Linux-ide Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] ata: libahci_platform: Add of_node_put() before loop exit
@ 2019-08-15  6:00 Nishka Dasgupta
  2019-08-15  8:53 ` for_each_child_of_node semantics are broken (was [PATCH] ata: libahci_platform: Add of_node_put() before loop exit) Hans de Goede
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Nishka Dasgupta @ 2019-08-15  6:00 UTC (permalink / raw)
  To: hdegoede, axboe, linux-ide, linux-kernel; +Cc: Nishka Dasgupta

Each iteration of for_each_child_of_node puts the previous node, but
in the case of a goto from the middle of the loop, there is no put,
thus causing a memory leak. Add an of_node_put before three such goto
statements.
Issue found with Coccinelle.

Signed-off-by: Nishka Dasgupta <nishkadg.linux@gmail.com>
---
 drivers/ata/libahci_platform.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/ata/libahci_platform.c b/drivers/ata/libahci_platform.c
index 9e9583a6bba9..e742780950de 100644
--- a/drivers/ata/libahci_platform.c
+++ b/drivers/ata/libahci_platform.c
@@ -497,6 +497,7 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
 
 			if (of_property_read_u32(child, "reg", &port)) {
 				rc = -EINVAL;
+				of_node_put(child);
 				goto err_out;
 			}
 
@@ -514,14 +515,18 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
 			if (port_dev) {
 				rc = ahci_platform_get_regulator(hpriv, port,
 								&port_dev->dev);
-				if (rc == -EPROBE_DEFER)
+				if (rc == -EPROBE_DEFER) {
+					of_node_put(child);
 					goto err_out;
+				}
 			}
 #endif
 
 			rc = ahci_platform_get_phy(hpriv, port, dev, child);
-			if (rc)
+			if (rc) {
+				of_node_put(child);
 				goto err_out;
+			}
 
 			enabled_ports++;
 		}
-- 
2.19.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* for_each_child_of_node semantics are broken (was [PATCH] ata: libahci_platform: Add of_node_put() before loop exit)
  2019-08-15  6:00 [PATCH] ata: libahci_platform: Add of_node_put() before loop exit Nishka Dasgupta
@ 2019-08-15  8:53 ` Hans de Goede
  2019-08-15  8:55 ` [PATCH] ata: libahci_platform: Add of_node_put() before loop exit Hans de Goede
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Hans de Goede @ 2019-08-15  8:53 UTC (permalink / raw)
  To: Nishka Dasgupta, axboe, linux-ide, linux-kernel, devicetree

Hi Nishka,

On 15-08-19 08:00, Nishka Dasgupta wrote:
> Each iteration of for_each_child_of_node puts the previous node, but
> in the case of a goto from the middle of the loop, there is no put,
> thus causing a memory leak. Add an of_node_put before three such goto
> statements.
> Issue found with Coccinelle.
> 
> Signed-off-by: Nishka Dasgupta <nishkadg.linux@gmail.com>

Thank you for your patch.

I do not like doing an of_node_put for something which we did not
explicitly of_node_get. So I was thinking about maybe replacing the
goto-s with a break.

But even if we put a break in the for_each_child_of_node loop,
we still leak the reference. Which IMHO means that the semantics of
the for_each_child_of_node helper are broken, this certainly violates
the principle of least surprise which one would expect of a good API.

I see that there are quite a few callers of this function:

[hans@shalem linux]$ ack -l for_each_child_of_node drivers | wc -l
194

And doing a manual check of these (with the intend to stop after
a couple) I already find something suspicious in the second file
ack -l returns:

         for_each_child_of_node(parent, dn) {
                 pnv_php_detach_device_nodes(dn);

                 of_node_put(dn);
                 refcount = kref_read(&dn->kobj.kref);
                 if (refcount != 1)
                         pr_warn("Invalid refcount %d on <%pOF>\n",
                                 refcount, dn);

                 of_detach_node(dn);
         }

note this does an of_node_put itself and then continues iterating,
now this function looks pretty magical to me, so it might be fine...

