From: "Clément Léger" <clement.leger@bootlin.com>
To: Tyrel Datwyler <tyreld@linux.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Rob Herring <robh+dt@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Nathan Lynch <nathanl@linux.ibm.com>,
Laurent Dufour <ldufour@linux.ibm.com>,
Daniel Henrique Barboza <danielhb413@gmail.com>,
David Gibson <david@gibson.dropbear.id.au>,
Andrew Morton <akpm@linux-foundation.org>,
David Hildenbrand <david@redhat.com>,
Ohhoon Kwon <ohoono.kwon@samsung.com>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
YueHaibing <yuehaibing@huawei.com>,
devicetree@vger.kernel.org,
Steen Hegelund <steen.hegelund@microchip.com>,
linux-kernel@vger.kernel.org, Lizhi Hou <lizhi.hou@xilinx.com>,
Allan Nielsen <allan.nielsen@microchip.com>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Bjorn Helgaas <helgaas@kernel.org>,
linuxppc-dev@lists.ozlabs.org,
Horatiu Vultur <horatiu.vultur@microchip.com>
Subject: Re: [PATCH v2 2/4] of: dynamic: add of_property_alloc() and of_property_free()
Date: Thu, 2 Jun 2022 08:58:28 +0200 [thread overview]
Message-ID: <20220602085828.2138554a@fixe.home> (raw)
In-Reply-To: <4b92277e-5133-2362-8d3a-fa82b0c7a045@linux.ibm.com>
Le Wed, 1 Jun 2022 15:32:29 -0700,
Tyrel Datwyler <tyreld@linux.ibm.com> a écrit :
> > /**
> > - * __of_prop_dup - Copy a property dynamically.
> > - * @prop: Property to copy
> > + * of_property_free - Free a property allocated dynamically.
> > + * @prop: Property to be freed
> > + */
> > +void of_property_free(const struct property *prop)
> > +{
> > + if (!of_property_check_flag(prop, OF_DYNAMIC))
> > + return;
> > +
>
> This looks wrong to me. From what I understand the value data is allocated as
> trailing memory that is part of the property allocation itself. (ie. prop =
> kzalloc(sizeof(*prop) + len, allocflags)). So, kfree(prop) should also take care
> of the trailing value data. Calling kfree(prop->value) is bogus since
> prop->value wasn't dynamically allocated on its own.
kfree(prop->value) is only called if the value is not the trailing data
of the property so I don't see what is wrong there. In that case, only
kfree(prop) is called.
>
> Also, this condition will always fail. You explicitly set prop->value = prop + 1
> in alloc.
The user that did allocated the property might want to provide its own
"value". In that case, prop->value would be overwritten by the user
allocated value and thus the check would be true, hence calling
kfree(prop->value).
>
> Maybe I need to go back and look at v1 again.
>
> -Tyrel
>
> > + if (prop->value != prop + 1)
> > + kfree(prop->value);
> > +
> > + kfree(prop->name);
> > + kfree(prop);
> > +}
> > +EXPORT_SYMBOL(of_property_free);
> > +
--
Clément Léger,
Embedded Linux and Kernel engineer at Bootlin
https://bootlin.com
next prev parent reply other threads:[~2022-06-02 6:59 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-01 8:17 [PATCH v2 0/4] of: add of_property_alloc/free() and of_node_alloc() Clément Léger
2022-06-01 8:17 ` [PATCH v2 1/4] of: constify of_property_check_flags() prop argument Clément Léger
2022-06-03 20:24 ` Rob Herring
2022-06-01 8:17 ` [PATCH v2 2/4] of: dynamic: add of_property_alloc() and of_property_free() Clément Léger
2022-06-01 22:32 ` Tyrel Datwyler
2022-06-02 6:58 ` Clément Léger [this message]
2022-06-02 18:10 ` Tyrel Datwyler
2022-06-01 8:18 ` [PATCH v2 3/4] of: dynamic: add of_node_alloc() Clément Léger
2022-06-01 8:18 ` [PATCH v2 4/4] powerpc/pseries: use of_property_alloc/free() and of_node_alloc() Clément Léger
2022-06-03 20:14 ` Rob Herring
2022-06-06 8:45 ` Clément Léger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220602085828.2138554a@fixe.home \
--to=clement.leger@bootlin.com \
--cc=akpm@linux-foundation.org \
--cc=allan.nielsen@microchip.com \
--cc=aneesh.kumar@linux.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=danielhb413@gmail.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=devicetree@vger.kernel.org \
--cc=frowand.list@gmail.com \
--cc=helgaas@kernel.org \
--cc=horatiu.vultur@microchip.com \
--cc=ldufour@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lizhi.hou@xilinx.com \
--cc=mpe@ellerman.id.au \
--cc=nathanl@linux.ibm.com \
--cc=ohoono.kwon@samsung.com \
--cc=paulus@samba.org \
--cc=robh+dt@kernel.org \
--cc=steen.hegelund@microchip.com \
--cc=thomas.petazzoni@bootlin.com \
--cc=tyreld@linux.ibm.com \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).