfree(cell);
> + of_node_put(child);
two of_node_put looks bit confusing to the reader, can you move the
cell->np = of_node_get(child); just before nvmem_cell_add(cell);
so that we can remove extra put.
Was this reported by some kind of static analysis tool?
--srini
> return -EINVAL;
> }
>
>
Le 23/04/2021 à 11:30, Srinivas Kandagatla a écrit :
>
>
> On 20/04/2021 21:12, Christophe JAILLET wrote:
>> 'for_each_child_of_node' performs an of_node_get on each iteration, so a
>> return from the middle of the loop requires an of_node_put.
>>
>> Fixes: e888d445ac33 ("nvmem: resolve cells from DT at registration time")
>> Signed-off-by: Christophe JAILLET <[email protected]>
>> ---
>> drivers/nvmem/core.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
>> index bca671ff4e54..4375e52ba6c2 100644
>> --- a/drivers/nvmem/core.c
>> +++ b/drivers/nvmem/core.c
>> @@ -686,12 +686,15 @@ static int nvmem_add_cells_from_of(struct
>> nvmem_device *nvmem)
>> continue;
>> if (len < 2 * sizeof(u32)) {
>> dev_err(dev, "nvmem: invalid reg on %pOF\n", child);
>> + of_node_put(child);
>> return -EINVAL;
>> }
>> cell = kzalloc(sizeof(*cell), GFP_KERNEL);
>> - if (!cell)
>> + if (!cell) {
>> + of_node_put(child);
>> return -ENOMEM;
>> + }
>> cell->nvmem = nvmem;
>> cell->np = of_node_get(child);
>> @@ -717,6 +720,7 @@ static int nvmem_add_cells_from_of(struct
>> nvmem_device *nvmem)
>> kfree_const(cell->name);
>> of_node_put(cell->np);
>> kfree(cell);
>> + of_node_put(child);
>
> two of_node_put looks bit confusing to the reader, can you move the
>
> cell->np = of_node_get(child); just before nvmem_cell_add(cell);
> so that we can remove extra put.
>
Sure.
I didn't pay attention that cell->np and child were the same and that
the code looked odd now.
Thx for the review and the comment.
> Was this reported by some kind of static analysis tool?
>
Yes, this was found by coccinelle.
The script used was an old one posted by Julia Lawall a few years ago:
// <smpl>
@r@
local idexpression n;
expression e1,e2;
iterator name for_each_node_by_name, for_each_node_by_type,
for_each_compatible_node, for_each_matching_node,
for_each_matching_node_and_match, for_each_child_of_node,
for_each_available_child_of_node, for_each_node_with_property;
iterator i;
statement S;
expression list [n1] es;
@@
(
(
for_each_node_by_name(n,e1) S
|
for_each_node_by_type(n,e1) S
|
for_each_compatible_node(n,e1,e2) S
|
for_each_matching_node(n,e1) S
|
for_each_matching_node_and_match(n,e1,e2) S
|
for_each_child_of_node(e1,n) S
|
for_each_available_child_of_node(e1,n) S
|
for_each_node_with_property(n,e1) S
)
&
i(es,n,...) S
)
@@
local idexpression r.n;
iterator r.i;
expression e;
expression list [r.n1] es;
@@
i(es,n,...) {
...
(
of_node_put(n);
|
e = n
|
return n;
|
+ of_node_put(n);
? return ...;
)
...
}
@@
local idexpression r.n;
iterator r.i;
expression e;
expression list [r.n1] es;
@@
i(es,n,...) {
...
(
of_node_put(n);
|
e = n
|
+ of_node_put(n);
? break;
)
...
}
... when != n
@@
local idexpression r.n;
iterator r.i;
expression e;
identifier l;
expression list [r.n1] es;
@@
i(es,n,...) {
...
(
of_node_put(n);
|
e = n
|
+ of_node_put(n);
? goto l;
)
...
}
...
l: ... when != n
// </smpl>
>
> --srini
>
>
>
>> return -EINVAL;
>> }
>>
>