4th file inspected, same issue with error returns as the libahci_platform
code, see drivers/pci/controller/pci-tegra.c: tegra_pcie_parse_dt
also should that function not do a a get on the node since it stores
it in rp->np if things do succeed ?

5th file: drivers/char/rtc.c:

         for_each_node_by_name(ebus_dp, "ebus") {
                 struct device_node *dp;
                 for_each_child_of_node(ebus_dp, dp) {
                         if (of_node_name_eq(dp, "rtc")) {
                                 op = of_find_device_by_node(dp);
                                 if (op) {
                                         rtc_port = op->resource[0].start;
                                         rtc_irq = op->irqs[0];
                                         goto found;
                                 }
                         }
                 }
         }

Also a leak AFAICT.

10th file: drivers/phy/phy-core.c:

                 for_each_child_of_node(phy_provider->children, child)
                         if (child == node)
                                 return phy_provider;

Another leak...

I'm going to stop now because this just aint funny, but I do believe this
nicely illustrates how for_each_child_of_node() is ridiculously hard to use
correct.

Regards,

Hans



> ---
>   drivers/ata/libahci_platform.c | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/ata/libahci_platform.c b/drivers/ata/libahci_platform.c
> index 9e9583a6bba9..e742780950de 100644
> --- a/drivers/ata/libahci_platform.c
> +++ b/drivers/ata/libahci_platform.c
> @@ -497,6 +497,7 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
>   
>   			if (of_property_read_u32(child, "reg", &port)) {
>   				rc = -EINVAL;
> +				of_node_put(child);
>   				goto err_out;
>   			}
>   
> @@ -514,14 +515,18 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
>   			if (port_dev) {
>   				rc = ahci_platform_get_regulator(hpriv, port,
>   								&port_dev->dev);
> -				if (rc == -EPROBE_DEFER)
> +				if (rc == -EPROBE_DEFER) {
> +					of_node_put(child);
>   					goto err_out;
> +				}
>   			}
>   #endif
>   
>   			rc = ahci_platform_get_phy(hpriv, port, dev, child);
> -			if (rc)
> +			if (rc) {
> +				of_node_put(child);
>   				goto err_out;
> +			}
>   
>   			enabled_ports++;
>   		}
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] ata: libahci_platform: Add of_node_put() before loop exit
  2019-08-15  6:00 [PATCH] ata: libahci_platform: Add of_node_put() before loop exit Nishka Dasgupta
  2019-08-15  8:53 ` for_each_child_of_node semantics are broken (was [PATCH] ata: libahci_platform: Add of_node_put() before loop exit) Hans de Goede
@ 2019-08-15  8:55 ` Hans de Goede
  2019-09-19 18:17 ` Markus Elfring
  2019-09-22 15:07 ` Markus Elfring
  3 siblings, 0 replies; 5+ messages in thread
From: Hans de Goede @ 2019-08-15  8:55 UTC (permalink / raw)
  To: Nishka Dasgupta, axboe, linux-ide, linux-kernel

Hi,

On 15-08-19 08:00, Nishka Dasgupta wrote:
> Each iteration of for_each_child_of_node puts the previous node, but
> in the case of a goto from the middle of the loop, there is no put,
> thus causing a memory leak. Add an of_node_put before three such goto
> statements.
> Issue found with Coccinelle.
> 
> Signed-off-by: Nishka Dasgupta <nishkadg.linux@gmail.com>

I really believe the for_each_child_of_node semantics are broken, see my
other reply. But that is no reason not to fix this, so this is:

