| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jan 2016 20:02:45 +0200
From: Pantelis Antoniou <pantelis.antoniou@...sulko.com>
To: Mark Rutland <mark.rutland@....com>
Cc: Amitoj Kaur Chawla <amitoj1606@...il.com>,
Rob Herring <robh+dt@...nel.org>,
Frank Rowand <frowand.list@...il.com>,
Grant Likely <grant.likely@...aro.org>,
Devicetree List <devicetree@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
julia.lawall@...6.fr
Subject: Re: [PATCH] of: resolver: Add missing of_node_put
Hi Mark,
> On Jan 27, 2016, at 18:21 , Mark Rutland <mark.rutland@....com> wrote:
>
> On Wed, Jan 27, 2016 at 06:14:00PM +0200, Pantelis Antoniou wrote:
>> Hi Mark,
>>
>>> On Jan 27, 2016, at 18:05 , Mark Rutland <mark.rutland@....com> wrote:
>>>
>>> On Wed, Jan 27, 2016 at 08:50:17PM +0530, Amitoj Kaur Chawla wrote:
>>>> for_each_child_of_node performs an of_node_get on each iteration, so
>>>> to break out of the loop an of_node_put is required.
>>>>
>>>> Found using Coccinelle. The semantic patch used for this is as follows:
>>>>
>>>> // <smpl>
>>>> @@
>>>> expression e;
>>>> local idexpression n;
>>>> @@
>>>>
>>>> for_each_child_of_node(..., n) {
>>>> ... when != of_node_put(n)
>>>> when != e = n
>>>> (
>>>> return n;
>>>> |
>>>> + of_node_put(n);
>>>> ? return ...;
>>>> )
>>>> ...
>>>> }
>>>> // </smpl
>>>>
>>>> Signed-off-by: Amitoj Kaur Chawla <amitoj1606@...il.com>
>>>> ---
>>>> drivers/of/resolver.c | 4 +++-
>>>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/of/resolver.c b/drivers/of/resolver.c
>>>> index 640eb4c..e2a0143 100644
>>>> --- a/drivers/of/resolver.c
>>>> +++ b/drivers/of/resolver.c
>>>> @@ -40,8 +40,10 @@ static struct device_node *__of_find_node_by_full_name(struct device_node *node,
>>>>
>>>> for_each_child_of_node(node, child) {
>>>> found = __of_find_node_by_full_name(child, full_name);
>>>> - if (found != NULL)
>>>> + if (found != NULL) {
>>>> + of_node_put(child);
>>>> return found;
>>>> + }
>>>> }
>>>>
>>>> return NULL;
>>>
>>> I don't think this is quite right. When child == found, this change will
>>> leave it decremented.
>>>
>>
>>
>> This patch is bogus.
>>
>> __of_find_node_by_full_name() is not taking a reference on the node if found.
>> This method relies on keeping the reference taken by the loop.
>
> Sure. For the found node, that makes sense.
>
> However, it also increments the refcount of all the parents, which does
> not seem correct to me, given they're not put on the return path, and a
> put of the found node won't decrement its parents refcounts, unless I
> have missed something.
>
Hmm, yes. The parent refcounts must be decremented.
> So I believe we are missing some of_node_put logic here.
>
>> Taking this into account all of these conccinelle tests are bogus.
>>
>> The DT internal method are not using the object model in an obvious manner
>> and applying these patches without vetting each and everyone is bound to
>> break things.
>
> Agreed.
>
> Thanks,
> Mark.
> --
> To unsubscribe from this list: send the line "unsubscribe devicetree" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists