tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

of: overlay: do not free changeset when of_overlay_apply returns error

New unittests for overlay notifiers reveal a memory leak in
of_overlay_apply() when a notifier returns an error for action
OF_OVERLAY_POST_APPLY. The pr_err() message is:

OF: ERROR: memory leak, expected refcount 1 instead of 3,
of_node_get()/of_node_put() unbalanced - destroy cset entry: attach
overlay node /testcase-data/overlay-node/test-bus/test-unittest17

Change the error path to no longer call free_overlay_changeset(),
and document that the caller of of_overlay_fdt_apply() may choose
to remove the overlay.

Update the unittest that triggered the error to expect the changed
return values and to call of_overlay_remove().

Signed-off-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20220502181742.1402826-4-frowand.list@gmail.com

authored by

Frank Rowand and committed by
Rob Herring 421f4d14 992b0dc5

+34 -5
+26 -3
drivers/of/overlay.c
··· 952 952 return ret; 953 953 } 954 954 955 + /* 956 + * of_overlay_fdt_apply() - Create and apply an overlay changeset 957 + * @overlay_fdt: pointer to overlay FDT 958 + * @overlay_fdt_size: number of bytes in @overlay_fdt 959 + * @ret_ovcs_id: pointer for returning created changeset id 960 + * 961 + * Creates and applies an overlay changeset. 962 + * 963 + * See of_overlay_apply() for important behavior information. 964 + * 965 + * Return: 0 on success, or a negative error number. *@ret_ovcs_id is set to 966 + * the value of overlay changeset id, which can be passed to of_overlay_remove() 967 + * to remove the overlay. 968 + * 969 + * On error return, the changeset may be partially applied. This is especially 970 + * likely if an OF_OVERLAY_POST_APPLY notifier returns an error. In this case 971 + * the caller should call of_overlay_remove() with the value in *@ret_ovcs_id. 972 + */ 973 + 955 974 int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size, 956 975 int *ret_ovcs_id) 957 976 { ··· 1038 1019 ovcs->overlay_mem = overlay_mem; 1039 1020 1040 1021 ret = of_overlay_apply(ovcs); 1041 - if (ret < 0) 1042 - goto err_free_ovcs; 1022 + /* 1023 + * If of_overlay_apply() error, calling free_overlay_changeset() may 1024 + * result in a memory leak if the apply partly succeeded, so do NOT 1025 + * goto err_free_ovcs. Instead, the caller of of_overlay_fdt_apply() 1026 + * can call of_overlay_remove(); 1027 + */ 1043 1028 1044 1029 mutex_unlock(&of_mutex); 1045 1030 of_overlay_mutex_unlock(); 1046 1031 1047 1032 *ret_ovcs_id = ovcs->id; 1048 1033 1049 - return 0; 1034 + return ret; 1050 1035 1051 1036 err_free_ovcs: 1052 1037 free_overlay_changeset(ovcs);
+8 -2
drivers/of/unittest.c
··· 2845 2845 2846 2846 EXPECT_END(KERN_INFO, "OF: overlay: overlay changeset pre-apply notifier error -16, target: /testcase-data/overlay-node/test-bus"); 2847 2847 2848 - unittest(!ovcs_id, "ovcs_id created for overlay_16\n"); 2848 + unittest(ovcs_id, "ovcs_id not created for overlay_16\n"); 2849 2849 2850 2850 /* --- overlay 17 --- */ 2851 2851 ··· 2856 2856 2857 2857 EXPECT_END(KERN_INFO, "OF: overlay: overlay changeset post-apply notifier error -17, target: /testcase-data/overlay-node/test-bus"); 2858 2858 2859 - unittest(!ovcs_id, "ovcs_id created for overlay_17\n"); 2859 + unittest(ovcs_id, "ovcs_id not created for overlay_17\n"); 2860 + 2861 + if (ovcs_id) { 2862 + ret = of_overlay_remove(&ovcs_id); 2863 + unittest(!ret, 2864 + "overlay_17 of_overlay_remove(), ret = %d\n", ret); 2865 + } 2860 2866 2861 2867 /* --- overlay 18 --- */ 2862 2868