Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp495330pxb; Wed, 18 Aug 2021 07:10:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy6dYLaeUSlJp4VI5cfNZRV7Wh3H1i/AFMtd6LRIFpp+D8+jt4fKWgwCsUsRPJAZisHXwh3 X-Received: by 2002:a92:c808:: with SMTP id v8mr6171918iln.110.1629295826286; Wed, 18 Aug 2021 07:10:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629295826; cv=none; d=google.com; s=arc-20160816; b=T46i1xJYrDIj0K/3EGgT+1DY9P2/NObTs+bZo06IcMAYzv5+Xd8LnnuOjMI4spDDKj a5BENHbOIYczfws5c/S1FkHFEqrIMgSV2KdPLb0GM/krwImtKGVtaW5wmR34vpa+jK3r w8tt901sHSCf/ztK/TiQBJyEJNZ9YtsMkJ4R2hR0ALZbR+jmMGO6W1+YeZMA5+bWIQtB WfqrDI6Mgw94qNAvjrvNnBFeh6M91Nkw1eVEUT/8TkDl0scdjso8vkIp2aAis1EgfLwI MFjDb7PWKdM1j69ejJd9FxdR5cOfeWBBk70cQOtjOoHw4s6WflUlx3/zSovKJYa84VYG 5Hzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=v9/5mLh4w+33B0jb6LwAj8S/YpjKu8INrk78Eu6m2m4=; b=Txr+MxPxqDglpYlEGVcpWHJl3J/anlR2sIxhyoyCkt8/tlO3j/Vh3YHaUfpe89AZr3 tT0iWLtkQqO1RGchBf/r8aE23lkibZ3bIYjScA+0yJySKAoq4422Pa4JsxPpl0b/WmIF D/1DD3N90L7/vWh0icVxn20TRnqEMDRaJEUjogYmpc9siCnHK9Yff/pe8Zq2ITsxwUcL UaRSSrkS7yhNcFmZgV84mCpreDBzmUrqGcX4WtKBrbb7tgwGoEA0k5mIcmpaXi8ZalsC MxHF07cBHKqjVXpe+R7JgoPBpqyZPkvpRjRVsbSoGOjup3mzdBu+xP72cAQCGntuTl2f pPiA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Gzai0b48; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q9si5390283ile.120.2021.08.18.07.10.14; Wed, 18 Aug 2021 07:10:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Gzai0b48; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238662AbhHROIY (ORCPT + 99 others); Wed, 18 Aug 2021 10:08:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:53910 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237887AbhHROIT (ORCPT ); Wed, 18 Aug 2021 10:08:19 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6AD14610A3; Wed, 18 Aug 2021 14:07:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1629295664; bh=hGLlWsyvSf4AqdvWej7th3DOiRfeRhKplfyBiO2scnI=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Gzai0b48N7Q8tCJJN53hvTcDbMHxQnGmBDyS23Pi5XB25fFs/omG6ojBTD0l2J0Kt hcGF5k42AgA/9E0cVp+KkdmDweT2LNii2l+B6VjwhAzAOldDCQY/O+keXR2RKdsJ4F cF7XdbGUv/fdGQTtl0UDLcec33qrQ28JWcSI5vYZf4wvTZIeoREtvP6ff+U53Ud9YW Q5Re3Gbs3mmHrGllt6DR8GNxoHaYxb4die41n0sFa5YfCcqCtT5OaV3M4AFGLygiO7 0eqP74vaSV5mnLV10A1226CI1Mgl/jkndTQRZXGHgCgZh6+xXr1nI2lsu7wCS8zSyP lJZ2joRSkPWHA== Received: by mail-ej1-f51.google.com with SMTP id u3so5359833ejz.1; Wed, 18 Aug 2021 07:07:44 -0700 (PDT) X-Gm-Message-State: AOAM531bxE8ek4DN3UQCQxXW/cfhGI9ksTzzs7RCR5jYDSCBufD3cEsX 8gUGDNM3cVTangj7O+6IM7XqxB7RyHvr9+M/oA== X-Received: by 2002:a17:906:8cd:: with SMTP id o13mr10111594eje.341.1629295663029; Wed, 18 Aug 2021 07:07:43 -0700 (PDT) MIME-Version: 1.0 References: <20210818130950.3715-1-Wentao_Liang_g@163.com> In-Reply-To: <20210818130950.3715-1-Wentao_Liang_g@163.com> From: Rob Herring Date: Wed, 18 Aug 2021 09:07:31 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] drivers:of:property.c: fix a potential double put (release) bug To: Wentao_Liang , Saravana Kannan Cc: Frank Rowand , devicetree@vger.kernel.org, "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +Saravana On Wed, Aug 18, 2021 at 8:26 AM Wentao_Liang wrote: > > In line 1423 (#1), of_link_to_phandle() is called. In the function > (line 1140, #2), "of_node_put(sup_np);" drops the reference to phandle > and may cause phandle to be released. However, after the function > returns, the phandle is subsequently dropped again (line 1424, #3) by > the same put function. Double putting the phandle can lead to an > incorrect reference count. > > We believe that the first put of the phandle is unnecessary (#3). We > can fix the above bug by removing the redundant "of_node_put()" in line > 1423. > > 1401 static int of_link_property(struct device_node *con_np, > const char *prop_name) > 1402 { > ... > 1409 while (!matched && s->parse_prop) { > ... > 1414 > 1415 while ((phandle = s->parse_prop(con_np, prop_name, i))) { > ... > //#1 phandle is dropped in this function > 1423 of_link_to_phandle(con_dev_np, phandle); > > 1424 //#3 the second drop to phandle > of_node_put(phandle); > > 1425 of_node_put(con_dev_np); > 1426 } > ... > 1428 } > 1429 return 0; > 1430 } > > 1095 static int of_link_to_phandle(struct device_node *con_np, > 1096 struct device_node *sup_np) > 1097 { > 1098 struct device *sup_dev; > 1099 struct device_node *tmp_np = sup_np; > ... > 1140 of_node_put(sup_np); //#2 the first drop to phandle > // (unnecessary) > 1141 > 1142 return 0; > 1143 } > > Signed-off-by: Wentao_Liang > --- > drivers/of/property.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/drivers/of/property.c b/drivers/of/property.c > index 6c028632f425..408fdde1a20c 100644 > --- a/drivers/of/property.c > +++ b/drivers/of/property.c > @@ -1137,7 +1137,6 @@ static int of_link_to_phandle(struct device_node *con_np, > put_device(sup_dev); > > fwnode_link_add(of_fwnode_handle(con_np), of_fwnode_handle(sup_np)); > - of_node_put(sup_np); > > return 0; > } > -- > 2.25.1 >