[PATCH 06/10] Input: sparcspkr - use cleanup facility for device_node

Javier Carrasco posted 10 patches 1 month, 2 weeks ago
There is a newer version of this series
[PATCH 06/10] Input: sparcspkr - use cleanup facility for device_node
Posted by Javier Carrasco 1 month, 2 weeks ago
Use the 'free(device_node)' macro to simplify the code by automatically
freeing the device node, which removes the need for explicit calls to
'of_node_put()'.

Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
---
 drivers/input/misc/sparcspkr.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c
index 20020cbc0752..bb1c732c8f95 100644
--- a/drivers/input/misc/sparcspkr.c
+++ b/drivers/input/misc/sparcspkr.c
@@ -188,7 +188,6 @@ static int bbc_beep_probe(struct platform_device *op)
 {
 	struct sparcspkr_state *state;
 	struct bbc_beep_info *info;
-	struct device_node *dp;
 	int err = -ENOMEM;
 
 	state = kzalloc(sizeof(*state), GFP_KERNEL);
@@ -199,14 +198,13 @@ static int bbc_beep_probe(struct platform_device *op)
 	state->event = bbc_spkr_event;
 	spin_lock_init(&state->lock);
 
-	dp = of_find_node_by_path("/");
 	err = -ENODEV;
+	struct device_node *dp __free(device_node) = of_find_node_by_path("/");
 	if (!dp)
 		goto out_free;
 
 	info = &state->u.bbc;
 	info->clock_freq = of_getintprop_default(dp, "clock-frequency", 0);
-	of_node_put(dp);
 	if (!info->clock_freq)
 		goto out_free;
 

-- 
2.43.0
Re: [PATCH 06/10] Input: sparcspkr - use cleanup facility for device_node
Posted by Al Viro 1 month, 2 weeks ago
On Thu, Oct 10, 2024 at 11:25:56PM +0200, Javier Carrasco wrote:
> 
> diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c
> index 20020cbc0752..bb1c732c8f95 100644
> --- a/drivers/input/misc/sparcspkr.c
> +++ b/drivers/input/misc/sparcspkr.c
> @@ -188,7 +188,6 @@ static int bbc_beep_probe(struct platform_device *op)
>  {
>  	struct sparcspkr_state *state;
>  	struct bbc_beep_info *info;
> -	struct device_node *dp;
>  	int err = -ENOMEM;
>  
>  	state = kzalloc(sizeof(*state), GFP_KERNEL);
> @@ -199,14 +198,13 @@ static int bbc_beep_probe(struct platform_device *op)
>  	state->event = bbc_spkr_event;
>  	spin_lock_init(&state->lock);
>  
> -	dp = of_find_node_by_path("/");
>  	err = -ENODEV;
> +	struct device_node *dp __free(device_node) = of_find_node_by_path("/");
>  	if (!dp)
>  		goto out_free;

Sigh...  See that
        state = kzalloc(sizeof(*state), GFP_KERNEL);
	if (!state)
		goto out_err;
above?

IOW, this will quietly generate broken code if built with gcc (and refuse to
compile with clang).  Yeah, this one is trivially fixed (return -ENOMEM instead
of a goto), but...

