Commit 83ef4777 authored by Jan Kiszka's avatar Jan Kiszka Committed by Rob Herring
Browse files

of: overlay: Stop leaking resources on overlay removal 

Only the overlay notifier callbacks have a chance to potentially get
hold of references to those two resources, but they are not supposed to
store them beyond OF_OVERLAY_POST_REMOVE.

Document the overlay notifier API, its constraint regarding pointer
lifetime, and then remove intentional leaks of ovcs->overlay_tree and
ovcs->fdt from free_overlay_changeset.

See also https://lkml.org/lkml/2018/4/23/1063

 and following.

Signed-off-by: default avatarJan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: default avatarFrank Rowand <frowand.list@gmail.com>
Signed-off-by: default avatarRob Herring <robh@kernel.org>
parent 970f04c8

Documentation/devicetree/overlay-notes.txt

+8 −0
Original line number Diff line number Diff line
@@ -98,6 +98,14 @@ Finally, if you need to remove all overlays in one-go, just call 
of_overlay_remove_all() which will remove every single one in the correct

order.



In addition, there is the option to register notifiers that get called on

overlay operations. See of_overlay_notifier_register/unregister and

enum of_overlay_notify_action for details.



Note that a notifier callback is not supposed to store pointers to a device

tree node or its content beyond OF_OVERLAY_POST_REMOVE corresponding to the

respective node it received.



Overlay DTS Format

------------------

drivers/of/overlay.c

+21 −9
Original line number Diff line number Diff line
@@ -102,12 +102,28 @@ static DEFINE_IDR(ovcs_idr); 


static BLOCKING_NOTIFIER_HEAD(overlay_notify_chain);



/**

 * of_overlay_notifier_register() - Register notifier for overlay operations

 * @nb:		Notifier block to register

 *

 * Register for notification on overlay operations on device tree nodes. The

 * reported actions definied by @of_reconfig_change. The notifier callback

 * furthermore receives a pointer to the affected device tree node.

 *

 * Note that a notifier callback is not supposed to store pointers to a device

 * tree node or its content beyond @OF_OVERLAY_POST_REMOVE corresponding to the

 * respective node it received.

 */

int of_overlay_notifier_register(struct notifier_block *nb)

{

	return blocking_notifier_chain_register(&overlay_notify_chain, nb);

}

EXPORT_SYMBOL_GPL(of_overlay_notifier_register);



/**

 * of_overlay_notifier_register() - Unregister notifier for overlay operations

 * @nb:		Notifier block to unregister

 */

int of_overlay_notifier_unregister(struct notifier_block *nb)

{

	return blocking_notifier_chain_unregister(&overlay_notify_chain, nb);
@@ -671,17 +687,13 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs) 
		of_node_put(ovcs->fragments[i].overlay);

	}

	kfree(ovcs->fragments);



	/*

	 * TODO

	 *

	 * would like to: kfree(ovcs->overlay_tree);

	 * but can not since drivers may have pointers into this data

	 *

	 * would like to: kfree(ovcs->fdt);

	 * but can not since drivers may have pointers into this data

	 * There should be no live pointers into ovcs->overlay_tree and

	 * ovcs->fdt due to the policy that overlay notifiers are not allowed

	 * to retain pointers into the overlay devicetree.

	 */



	kfree(ovcs->overlay_tree);

	kfree(ovcs->fdt);

	kfree(ovcs);

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE