* [PATCH] arm/xen: Fix refcount leak in xen_dt_guest_init
@ 2022-03-09 10:24 ` Miaoqian Lin
0 siblings, 0 replies; 10+ messages in thread
From: Miaoqian Lin @ 2022-03-09 10:24 UTC (permalink / raw)
To: Stefano Stabellini, Russell King, Catalin Marinas, Shannon Zhao,
Julien Grall, xen-devel, linux-arm-kernel, linux-kernel
Cc: linmq006
The of_find_compatible_node() function returns a node pointer with
refcount incremented, We should use of_node_put() on it when done
Add the missing of_node_put() to release the refcount.
Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
---
arch/arm/xen/enlighten.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c
index ec5b082f3de6..262f45f686b6 100644
--- a/arch/arm/xen/enlighten.c
+++ b/arch/arm/xen/enlighten.c
@@ -424,6 +424,7 @@ static void __init xen_dt_guest_init(void)
if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) {
pr_err("Xen grant table region is not found\n");
+ of_node_put(xen_node);
return;
}
xen_grant_frames = res.start;
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH] arm/xen: Fix refcount leak in xen_dt_guest_init @ 2022-03-09 10:24 ` Miaoqian Lin 0 siblings, 0 replies; 10+ messages in thread From: Miaoqian Lin @ 2022-03-09 10:24 UTC (permalink / raw) To: Stefano Stabellini, Russell King, Catalin Marinas, Shannon Zhao, Julien Grall, xen-devel, linux-arm-kernel, linux-kernel Cc: linmq006 The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount. Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> --- arch/arm/xen/enlighten.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c index ec5b082f3de6..262f45f686b6 100644 --- a/arch/arm/xen/enlighten.c +++ b/arch/arm/xen/enlighten.c @@ -424,6 +424,7 @@ static void __init xen_dt_guest_init(void) if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { pr_err("Xen grant table region is not found\n"); + of_node_put(xen_node); return; } xen_grant_frames = res.start; -- 2.17.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] arm/xen: Fix refcount leak in xen_dt_guest_init 2022-03-09 10:24 ` Miaoqian Lin @ 2022-03-12 2:01 ` Stefano Stabellini -1 siblings, 0 replies; 10+ messages in thread From: Stefano Stabellini @ 2022-03-12 2:01 UTC (permalink / raw) To: Miaoqian Lin Cc: Stefano Stabellini, Russell King, Catalin Marinas, Shannon Zhao, Julien Grall, xen-devel, linux-arm-kernel, linux-kernel On Wed, 9 Mar 2022, Miaoqian Lin wrote: > The of_find_compatible_node() function returns a node pointer with > refcount incremented, We should use of_node_put() on it when done > Add the missing of_node_put() to release the refcount. > > Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Thanks for the patch! > --- > arch/arm/xen/enlighten.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c > index ec5b082f3de6..262f45f686b6 100644 > --- a/arch/arm/xen/enlighten.c > +++ b/arch/arm/xen/enlighten.c > @@ -424,6 +424,7 @@ static void __init xen_dt_guest_init(void) > > if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { > pr_err("Xen grant table region is not found\n"); > + of_node_put(xen_node); > return; > } This is adding a call to of_node_put on the error path. Shouldn't it be called also in the non-error path? Also, there is another instance of of_address_to_resource being called in this file (in arch_xen_unpopulated_init), does it make sense to call of_node_put there too? ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] arm/xen: Fix refcount leak in xen_dt_guest_init @ 2022-03-12 2:01 ` Stefano Stabellini 0 siblings, 0 replies; 10+ messages in thread From: Stefano Stabellini @ 2022-03-12 2:01 UTC (permalink / raw) To: Miaoqian Lin Cc: Stefano Stabellini, Russell King, Catalin Marinas, Shannon Zhao, Julien Grall, xen-devel, linux-arm-kernel, linux-kernel On Wed, 9 Mar 2022, Miaoqian Lin wrote: > The of_find_compatible_node() function returns a node pointer with > refcount incremented, We should use of_node_put() on it when done > Add the missing of_node_put() to release the refcount. > > Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Thanks for the patch! > --- > arch/arm/xen/enlighten.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c > index ec5b082f3de6..262f45f686b6 100644 > --- a/arch/arm/xen/enlighten.c > +++ b/arch/arm/xen/enlighten.c > @@ -424,6 +424,7 @@ static void __init xen_dt_guest_init(void) > > if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { > pr_err("Xen grant table region is not found\n"); > + of_node_put(xen_node); > return; > } This is adding a call to of_node_put on the error path. Shouldn't it be called also in the non-error path? Also, there is another instance of of_address_to_resource being called in this file (in arch_xen_unpopulated_init), does it make sense to call of_node_put there too? _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] arm/xen: Fix refcount leak in xen_dt_guest_init 2022-03-12 2:01 ` Stefano Stabellini @ 2022-04-06 2:19 ` Miaoqian Lin -1 siblings, 0 replies; 10+ messages in thread From: Miaoqian Lin @ 2022-04-06 2:19 UTC (permalink / raw) To: Stefano Stabellini Cc: Russell King, Catalin Marinas, Shannon Zhao, Julien Grall, xen-devel, linux-arm-kernel, linux-kernel Hi, On Fri, Mar 11, 2022 at 06:01:11PM -0800, Stefano Stabellini wrote: > On Wed, 9 Mar 2022, Miaoqian Lin wrote: > > The of_find_compatible_node() function returns a node pointer with > > refcount incremented, We should use of_node_put() on it when done > > Add the missing of_node_put() to release the refcount. > > > > Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") > > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> > > Thanks for the patch! > > > > --- > > arch/arm/xen/enlighten.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c > > index ec5b082f3de6..262f45f686b6 100644 > > --- a/arch/arm/xen/enlighten.c > > +++ b/arch/arm/xen/enlighten.c > > @@ -424,6 +424,7 @@ static void __init xen_dt_guest_init(void) > > > > if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { > > pr_err("Xen grant table region is not found\n"); > > + of_node_put(xen_node); > > return; > > } > > This is adding a call to of_node_put on the error path. Shouldn't it > be called also in the non-error path? You're right. It should be called also in the non-error path. I made a mistake. > Also, there is another instance of of_address_to_resource being called > in this file (in arch_xen_unpopulated_init), does it make sense to call > of_node_put there too? I think so, becase device node pointer np is a local variable. So the reference it taken should be released in the scope. I look into the whole codebase for this kind of usage pattern ($ret=of_find_compatible_node();of_address_to_resource($ret,_,_), $ret is a local variable), Most of them call of_node_put() when done. And document of of_find_compatible_node() also mentions > Return: A node pointer with refcount incremented, use > of_node_put() on it when done. But I am not sure, Since I am unfamiliar with other code logic. It better if the developers could double check. I found some similar cases in arch/arm. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] arm/xen: Fix refcount leak in xen_dt_guest_init @ 2022-04-06 2:19 ` Miaoqian Lin 0 siblings, 0 replies; 10+ messages in thread From: Miaoqian Lin @ 2022-04-06 2:19 UTC (permalink / raw) To: Stefano Stabellini Cc: Russell King, Catalin Marinas, Shannon Zhao, Julien Grall, xen-devel, linux-arm-kernel, linux-kernel Hi, On Fri, Mar 11, 2022 at 06:01:11PM -0800, Stefano Stabellini wrote: > On Wed, 9 Mar 2022, Miaoqian Lin wrote: > > The of_find_compatible_node() function returns a node pointer with > > refcount incremented, We should use of_node_put() on it when done > > Add the missing of_node_put() to release the refcount. > > > > Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") > > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> > > Thanks for the patch! > > > > --- > > arch/arm/xen/enlighten.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c > > index ec5b082f3de6..262f45f686b6 100644 > > --- a/arch/arm/xen/enlighten.c > > +++ b/arch/arm/xen/enlighten.c > > @@ -424,6 +424,7 @@ static void __init xen_dt_guest_init(void) > > > > if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { > > pr_err("Xen grant table region is not found\n"); > > + of_node_put(xen_node); > > return; > > } > > This is adding a call to of_node_put on the error path. Shouldn't it > be called also in the non-error path? You're right. It should be called also in the non-error path. I made a mistake. > Also, there is another instance of of_address_to_resource being called > in this file (in arch_xen_unpopulated_init), does it make sense to call > of_node_put there too? I think so, becase device node pointer np is a local variable. So the reference it taken should be released in the scope. I look into the whole codebase for this kind of usage pattern ($ret=of_find_compatible_node();of_address_to_resource($ret,_,_), $ret is a local variable), Most of them call of_node_put() when done. And document of of_find_compatible_node() also mentions > Return: A node pointer with refcount incremented, use > of_node_put() on it when done. But I am not sure, Since I am unfamiliar with other code logic. It better if the developers could double check. I found some similar cases in arch/arm. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2] arm/xen: Fix some refcount leaks 2022-04-06 2:19 ` Miaoqian Lin @ 2022-04-20 1:49 ` Miaoqian Lin -1 siblings, 0 replies; 10+ messages in thread From: Miaoqian Lin @ 2022-04-20 1:49 UTC (permalink / raw) To: Stefano Stabellini, Russell King, Shannon Zhao, Catalin Marinas, Julien Grall, Oleksandr Tyshchenko, Juergen Gross, xen-devel, linux-arm-kernel, linux-kernel Cc: linmq006 The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount. Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") Fixes: b2371587fe0c ("arm/xen: Read extended regions from DT and init Xen resource") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> --- changes in v2: - call of_node_put in non-error path in xen_dt_guest_init - fix same refcount leak error in arch_xen_unpopulated_init --- arch/arm/xen/enlighten.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c index ec5b082f3de6..07eb69f9e7df 100644 --- a/arch/arm/xen/enlighten.c +++ b/arch/arm/xen/enlighten.c @@ -337,12 +337,15 @@ int __init arch_xen_unpopulated_init(struct resource **res) if (!nr_reg) { pr_err("No extended regions are found\n"); + of_node_put(np); return -EINVAL; } regs = kcalloc(nr_reg, sizeof(*regs), GFP_KERNEL); - if (!regs) + if (!regs) { + of_node_put(np); return -ENOMEM; + } /* * Create resource from extended regions provided by the hypervisor to be @@ -403,8 +406,8 @@ int __init arch_xen_unpopulated_init(struct resource **res) *res = &xen_resource; err: + of_node_put(np); kfree(regs); - return rc; } #endif @@ -424,8 +427,10 @@ static void __init xen_dt_guest_init(void) if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { pr_err("Xen grant table region is not found\n"); + of_node_put(xen_node); return; } + of_node_put(xen_node); xen_grant_frames = res.start; } -- 2.17.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2] arm/xen: Fix some refcount leaks @ 2022-04-20 1:49 ` Miaoqian Lin 0 siblings, 0 replies; 10+ messages in thread From: Miaoqian Lin @ 2022-04-20 1:49 UTC (permalink / raw) To: Stefano Stabellini, Russell King, Shannon Zhao, Catalin Marinas, Julien Grall, Oleksandr Tyshchenko, Juergen Gross, xen-devel, linux-arm-kernel, linux-kernel Cc: linmq006 The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount. Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") Fixes: b2371587fe0c ("arm/xen: Read extended regions from DT and init Xen resource") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> --- changes in v2: - call of_node_put in non-error path in xen_dt_guest_init - fix same refcount leak error in arch_xen_unpopulated_init --- arch/arm/xen/enlighten.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c index ec5b082f3de6..07eb69f9e7df 100644 --- a/arch/arm/xen/enlighten.c +++ b/arch/arm/xen/enlighten.c @@ -337,12 +337,15 @@ int __init arch_xen_unpopulated_init(struct resource **res) if (!nr_reg) { pr_err("No extended regions are found\n"); + of_node_put(np); return -EINVAL; } regs = kcalloc(nr_reg, sizeof(*regs), GFP_KERNEL); - if (!regs) + if (!regs) { + of_node_put(np); return -ENOMEM; + } /* * Create resource from extended regions provided by the hypervisor to be @@ -403,8 +406,8 @@ int __init arch_xen_unpopulated_init(struct resource **res) *res = &xen_resource; err: + of_node_put(np); kfree(regs); - return rc; } #endif @@ -424,8 +427,10 @@ static void __init xen_dt_guest_init(void) if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { pr_err("Xen grant table region is not found\n"); + of_node_put(xen_node); return; } + of_node_put(xen_node); xen_grant_frames = res.start; } -- 2.17.