| Message ID | 20221121064049.1173345-1-yangyingliang@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested, archived |
| Headers | show |
| Series | device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() | expand |
On Mon, Nov 21, 2022 at 02:40:49PM +0800, Yang Yingliang wrote: > The 'parent' returned by fwnode_graph_get_port_parent() with refcount > incremented when prev is not null, it needs be put when finish using > it. ... > ep = fwnode_call_ptr_op(parent, graph_get_next_endpoint, prev); > - if (ep) > + if (ep) { > + if (prev) > + fwnode_handle_put((struct fwnode_handle *)parent); Instead of castings, drop the const qualifier in the definition block. > return ep; > + } But, the point is that this is a very tricky code and your commit message lacks of analysis. Can you extend it and show that every case is covered correctly? > - return fwnode_graph_get_next_endpoint(parent->secondary, NULL); > + ep = fwnode_graph_get_next_endpoint(parent->secondary, NULL); > + if (prev) Instead you might consider to replace parent = fwnode; by parent = fwnode_handle_get(fwnode); but please double check that each branch has proper reference counting. > + fwnode_handle_put((struct fwnode_handle *)parent); > + return ep;
diff --git a/drivers/base/property.c b/drivers/base/property.c index 2a5a37fcd998..022d4ff366be 100644 --- a/drivers/base/property.c +++ b/drivers/base/property.c @@ -1005,10 +1005,16 @@ fwnode_graph_get_next_endpoint(const struct fwnode_handle *fwnode, return NULL; ep = fwnode_call_ptr_op(parent, graph_get_next_endpoint, prev); - if (ep) + if (ep) { + if (prev) + fwnode_handle_put((struct fwnode_handle *)parent); return ep; + } - return fwnode_graph_get_next_endpoint(parent->secondary, NULL); + ep = fwnode_graph_get_next_endpoint(parent->secondary, NULL); + if (prev) + fwnode_handle_put((struct fwnode_handle *)parent); + return ep; } EXPORT_SYMBOL_GPL(fwnode_graph_get_next_endpoint);
The 'parent' returned by fwnode_graph_get_port_parent() with refcount incremented when prev is not null, it needs be put when finish using it. Fixes: b5b41ab6b0c1 ("device property: Check fwnode->secondary in fwnode_graph_get_next_endpoint()") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- drivers/base/property.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)