Re: [PATCH v3] device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()

From: Daniel Scally
Date: Fri Nov 25 2022 - 10:51:06 EST


Hi all - sorry that took so long

On 23/11/2022 02:25, Yang Yingliang wrote:
> The 'parent' returned by fwnode_graph_get_port_parent()
> with refcount incremented when 'prev' is not NULL, it
> needs be put when finish using it.
>
> Because the parent is const, introduce a new variable to
> store the returned fwnode, then put it before returning
> from fwnode_graph_get_next_endpoint().
>
> Fixes: b5b41ab6b0c1 ("device property: Check fwnode->secondary in fwnode_graph_get_next_endpoint()")
> Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
> ---


This looks fine to me (thanks for fixing it), and it works fine on my
Surface:


Reviewed-and-tested-by: Daniel Scally <djrscally@xxxxxxxxx>

> v2 -> v3:
> Add a out label.
>
> v1 -> v2:
> Introduce a new variable to store the returned fwnode.
> ---
> drivers/base/property.c | 18 ++++++++++++------
> 1 file changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/base/property.c b/drivers/base/property.c
> index 2a5a37fcd998..7f338cb4fb7b 100644
> --- a/drivers/base/property.c
> +++ b/drivers/base/property.c
> @@ -989,26 +989,32 @@ struct fwnode_handle *
> fwnode_graph_get_next_endpoint(const struct fwnode_handle *fwnode,
> struct fwnode_handle *prev)
> {
> + struct fwnode_handle *ep, *port_parent = NULL;
> const struct fwnode_handle *parent;
> - struct fwnode_handle *ep;
>
> /*
> * If this function is in a loop and the previous iteration returned
> * an endpoint from fwnode->secondary, then we need to use the secondary
> * as parent rather than @fwnode.
> */
> - if (prev)
> - parent = fwnode_graph_get_port_parent(prev);
> - else
> + if (prev) {
> + port_parent = fwnode_graph_get_port_parent(prev);
> + parent = port_parent;
> + } else {
> parent = fwnode;
> + }
> if (IS_ERR_OR_NULL(parent))
> return NULL;
>
> ep = fwnode_call_ptr_op(parent, graph_get_next_endpoint, prev);
> if (ep)
> - return ep;
> + goto out_put_port_parent;
> +
> + ep = fwnode_graph_get_next_endpoint(parent->secondary, NULL);
>
> - return fwnode_graph_get_next_endpoint(parent->secondary, NULL);
> +out_put_port_parent:
> + fwnode_handle_put(port_parent);
> + return ep;
> }
> EXPORT_SYMBOL_GPL(fwnode_graph_get_next_endpoint);
>