From: "Clément Léger" <clement.leger@bootlin.com>
To: Tyrel Datwyler <tyreld@linux.ibm.com>
Cc: David Hildenbrand <david@redhat.com>,
Paul Mackerras <paulus@samba.org>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Ohhoon Kwon <ohoono.kwon@samsung.com>,
Frank Rowand <frowand.list@gmail.com>,
Horatiu Vultur <horatiu.vultur@microchip.com>,
Steen Hegelund <steen.hegelund@microchip.com>,
Daniel Henrique Barboza <danielhb413@gmail.com>,
YueHaibing <yuehaibing@huawei.com>,
Bjorn Helgaas <helgaas@kernel.org>,
Nathan Lynch <nathanl@linux.ibm.com>,
devicetree@vger.kernel.org, Rob Herring <robh+dt@kernel.org>,
Allan Nielsen <allan.nielsen@microchip.com>,
Laurent Dufour <ldufour@linux.ibm.com>,
David Gibson <david@gibson.dropbear.id.au>,
linux-kernel@vger.kernel.org,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org, Lizhi Hou <lizhi.hou@xilinx.com>
Subject: Re: [PATCH v2 2/4] of: dynamic: add of_property_alloc() and of_property_free()
Date: Thu, 2 Jun 2022 08:58:28 +0200 [thread overview]
Message-ID: <20220602085828.2138554a@fixe.home> (raw)
In-Reply-To: <4b92277e-5133-2362-8d3a-fa82b0c7a045@linux.ibm.com>
Le Wed, 1 Jun 2022 15:32:29 -0700,
Tyrel Datwyler <tyreld@linux.ibm.com> a écrit :
> > /**
> > - * __of_prop_dup - Copy a property dynamically.
> > - * @prop: Property to copy
> > + * of_property_free - Free a property allocated dynamically.
> > + * @prop: Property to be freed
> > + */
> > +void of_property_free(const struct property *prop)
> > +{
> > + if (!of_property_check_flag(prop, OF_DYNAMIC))
> > + return;
> > +
>
> This looks wrong to me. From what I understand the value data is allocated as
> trailing memory that is part of the property allocation itself. (ie. prop =
> kzalloc(sizeof(*prop) + len, allocflags)). So, kfree(prop) should also take care
> of the trailing value data. Calling kfree(prop->value) is bogus since
> prop->value wasn't dynamically allocated on its own.
kfree(prop->value) is only called if the value is not the trailing data
of the property so I don't see what is wrong there. In that case, only
kfree(prop) is called.
>
> Also, this condition will always fail. You explicitly set prop->value = prop + 1
> in alloc.
The user that did allocated the property might want to provide its own
"value". In that case, prop->value would be overwritten by the user
allocated value and thus the check would be true, hence calling
kfree(prop->value).
>
> Maybe I need to go back and look at v1 again.
>
> -Tyrel
>
> > + if (prop->value != prop + 1)
> > + kfree(prop->value);
> > +
> > + kfree(prop->name);
> > + kfree(prop);
> > +}
> > +EXPORT_SYMBOL(of_property_free);
> > +
--
Clément Léger,
Embedded Linux and Kernel engineer at Bootlin
https://bootlin.com
WARNING: multiple messages have this Message-ID (diff)
From: "Clément Léger" <clement.leger@bootlin.com>
To: Tyrel Datwyler <tyreld@linux.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Rob Herring <robh+dt@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Nathan Lynch <nathanl@linux.ibm.com>,
Laurent Dufour <ldufour@linux.ibm.com>,
Daniel Henrique Barboza <danielhb413@gmail.com>,
David Gibson <david@gibson.dropbear.id.au>,
Andrew Morton <akpm@linux-foundation.org>,
David Hildenbrand <david@redhat.com>,
Ohhoon Kwon <ohoono.kwon@samsung.com>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
YueHaibing <yuehaibing@huawei.com>,
devicetree@vger.kernel.org,
Steen Hegelund <steen.hegelund@microchip.com>,
linux-kernel@vger.kernel.org, Lizhi Hou <lizhi.hou@xilinx.com>,
Allan Nielsen <allan.nielsen@microchip.com>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Bjorn Helgaas <helgaas@kernel.org>,
linuxppc-dev@lists.ozlabs.org,
Horatiu Vultur <horatiu.vultur@microchip.com>
Subject: Re: [PATCH v2 2/4] of: dynamic: add of_property_alloc() and of_property_free()
Date: Thu, 2 Jun 2022 08:58:28 +0200 [thread overview]
Message-ID: <20220602085828.2138554a@fixe.home> (raw)
In-Reply-To: <4b92277e-5133-2362-8d3a-fa82b0c7a045@linux.ibm.com>
Le Wed, 1 Jun 2022 15:32:29 -0700,
Tyrel Datwyler <tyreld@linux.ibm.com> a écrit :
> > /**
> > - * __of_prop_dup - Copy a property dynamically.