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v2] arm/xen: Fix some refcount leaks 2022-04-20 1:49 ` Miaoqian Lin @ 2022-04-22 0:36 ` Stefano Stabellini -1 siblings, 0 replies; 10+ messages in thread From: Stefano Stabellini @ 2022-04-22 0:36 UTC (permalink / raw) To: Miaoqian Lin Cc: Stefano Stabellini, Russell King, Shannon Zhao, Catalin Marinas, Julien Grall, Oleksandr Tyshchenko, Juergen Gross, xen-devel, linux-arm-kernel, linux-kernel On Wed, 20 Apr 2022, Miaoqian Lin wrote: > The of_find_compatible_node() function returns a node pointer with > refcount incremented, We should use of_node_put() on it when done > Add the missing of_node_put() to release the refcount. > > Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") > Fixes: b2371587fe0c ("arm/xen: Read extended regions from DT and init Xen resource") > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Juergen, Boris, I applied the patch to for-linus-5.18 > --- > changes in v2: > - call of_node_put in non-error path in xen_dt_guest_init > - fix same refcount leak error in arch_xen_unpopulated_init > --- > arch/arm/xen/enlighten.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c > index ec5b082f3de6..07eb69f9e7df 100644 > --- a/arch/arm/xen/enlighten.c > +++ b/arch/arm/xen/enlighten.c > @@ -337,12 +337,15 @@ int __init arch_xen_unpopulated_init(struct resource **res) > > if (!nr_reg) { > pr_err("No extended regions are found\n"); > + of_node_put(np); > return -EINVAL; > } > > regs = kcalloc(nr_reg, sizeof(*regs), GFP_KERNEL); > - if (!regs) > + if (!regs) { > + of_node_put(np); > return -ENOMEM; > + } > > /* > * Create resource from extended regions provided by the hypervisor to be > @@ -403,8 +406,8 @@ int __init arch_xen_unpopulated_init(struct resource **res) > *res = &xen_resource; > > err: > + of_node_put(np); > kfree(regs); > - > return rc; > } > #endif > @@ -424,8 +427,10 @@ static void __init xen_dt_guest_init(void) > > if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { > pr_err("Xen grant table region is not found\n"); > + of_node_put(xen_node); > return; > } > + of_node_put(xen_node); > xen_grant_frames = res.start; > } > > -- > 2.17.1 > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2] arm/xen: Fix some refcount leaks @ 2022-04-22 0:36 ` Stefano Stabellini 0 siblings, 0 replies; 10+ messages in thread From: Stefano Stabellini @ 2022-04-22 0:36 UTC (permalink / raw) To: Miaoqian Lin Cc: Stefano Stabellini, Russell King, Shannon Zhao, Catalin Marinas, Julien Grall, Oleksandr Tyshchenko, Juergen Gross, xen-devel, linux-arm-kernel, linux-kernel On Wed, 20 Apr 2022, Miaoqian Lin wrote: > The of_find_compatible_node() function returns a node pointer with > refcount incremented, We should use of_node_put() on it when done > Add the missing of_node_put() to release the refcount. > > Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") > Fixes: b2371587fe0c ("arm/xen: Read extended regions from DT and init Xen resource") > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Juergen, Boris, I applied the patch to for-linus-5.18 > --- > changes in v2: > - call of_node_put in non-error path in xen_dt_guest_init > - fix same refcount leak error in arch_xen_unpopulated_init > --- > arch/arm/xen/enlighten.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c > index ec5b082f3de6..07eb69f9e7df 100644 > --- a/arch/arm/xen/enlighten.c > +++ b/arch/arm/xen/enlighten.c > @@ -337,12 +337,15 @@ int __init arch_xen_unpopulated_init(struct resource **res) > > if (!nr_reg) { > pr_err("No extended regions are found\n"); > + of_node_put(np); > return -EINVAL; > } > > regs = kcalloc(nr_reg, sizeof(*regs), GFP_KERNEL); > - if (!regs) > + if (!regs) { > + of_node_put(np); > return -ENOMEM; > + } > > /* > * Create resource from extended regions provided by the hypervisor to be > @@ -403,8 +406,8 @@ int __init arch_xen_unpopulated_init(struct resource **res) > *res = &xen_resource; > > err: > + of_node_put(np); > kfree(regs); > - > return rc; > } > #endif > @@ -424,8 +427,10 @@ static void __init xen_dt_guest_init(void) > > if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { > pr_err("Xen grant table region is not found\n"); > + of_node_put(xen_node); > return; > } > + of_node_put(xen_node); > xen_grant_frames = res.start; > } > > -- > 2.17.1 > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2022-04-22 0:38 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-03-09 10:24 [PATCH] arm/xen: Fix refcount leak in xen_dt_guest_init Miaoqian Lin 2022-03-09 10:24 ` Miaoqian Lin 2022-03-12 2:01 ` Stefano Stabellini 2022-03-12 2:01 ` Stefano Stabellini 2022-04-06 2:19 ` Miaoqian Lin 2022-04-06 2:19 ` Miaoqian Lin 2022-04-20 1:49 ` [PATCH v2] arm/xen: Fix some refcount leaks Miaoqian Lin 2022-04-20 1:49 ` Miaoqian Lin 2022-04-22 0:36 ` Stefano Stabellini 2022-04-22 0:36 ` Stefano Stabellini
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.