Re: [PATCH 3/7] drm/msm: a5xx: fix possible object reference leak
From: Jordan Crouse
Date: Wed Apr 10 2019 - 12:21:48 EST
On Thu, Apr 04, 2019 at 12:04:11AM +0800, Wen Yang wrote:
> The call to of_get_child_by_name returns a node pointer with refcount
> incremented thus it must be explicitly decremented after the last
> usage.
>
> Detected by coccinelle with the following warnings:
> drivers/gpu/drm/msm/adreno/a5xx_gpu.c:57:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
> drivers/gpu/drm/msm/adreno/a5xx_gpu.c:66:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
> drivers/gpu/drm/msm/adreno/a5xx_gpu.c:118:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 47, but without a corresponding object release within this function.
> drivers/gpu/drm/msm/adreno/a5xx_gpu.c:57:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
> drivers/gpu/drm/msm/adreno/a5xx_gpu.c:66:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
> drivers/gpu/drm/msm/adreno/a5xx_gpu.c:118:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 51, but without a corresponding object release within this function.
>
> Signed-off-by: Wen Yang <wen.yang99@xxxxxxxxxx>
> Cc: Rob Clark <robdclark@xxxxxxxxx>
> Cc: Sean Paul <sean@xxxxxxxxxx>
> Cc: David Airlie <airlied@xxxxxxxx>
> Cc: Daniel Vetter <daniel@xxxxxxxx>
> Cc: Jordan Crouse <jcrouse@xxxxxxxxxxxxxx>
> Cc: Mamta Shukla <mamtashukla555@xxxxxxxxx>
> Cc: Thomas Zimmermann <tzimmermann@xxxxxxx>
> Cc: Sharat Masetty <smasetty@xxxxxxxxxxxxxx>
> Cc: linux-arm-msm@xxxxxxxxxxxxxxx
> Cc: dri-devel@xxxxxxxxxxxxxxxxxxxxx
> Cc: freedreno@xxxxxxxxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx (open list)
Sorry for the delay. This looks right to me and possibly appropriate for stable
as well.
Reviewed-by: Jordan Crouse <jcrouse@xxxxxxxxxxxxxx>
> ---
> drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
> index d5f5e56..270da14 100644
> --- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
> +++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
> @@ -34,7 +34,7 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname)
> {
> struct device *dev = &gpu->pdev->dev;
> const struct firmware *fw;
> - struct device_node *np;
> + struct device_node *np, *mem_np;
> struct resource r;
> phys_addr_t mem_phys;
> ssize_t mem_size;
> @@ -48,11 +48,13 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname)
> if (!np)
> return -ENODEV;
>
> - np = of_parse_phandle(np, "memory-region", 0);
> - if (!np)
> + mem_np = of_parse_phandle(np, "memory-region", 0);
> + of_node_put(np);
> + if (!mem_np)
> return -EINVAL;
>
> - ret = of_address_to_resource(np, 0, &r);
> + ret = of_address_to_resource(mem_np, 0, &r);
> + of_node_put(mem_np);
> if (ret)
> return ret;
>
> --
> 2.9.5
>
--
The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project