> > - * @prop: Property to copy
> > + * of_property_free - Free a property allocated dynamically.
> > + * @prop: Property to be freed
> > + */
> > +void of_property_free(const struct property *prop)
> > +{
> > + if (!of_property_check_flag(prop, OF_DYNAMIC))
> > + return;
> > +
>
> This looks wrong to me. From what I understand the value data is allocated as
> trailing memory that is part of the property allocation itself. (ie. prop =
> kzalloc(sizeof(*prop) + len, allocflags)). So, kfree(prop) should also take care
> of the trailing value data. Calling kfree(prop->value) is bogus since
> prop->value wasn't dynamically allocated on its own.
kfree(prop->value) is only called if the value is not the trailing data
of the property so I don't see what is wrong there. In that case, only
kfree(prop) is called.
>
> Also, this condition will always fail. You explicitly set prop->value = prop + 1
> in alloc.
The user that did allocated the property might want to provide its own
"value". In that case, prop->value would be overwritten by the user
allocated value and thus the check would be true, hence calling
kfree(prop->value).
>
> Maybe I need to go back and look at v1 again.
>
> -Tyrel
>
> > + if (prop->value != prop + 1)
> > + kfree(prop->value);
> > +
> > + kfree(prop->name);
> > + kfree(prop);
> > +}
> > +EXPORT_SYMBOL(of_property_free);
> > +
--
Clément Léger,
Embedded Linux and Kernel engineer at Bootlin
https://bootlin.com
next prev parent reply other threads:[~2022-06-02 7:00 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-01 8:17 [PATCH v2 0/4] of: add of_property_alloc/free() and of_node_alloc() Clément Léger
2022-06-01 8:17 ` Clément Léger
2022-06-01 8:17 ` [PATCH v2 1/4] of: constify of_property_check_flags() prop argument Clément Léger
2022-06-01 8:17 ` Clément Léger
2022-06-03 20:24 ` Rob Herring
2022-06-03 20:24 ` Rob Herring
2022-06-01 8:17 ` [PATCH v2 2/4] of: dynamic: add of_property_alloc() and of_property_free() Clément Léger
2022-06-01 8:17 ` Clément Léger
2022-06-01 22:32 ` Tyrel Datwyler
2022-06-01 22:32 ` Tyrel Datwyler
2022-06-02 6:58 ` Clément Léger [this message]
2022-06-02 6:58 ` Clément Léger
2022-06-02 18:10 ` Tyrel Datwyler
2022-06-02 18:10 ` Tyrel Datwyler
2022-06-01 8:18 ` [PATCH v2 3/4] of: dynamic: add of_node_alloc() Clément Léger
2022-06-01 8:18 ` Clément Léger
2022-06-01 8:18 ` [PATCH v2 4/4] powerpc/pseries: use of_property_alloc/free() and of_node_alloc() Clément Léger
2022-06-01 8:18 ` Clément Léger
2022-06-03 20:14 ` Rob Herring
2022-06-03 20:14 ` Rob Herring
2022-06-06 8:45 ` Clément Léger
2022-06-06 8:45 ` Clément Léger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220602085828.2138554a@fixe.home \
--to=clement.leger@bootlin.com \
--cc=akpm@linux-foundation.org \
--cc=allan.nielsen@microchip.com \
--cc=aneesh.kumar@linux.ibm.com \
--cc=danielhb413@gmail.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=devicetree@vger.kernel.org \
--cc=frowand.list@gmail.com \
--cc=helgaas@kernel.org \
--cc=horatiu.vultur@microchip.com \
--cc=ldufour@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lizhi.hou@xilinx.com \
--cc=nathanl@linux.ibm.com \
--cc=ohoono.kwon@samsung.com \
--cc=paulus@samba.org \
--cc=robh+dt@kernel.org \
--cc=steen.hegelund@microchip.com \
--cc=thomas.petazzoni@bootlin.com \
--cc=tyreld@linux.ibm.com \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.