Reviewed-by: Hans de Goede <hdegoede@redhat.com>

Regards,

Hans


> ---
>   drivers/ata/libahci_platform.c | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/ata/libahci_platform.c b/drivers/ata/libahci_platform.c
> index 9e9583a6bba9..e742780950de 100644
> --- a/drivers/ata/libahci_platform.c
> +++ b/drivers/ata/libahci_platform.c
> @@ -497,6 +497,7 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
>   
>   			if (of_property_read_u32(child, "reg", &port)) {
>   				rc = -EINVAL;
> +				of_node_put(child);
>   				goto err_out;
>   			}
>   
> @@ -514,14 +515,18 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
>   			if (port_dev) {
>   				rc = ahci_platform_get_regulator(hpriv, port,
>   								&port_dev->dev);
> -				if (rc == -EPROBE_DEFER)
> +				if (rc == -EPROBE_DEFER) {
> +					of_node_put(child);
>   					goto err_out;
> +				}
>   			}
>   #endif
>   
>   			rc = ahci_platform_get_phy(hpriv, port, dev, child);
> -			if (rc)
> +			if (rc) {
> +				of_node_put(child);
>   				goto err_out;
> +			}
>   
>   			enabled_ports++;
>   		}
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] ata: libahci_platform: Add of_node_put() before loop exit
  2019-08-15  6:00 [PATCH] ata: libahci_platform: Add of_node_put() before loop exit Nishka Dasgupta
  2019-08-15  8:53 ` for_each_child_of_node semantics are broken (was [PATCH] ata: libahci_platform: Add of_node_put() before loop exit) Hans de Goede
  2019-08-15  8:55 ` [PATCH] ata: libahci_platform: Add of_node_put() before loop exit Hans de Goede
@ 2019-09-19 18:17 ` Markus Elfring
  2019-09-22 15:07 ` Markus Elfring
  3 siblings, 0 replies; 5+ messages in thread
From: Markus Elfring @ 2019-09-19 18:17 UTC (permalink / raw)
  To: Nishka Dasgupta, Jens Axboe, Hans de Goede, linux-ide
  Cc: linux-kernel, kernel-janitors

> +++ b/drivers/ata/libahci_platform.c
> @@ -497,6 +497,7 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
>
>  			if (of_property_read_u32(child, "reg", &port)) {
>  				rc = -EINVAL;
> +				of_node_put(child);
>  				goto err_out;
>  			}

I suggest to move the added function call to another jump target.

-				goto err_out;
+				goto err_put_node;
 	…
+err_put_node:
 	of_node_put(child);
 err_out:
 	…


Regards,
Markus

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] ata: libahci_platform: Add of_node_put() before loop exit
  2019-08-15  6:00 [PATCH] ata: libahci_platform: Add of_node_put() before loop exit Nishka Dasgupta
                   ` (2 preceding siblings ...)
  2019-09-19 18:17 ` Markus Elfring
@ 2019-09-22 15:07 ` Markus Elfring
  3 siblings, 0 replies; 5+ messages in thread
From: Markus Elfring @ 2019-09-22 15:07 UTC (permalink / raw)
  To: Nishka Dasgupta, Jens Axboe, Hans de Goede, linux-ide
  Cc: linux-kernel, kernel-janitors

How do you think about to add the tag “Fixes” for this software correction?

Regards,
Markus

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-15  6:00 [PATCH] ata: libahci_platform: Add of_node_put() before loop exit Nishka Dasgupta
2019-08-15  8:53 ` for_each_child_of_node semantics are broken (was [PATCH] ata: libahci_platform: Add of_node_put() before loop exit) Hans de Goede
2019-08-15  8:55 ` [PATCH] ata: libahci_platform: Add of_node_put() before loop exit Hans de Goede
2019-09-19 18:17 ` Markus Elfring
2019-09-22 15:07 ` Markus Elfring

Linux-ide Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-ide/0 linux-ide/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-ide linux-ide/ https://lore.kernel.org/linux-ide \
		linux-ide@vger.kernel.org linux-ide@archiver.kernel.org
	public-inbox-index linux-ide


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-ide


AGPL code for this site: git clone https://public-inbox.org/ public-inbox