__cleanup() can be useful, but it's really *not* safe for blind use; you
need to watch out for changed scopes (harmless in case of device_node)
and for gotos (broken here).
Re: [PATCH 06/10] Input: sparcspkr - use cleanup facility for device_node
Posted by Javier Carrasco 1 month, 2 weeks ago
On 10/10/2024 23:43, Al Viro wrote:
> On Thu, Oct 10, 2024 at 11:25:56PM +0200, Javier Carrasco wrote:
>>
>> diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c
>> index 20020cbc0752..bb1c732c8f95 100644
>> --- a/drivers/input/misc/sparcspkr.c
>> +++ b/drivers/input/misc/sparcspkr.c
>> @@ -188,7 +188,6 @@ static int bbc_beep_probe(struct platform_device *op)
>>  {
>>  	struct sparcspkr_state *state;
>>  	struct bbc_beep_info *info;
>> -	struct device_node *dp;
>>  	int err = -ENOMEM;
>>  
>>  	state = kzalloc(sizeof(*state), GFP_KERNEL);
>> @@ -199,14 +198,13 @@ static int bbc_beep_probe(struct platform_device *op)
>>  	state->event = bbc_spkr_event;
>>  	spin_lock_init(&state->lock);
>>  
>> -	dp = of_find_node_by_path("/");
>>  	err = -ENODEV;
>> +	struct device_node *dp __free(device_node) = of_find_node_by_path("/");
>>  	if (!dp)
>>  		goto out_free;
> 
> Sigh...  See that
>         state = kzalloc(sizeof(*state), GFP_KERNEL);
> 	if (!state)
> 		goto out_err;
> above?
> 
> IOW, this will quietly generate broken code if built with gcc (and refuse to
> compile with clang).  Yeah, this one is trivially fixed (return -ENOMEM instead
> of a goto), but...
> 
> __cleanup() can be useful, but it's really *not* safe for blind use; you
> need to watch out for changed scopes (harmless in case of device_node)
> and for gotos (broken here).

Hi Al Viro,

sorry, but I think I don't get you. First, I don't see sparc64 as a
supported architecture for clang in the Linux documentation. Maybe the
documentation is not up-to-date, but I tried to compile with clang and
it seems to be true that it is not supported. Anyway, that is not the
issue here.

Second, I might be missing something about the scopes you are
mentioning. 'state' gets allocated before the device_node is declared,
and when the device_node is declared and its initialization fails, it
should jump to 'out_free' to free 'state', shouldn't it? Sorry if I have
overlooked something here.

Thank your for your feedback and best regards,
Javier Carrasco
Re: [PATCH 06/10] Input: sparcspkr - use cleanup facility for device_node
Posted by Javier Carrasco 1 month, 2 weeks ago
On 11/10/2024 00:01, Javier Carrasco wrote:
> On 10/10/2024 23:43, Al Viro wrote:
>> On Thu, Oct 10, 2024 at 11:25:56PM +0200, Javier Carrasco wrote:
>>>
>>> diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c
>>> index 20020cbc0752..bb1c732c8f95 100644
>>> --- a/drivers/input/misc/sparcspkr.c
>>> +++ b/drivers/input/misc/sparcspkr.c
>>> @@ -188,7 +188,6 @@ static int bbc_beep_probe(struct platform_device *op)
>>>  {
>>>  	struct sparcspkr_state *state;
>>>  	struct bbc_beep_info *info;
>>> -	struct device_node *dp;
>>>  	int err = -ENOMEM;
>>>  
>>>  	state = kzalloc(sizeof(*state), GFP_KERNEL);
>>> @@ -199,14 +198,13 @@ static int bbc_beep_probe(struct platform_device *op)
>>>  	state->event = bbc_spkr_event;
>>>  	spin_lock_init(&state->lock);
>>>  
>>> -	dp = of_find_node_by_path("/");
>>>  	err = -ENODEV;
>>> +	struct device_node *dp __free(device_node) = of_find_node_by_path("/");
>>>  	if (!dp)
>>>  		goto out_free;
>>
>> Sigh...  See that
>>         state = kzalloc(sizeof(*state), GFP_KERNEL);
>> 	if (!state)
>> 		goto out_err;
>> above?
>>
>> IOW, this will quietly generate broken code if built with gcc (and refuse to
>> compile with clang).  Yeah, this one is trivially fixed (return -ENOMEM instead
>> of a goto), but...
>>
>> __cleanup() can be useful, but it's really *not* safe for blind use; you
>> need to watch out for changed scopes (harmless in case of device_node)
>> and for gotos (broken here).
> 
> Hi Al Viro,
> 
> sorry, but I think I don't get you. First, I don't see sparc64 as a
> supported architecture for clang in the Linux documentation. Maybe the
> documentation is not up-to-date, but I tried to compile with clang and
> it seems to be true that it is not supported. Anyway, that is not the
> issue here.
> 
> Second, I might be missing something about the scopes you are
> mentioning. 'state' gets allocated before the device_node is declared,
> and when the device_node is declared and its initialization fails, it
> should jump to 'out_free' to free 'state', shouldn't it? Sorry if I have
> overlooked something here.
> 
> Thank your for your feedback and best regards,
> Javier Carrasco
> 


I think that the issue you are talking about is that the goto will
trigger the cleanup function of the device_node, which will not be
initialized at that point.

Yes, the goto before the device_node declaration hurts, and a return as
you said would be better.

Thanks and best regards,
Javier Carrasco
Re: [PATCH 06/10] Input: sparcspkr - use cleanup facility for device_node
Posted by Al Viro 1 month, 2 weeks ago
On Fri, Oct 11, 2024 at 12:09:01AM +0200, Javier Carrasco wrote:

> I think that the issue you are talking about is that the goto will
> trigger the cleanup function of the device_node, which will not be
> initialized at that point.

... and gcc will compile that without an error.  Clang will not, but
you need to watch out for build coverage in arch-specific code -
clang doesn't cover every architecture (and won't cover some of them,
no matter what - alpha, for example).

As for the scope changes... note that you've delayed the moment of
of_node_put() in some of those.  It's harmless for device_node, but
try something of that sort with e.g.

	mutex_lock(&lock);
	something();
	mutex_unlock(&lock);
	foo();
	return 0;

where foo() itself grabs the same lock and it's not harmless at all -

	guard(mutex)(&lock);
	something();
	foo();
	return 0;

is equivalent to moving mutex_unlock() to the end of scope, i.e. past
the call of foo(), resulting in

	mutex_lock(&lock);
	something();
	foo();			// deadlock
	mutex_unlock(&lock);
	return 0;

__cleanup *is* a useful tool, when used carefully, but you really
have to watch out for crap of that sort.
Re: [PATCH 06/10] Input: sparcspkr - use cleanup facility for device_node
Posted by Javier Carrasco 1 month, 2 weeks ago
On 11/10/2024 00:22, Al Viro wrote:
> On Fri, Oct 11, 2024 at 12:09:01AM +0200, Javier Carrasco wrote:
> 
>> I think that the issue you are talking about is that the goto will
>> trigger the cleanup function of the device_node, which will not be
>> initialized at that point.
> 
> ... and gcc will compile that without an error.  Clang will not, but
> you need to watch out for build coverage in arch-specific code -
> clang doesn't cover every architecture (and won't cover some of them,
> no matter what - alpha, for example).
> 
> As for the scope changes... note that you've delayed the moment of
> of_node_put() in some of those.  It's harmless for device_node, but
> try something of that sort with e.g.
> 
> 	mutex_lock(&lock);
> 	something();
> 	mutex_unlock(&lock);
> 	foo();
> 	return 0;
> 
> where foo() itself grabs the same lock and it's not harmless at all -
> 
> 	guard(mutex)(&lock);
> 	something();
> 	foo();
> 	return 0;
> 
> is equivalent to moving mutex_unlock() to the end of scope, i.e. past
> the call of foo(), resulting in
> 
> 	mutex_lock(&lock);
> 	something();
> 	foo();			// deadlock
> 	mutex_unlock(&lock);
> 	return 0;
> 
> __cleanup *is* a useful tool, when used carefully, but you really
> have to watch out for crap of that sort.

For cases like the one you are mentioning, scoped_guard() is the real
one to be used, but I get your point.

I just overlooked the goto as it just goes to a return, and I processed
in my mind as a direct return, which is not! I have even reviewed such
issues in the past... karma.

The goto in that case is meaningless anyway, and a direct return would
be more readable anyway.

Thanks again.