1. Patchew
  2. linux
  3. View series

[PATCH] usb: typec: qcom-pmic-typec: fix missing fwnode removal in error path

Javier Carrasco posted 1 patch 1 month, 1 week ago
There is a newer version of this series
drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
[PATCH] usb: typec: qcom-pmic-typec: fix missing fwnode removal in error path
Posted by Javier Carrasco 1 month, 1 week ago 
If drm_dp_hpd_bridge_register() fails, the probe function returns
without removing the fwnode via fwnode_remove_software_node(), leaking
the resource.

Jump to fwnode_remove if drm_dp_hpd_bridge_register() fails to remove
the software node acquired with device_get_named_child_node().

Cc: stable@vger.kernel.org
Fixes: 7d9f1b72b296 ("usb: typec: qcom-pmic-typec: switch to DRM_AUX_HPD_BRIDGE")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
---
 drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
index 2201eeae5a99..776fc7f93f37 100644
--- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
+++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
@@ -93,8 +93,10 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev)
 		return -EINVAL;
 
 	bridge_dev = devm_drm_dp_hpd_bridge_alloc(tcpm->dev, to_of_node(tcpm->tcpc.fwnode));
-	if (IS_ERR(bridge_dev))
-		return PTR_ERR(bridge_dev);
+	if (IS_ERR(bridge_dev)) {
+		ret = PTR_ERR(bridge_dev);
+		goto fwnode_remove;
+	}
 
 	tcpm->tcpm_port = tcpm_register_port(tcpm->dev, &tcpm->tcpc);
 	if (IS_ERR(tcpm->tcpm_port)) {

---
base-commit: f2493655d2d3d5c6958ed996b043c821c23ae8d3
change-id: 20241019-qcom_pmic_typec-fwnode_remove-00dc49054cf7

Best regards,
-- 
Javier Carrasco <javier.carrasco.cruz@gmail.com>
Re: [PATCH] usb: typec: qcom-pmic-typec: fix missing fwnode removal in error path
Posted by Dmitry Baryshkov 1 month ago 
On Sat, Oct 19, 2024 at 11:10:51PM +0200, Javier Carrasco wrote:
> If drm_dp_hpd_bridge_register() fails, the probe function returns
> without removing the fwnode via fwnode_remove_software_node(), leaking
> the resource.
> 
> Jump to fwnode_remove if drm_dp_hpd_bridge_register() fails to remove
> the software node acquired with device_get_named_child_node().

I think the fwnode_remove_software_node() is not a proper cleanup
function here (and was most likely c&p from some other driver). See the
comment in front of device_get_named_child_node().

Please add another patch before this one, replacing
fwnode_remove_software_node() with fwnode_handle_put().

> 
> Cc: stable@vger.kernel.org
> Fixes: 7d9f1b72b296 ("usb: typec: qcom-pmic-typec: switch to DRM_AUX_HPD_BRIDGE")
> Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
> ---
>  drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
> index 2201eeae5a99..776fc7f93f37 100644
> --- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
> +++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
> @@ -93,8 +93,10 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev)
>  		return -EINVAL;
>  
>  	bridge_dev = devm_drm_dp_hpd_bridge_alloc(tcpm->dev, to_of_node(tcpm->tcpc.fwnode));
> -	if (IS_ERR(bridge_dev))
> -		return PTR_ERR(bridge_dev);
> +	if (IS_ERR(bridge_dev)) {
> +		ret = PTR_ERR(bridge_dev);
> +		goto fwnode_remove;
> +	}
>  
>  	tcpm->tcpm_port = tcpm_register_port(tcpm->dev, &tcpm->tcpc);
>  	if (IS_ERR(tcpm->tcpm_port)) {
> 
> ---
> base-commit: f2493655d2d3d5c6958ed996b043c821c23ae8d3
> change-id: 20241019-qcom_pmic_typec-fwnode_remove-00dc49054cf7
> 
> Best regards,
> -- 
> Javier Carrasco <javier.carrasco.cruz@gmail.com>
> 

-- 
With best wishes
Dmitry
Re: [PATCH] usb: typec: qcom-pmic-typec: fix missing fwnode removal in error path
Posted by Javier Carrasco 1 month ago 
On 20/10/2024 12:40, Dmitry Baryshkov wrote:
> On Sat, Oct 19, 2024 at 11:10:51PM +0200, Javier Carrasco wrote:
>> If drm_dp_hpd_bridge_register() fails, the probe function returns
>> without removing the fwnode via fwnode_remove_software_node(), leaking
>> the resource.
>>
>> Jump to fwnode_remove if drm_dp_hpd_bridge_register() fails to remove
>> the software node acquired with device_get_named_child_node().
> 
> I think the fwnode_remove_software_node() is not a proper cleanup
> function here (and was most likely c&p from some other driver). See the
> comment in front of device_get_named_child_node().
> 
> Please add another patch before this one, replacing
> fwnode_remove_software_node() with fwnode_handle_put().
> 

That is right, it was probably copied from a driver that called
fwnode_create_software_node() to initialize the fwnode. I will replace
it in the probe function as well as in qcom_pmic_typec_remove(), where
the fwnode is again released via fwnode_remove_software_node().

Thanks and best regards,
Javier Carrasco

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.