1. Patchew
  2. linux
  3. View series

[PATCH] device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()

Yang Yingliang posted 1 patch 3 years, 4 months ago
There is a newer version of this series
drivers/base/property.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
[PATCH] device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
Posted by Yang Yingliang 3 years, 4 months ago 
The 'parent' returned by fwnode_graph_get_port_parent() with refcount
incremented when prev is not null, it needs be put when finish using
it.

Fixes: b5b41ab6b0c1 ("device property: Check fwnode->secondary in fwnode_graph_get_next_endpoint()")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 drivers/base/property.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/base/property.c b/drivers/base/property.c
index 2a5a37fcd998..022d4ff366be 100644
--- a/drivers/base/property.c
+++ b/drivers/base/property.c
@@ -1005,10 +1005,16 @@ fwnode_graph_get_next_endpoint(const struct fwnode_handle *fwnode,
 		return NULL;
 
 	ep = fwnode_call_ptr_op(parent, graph_get_next_endpoint, prev);
-	if (ep)
+	if (ep) {
+		if (prev)
+			fwnode_handle_put((struct fwnode_handle *)parent);
 		return ep;
+	}
 
-	return fwnode_graph_get_next_endpoint(parent->secondary, NULL);
+	ep = fwnode_graph_get_next_endpoint(parent->secondary, NULL);
+	if (prev)
+		fwnode_handle_put((struct fwnode_handle *)parent);
+	return ep;
 }
 EXPORT_SYMBOL_GPL(fwnode_graph_get_next_endpoint);
 
-- 
2.25.1
Re: [PATCH] device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
Posted by Andy Shevchenko 3 years, 4 months ago 
On Mon, Nov 21, 2022 at 02:40:49PM +0800, Yang Yingliang wrote:
> The 'parent' returned by fwnode_graph_get_port_parent() with refcount
> incremented when prev is not null, it needs be put when finish using
> it.

...

>  	ep = fwnode_call_ptr_op(parent, graph_get_next_endpoint, prev);
> -	if (ep)
> +	if (ep) {
> +		if (prev)
> +			fwnode_handle_put((struct fwnode_handle *)parent);

Instead of castings, drop the const qualifier in the definition block.

>  		return ep;
> +	}

But, the point is that this is a very tricky code and your commit message
lacks of analysis. Can you extend it and show that every case is covered
correctly?

> -	return fwnode_graph_get_next_endpoint(parent->secondary, NULL);
> +	ep = fwnode_graph_get_next_endpoint(parent->secondary, NULL);
> +	if (prev)

Instead you might consider to replace

	parent = fwnode;

by

	parent = fwnode_handle_get(fwnode);

but please double check that each branch has proper reference counting.

> +		fwnode_handle_put((struct fwnode_handle *)parent);
> +	return ep;

-- 
With Best Regards,
Andy Shevchenko

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.