2021-07-09 20:19:35

by Julia Lawall

Subject: [PATCH] drm/of: free the right object

There is no need to free a NULL value. Instead, free the object
that is leaking due to the iterator.

The semantic patch that finds this problem is as follows:

// <smpl>
@@
expression x,e;
identifier f;
@@
x = f(...);
if (x == NULL) {
... when any
when != x = e
* of_node_put(x);
...
}
// </smpl>

Fixes: 6529007522de ("drm: of: Add drm_of_lvds_get_dual_link_pixel_order")
Signed-off-by: Julia Lawall <[email protected]>

---
drivers/gpu/drm/drm_of.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/drm_of.c b/drivers/gpu/drm/drm_of.c
index ca04c34e8251..197c57477344 100644
--- a/drivers/gpu/drm/drm_of.c
+++ b/drivers/gpu/drm/drm_of.c
@@ -315,7 +315,7 @@ static int drm_of_lvds_get_remote_pixels_type(

remote_port = of_graph_get_remote_port(endpoint);
if (!remote_port) {
- of_node_put(remote_port);
+ of_node_put(endpoint);
return -EPIPE;
}

2021-07-12 14:27:01

by Daniel Vetter

Subject: Re: [PATCH] drm/of: free the right object

On Fri, Jul 09, 2021 at 10:07:17PM +0200, Julia Lawall wrote:
> There is no need to free a NULL value. Instead, free the object
> that is leaking due to the iterator.
>
> The semantic patch that finds this problem is as follows:
>
> // <smpl>
> @@
> expression x,e;
> identifier f;
> @@
> x = f(...);
> if (x == NULL) {
> ... when any
> when != x = e
> * of_node_put(x);
> ...
> }
> // </smpl>
>
> Fixes: 6529007522de ("drm: of: Add drm_of_lvds_get_dual_link_pixel_order")
> Signed-off-by: Julia Lawall <[email protected]>

Applied to drm-misc-next, thanks for your patch.

Random rant about this for_each_child_of_node():
- not documented with kerneldoc
- very dangerous since the seemingly correct usage leaks

What we've done here for similar refcounted iterators is a 3 step process:
- iter_init()
- for_each_iter() macro
- iter_fini(), which has to be always called after iter_init and cleans up
the last reference.

Then it's a lot more obvious that you call iter_fini() when you break out
of a loop. Trying to hide that in the for_each macro is a bit much.

Cheers, Daniel

>
> ---
> drivers/gpu/drm/drm_of.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/drm_of.c b/drivers/gpu/drm/drm_of.c
> index ca04c34e8251..197c57477344 100644
> --- a/drivers/gpu/drm/drm_of.c
> +++ b/drivers/gpu/drm/drm_of.c
> @@ -315,7 +315,7 @@ static int drm_of_lvds_get_remote_pixels_type(
>
> remote_port = of_graph_get_remote_port(endpoint);
> if (!remote_port) {
> - of_node_put(remote_port);
> + of_node_put(endpoint);
> return -EPIPE;
> }
>
>

--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch